Sujet Précédent Sujet Suivant

Surinfection Win32:Virut,Win32:Rootkit-gen,tr

Résolu/Fermé
gorgutz - 20 avril 2008 à 11:32
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 - 20 avril 2008 à 21:41
Bonjour,
je viens de me connecter à internet pour la première fois, et je suis déjà surinfécté de virus (Win32:Virut), trojans, rootkits...Je dispose d' avast, mais les bestiaux sont durs à érradiquer et mon système est instable.j ai des difficultés à télécharger et installer des mises à jours windows (mon xp date de 2002, et je tourne encore au service pack 1...).N' y connaissant vraiment rien, je cherche de l aide...D avance merci...
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 11:40
comence par ça stp:

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.
0
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 13:23
Merci pour ton aide et ta promptitude.Voici le rapport:Malwarebytes' Anti-Malware 1.11
Version de la base de données: 660

Type de recherche: Examen complet (C:\|)
Eléments examinés: 43113
Temps écoulé: 1 hour(s), 0 minute(s), 40 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 50

Processus mémoire infecté(s):
C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> No action taken.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrijyvu (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6b81e887 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmona (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Application Layer Gateway Service (Backdoor.Bot) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\Helper (Adware.BHO) -> No action taken.

Fichier(s) infecté(s):
c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> No action taken.
c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbdfngim.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mignfdbc.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bbhwrqwh.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dedgjjlm.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dedgjjlm.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pxdagjqv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vqjgadxp.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Downloaded Program Files\webinst.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\ddos1[1].htm (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\sdferw[1].htm (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I49VGGX3\ddos1[1].htm (Trojan.Vundo) -> No action taken.
C:\Program Files\MalwareAlarm\MalwareAlarm3.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\Systerac XP Tools 3\iea.exe (Rogue.PornCleanser) -> No action taken.
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001162.dll (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\ljJCtqQJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnOEWPJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rmyvdgca.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> No action taken.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\pv.exe (Rogue.Malware.Alarm) -> No action taken.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> No action taken.
C:\WINDOWS\System32\xxywwwxw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oqqqiekb.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\xpupdate.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ctfmona.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
0
Réponse 2 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 13:25
rassure moi t as supprimé les infections ??

car sur ce rapport elles ne sont pas supprimé

regarde dans rapport/log

si t as supprime tu devrais avoir un autre rapport
0
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 14:09
Oui, désolé...je me suis trompé de rapport...Voici l autre...Malwarebytes' Anti-Malware 1.11
Version de la base de données: 660

Type de recherche: Examen complet (C:\|)
Eléments examinés: 43113
Temps écoulé: 1 hour(s), 0 minute(s), 40 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 50

Processus mémoire infecté(s):
C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> Unloaded module successfully.
c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrijyvu (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a1d3ce66-721f-4a88-b58e-c532286c347b} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7543fbd5-2279-4d03-8f29-eb21531fa2fe} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM6b81e887 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmona (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Application Layer Gateway Service (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljjgded -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\system32\rqRiJyvu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\qoMffCvS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbdfngim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mignfdbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hwqrwhbb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bbhwrqwh.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mljjgded.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dedgjjlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dedgjjlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxdagjqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqjgadxp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\webinst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\ddos1[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\sdferw[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I49VGGX3\ddos1[1].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm3.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Systerac XP Tools 3\iea.exe (Rogue.PornCleanser) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001162.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCtqQJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnOEWPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmyvdgca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\7CF28762C38CA0D4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\pv.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\xxywwwxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqqqiekb.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\xpupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmona.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\algs.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winIogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Réponse 3 / 22
As
20 avril 2008 à 14:11
Bonjour,
je viens d'acheter un ordinateur sous système freedos , je n'arrive pas à installer mon xp (ori) , pour cause mon portable ne retrouve pas de lecteur disque dur ou du moins il demande de vérifier les connections ou configurations liées au lecteur du disque dur.
merci de bien vouloir m'aider
As
0
Réponse 4 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 14:13
réouvre maleware byte
va dans l onglet quarantaine
supprime tout

puis fais ça :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914
0
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 14:28
Voilà, voilà! 20/04/2008 a 14:21:50,04

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\i FOUND
C:\WINDOWS\system32\SBFC.dat FOUND
C:\WINDOWS\system32\SBRC.dat FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.2" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.3" FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.4" FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 14:31
ok réouvre clean et passe l option 2

puis poste moi le rapport stp
0
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 14:48
Voilà la suite:Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 20/04/2008 a 14:42:41,03

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\i
tentative de suppression de C:\WINDOWS\system32\SBFC.dat
tentative de suppression de C:\WINDOWS\system32\SBRC.dat
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.2"
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.3"
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.4"

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
Réponse 6 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 14:49
ok on continue maintenant fais ça :

Télécharge HijackThis ici :

-> https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...
0
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 14:53
ok:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:40, on 20/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllcache\mravsc32.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\gqezey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Nico\Local Settings\Temporary Internet Files\Content.IE5\3YKR72IJ\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [LibreSystem] C:\Program Files\LibreSystem\SysRep.exe
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\SpyErazer\pcd-as.exe /10003
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [68b2db1b] rundll32.exe "C:\WINDOWS\System32\hwqrwhbb.dll",b
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
0
Réponse 7 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 14:59
bon plusieures choses si ton xp est un original :

instale le SP2 (pack de mise a jours ):

https://www.01net.com/telecharger/windows/Utilitaire/dll_librairies/fiches/29989.html

instal aussi internet 7 :

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

apres je te conseil de sésinstaller avast car c est une vrai passoire ( t en a eu le preuve) et instal antivir :

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

puis met le a jours et lance l analyse complete et poste moi le rapport stp
0
Réponse 8 / 22
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 18:04
Rapport avira:
Avira AntiVir Personal
Report file date: dimanche 20 avril 2008 17:24

Scanning for 1218459 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NICOLAS-YH79R6H

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 15:12:55
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 15:13:00
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 15:13:24
AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 15:13:22
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 15:13:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 15:13:17
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 15:13:15
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 15:13:06
AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 15:13:05
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 15:13:03
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 20 avril 2008 17:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'mravsc32.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\dllcache\mravsc32.exe'
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'mravsc32.exe' has been terminated
C:\WINDOWS\system32\dllcache\mravsc32.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!

32 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\hwqrwhbb.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!

The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_NICOLAS-YH79R6H.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> WINDOWS/System32/mto.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
--> WINDOWS/System32/yygc.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/gqezey.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/jvpjbgoz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/scctkkh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/tfsjotr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/bpfgar.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/moywed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/vscauso.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/yzed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> WINDOWS/System32/qretpke.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
--> WINDOWS/System32/mljjgded.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/hwqrwhbb.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/rqRiJyvu.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/qoMffCvS.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> WINDOWS/System32/npaoxjra.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45U789MB\ddos[1].htm
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[WARNING] The file was ignored!
C:\Documents and Settings\Nico\Local Settings\Temp\_bm1fcmlkY2NudF9oYV9tYV9rdzFfbWE1ZnJz_c29mdA_bm1fX2YyYTQ5MzEwMGJlZTExZGQ5ZGM0ZmZmZmZmY2ZmZmZmX2I0OWI2Y2NmOGY1YjQ1ZjY4MTJmNDMwODJjMmFhN2Yx_.EXE
[DETECTION] Is the Trojan horse TR/Peed.A.280
[NOTE] The file was deleted!
C:\Documents and Settings\Nico\Local Settings\Temp\_ZGlyZWN0bHlvbl9tYTVmcnM_a2V5aW4_a2V5aW4_.exe
[DETECTION] Is the Trojan horse TR/Peed.A.280
[WARNING] The file was ignored!
C:\Program Files\SpyErazer\QuarantineFolder\{362579CF-D429-4992-9E23-03DC3EC767D1}
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP16\A0005634.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP16\A0005635.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001169.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001170.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001171.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001174.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001176.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001177.scr
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001178.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001179.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001180.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001181.exe
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001182.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001183.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001184.exe
[DETECTION] Is the Trojan horse TR/Killav.28714
[NOTE] The file was deleted!
C:\System Volume Information\_restore{57A83DB2-1707-42B2-BC86-B9A7E80285B2}\RP5\A0001189.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\abzwsiz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\anlyvs.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\awofuyuc.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\bcslh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bocitfj.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bpfgar.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bpnx.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bxmaq.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\bxolgqna.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\cakzznkw.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\cqcrwdmx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\dlwyyz.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dpkemvm.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dqkb.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dszton.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\dvjeaezu.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\dxeewn.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\dzfe.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\eqoypoh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\gaxxx.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\ghmkiwj.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\gjjezxqx.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\gqezey.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\hnjb.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\htunbg.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\iqxcx.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\jiuuws.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\jvpjbgoz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\jxcnb.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\kdlsnqv.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\kopwzp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\lfxk.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\llnzhw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\lyxpsqae.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mevp.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\mljjgded.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\momp.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\moywed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mto.exe
[DETECTION] Is the Trojan horse TR/Crypt.TPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\mugf.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\mugi.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\nkehmhxn.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\nlfywc.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\npaoxjra.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\nutue.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\ohwvnyxn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\ootfetsr.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\oyjqn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\powtls.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\puiuxy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\pwdp.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\qefau.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qoMffCvS.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qpag.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\qretpke.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\qunmjmrz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\rnaifgzv.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\rqRiJyvu.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\rsyn.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\saurucf.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\scctkkh.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\srqzydse.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\stkt.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\swns.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\tbagy.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\tfsjotr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\tiwxwe.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\tnbesl.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\uddjlabm.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\unosbb.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\upwwn.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\vohltyb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\vscauso.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\wkigrp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\xctnr.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\xpiglyei.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\yicy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\yygc.exe
[DETECTION] Is the Trojan horse TR/NoUpdate.B.48
[NOTE] The file was deleted!
C:\WINDOWS\system32\yzed.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\zhts.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\zoju.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.AX.233
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\etc\hosts
[DETECTION] Is the Trojan horse TR/Qhost.AA
[NOTE] The file was deleted!
C:\WINDOWS\Temp\DIL4.tmp
[DETECTION] Is the Trojan horse TR/Favadd.BF
[NOTE] The file was deleted!


End of the scan: dimanche 20 avril 2008 18:00
Used time: 35:38 min

The scan has been done completely.

2202 Scanning directories
96337 Files were scanned
122 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
103 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
96215 Files not concerned
950 Archives were scanned
5 Warnings
103 Notes
0
Réponse 9 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 18:09
ok il a fait le menage

refais un scan hijackthis et poste moi le rapport stp
0
Réponse 10 / 22
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 18:22
ok,here we go:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:04, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Nico\Local Settings\Temporary Internet Files\Content.IE5\3YKR72IJ\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 11 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 18:29
ok il te reste des infections

fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 12 / 22
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 18:48
rapport combofix:
ComboFix 08-04-18.3 - Nico 2008-04-20 18:38:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.533 [GMT 2:00]
Endroit: C:\Documents and Settings\Nico\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dedgjjlm.ini
C:\WINDOWS\system32\dedgjjlm.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.

2008-04-20 17:08 . 2008-04-20 17:08 <REP> d-------- C:\Program Files\Avira
2008-04-20 17:08 . 2008-04-20 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-20 16:54 . 2008-04-20 18:38 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-20 16:47 . 2008-04-20 16:47 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-20 16:41 . 2008-04-20 16:44 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-04-20 16:19 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-20 16:19 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-20 16:19 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-20 16:19 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-20 16:19 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-20 16:19 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-20 16:19 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-20 16:19 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-20 16:19 . 2006-10-27 15:09 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-20 16:19 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 16:07 . 2008-04-20 16:07 <REP> d-------- C:\Documents and Settings\NetworkService\Menu D‚marrer
2008-04-20 15:51 . 2008-04-20 16:09 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-20 15:44 . 2004-08-19 16:09 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-04-20 15:44 . 2004-08-19 16:10 32,768 --a------ C:\WINDOWS\system32\snmp.exe
2008-04-20 15:44 . 2004-08-19 16:10 32,768 --a--c--- C:\WINDOWS\system32\dllcache\snmp.exe
2008-04-20 15:42 . 2008-04-20 15:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-20 15:42 . 2004-08-19 16:09 40,448 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-04-20 15:26 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02423_.tmp
2008-04-20 15:17 . 2008-04-20 15:48 <REP> d-------- C:\WINDOWS\EHome
2008-04-20 15:08 . 2008-04-20 15:08 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-04-20 12:04 . 2008-04-20 12:04 <REP> d-------- C:\Documents and Settings\Nico\Application Data\Malwarebytes
2008-04-20 12:03 . 2008-04-20 13:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-20 12:03 . 2008-04-20 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 12:03 . 2008-04-20 12:03 74,752 --a------ C:\scxxsjah.exe
2008-04-20 10:28 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-20 09:49 . 2008-04-20 13:11 1,541,089 ---hs---- C:\WINDOWS\system32\bbhwrqwh.ini
2008-04-20 09:46 . 2008-04-20 09:46 118 --a------ C:\WINDOWS\system32\ymgokcbp.bat
2008-04-20 09:06 . 2008-04-20 09:47 1,540,677 ---hs---- C:\WINDOWS\system32\hcqbtvso.ini
2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2008-04-20 08:51 . 2004-08-03 23:04 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2008-04-20 08:51 . 2004-08-03 23:04 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
2008-04-20 08:51 . 2003-04-24 14:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
2008-04-20 08:51 . 2004-08-03 23:04 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2008-04-20 08:51 . 2003-04-24 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-04-20 08:51 . 2003-04-24 14:00 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-04-20 08:49 . 2003-04-24 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-04-20 08:48 . 2003-04-24 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-20 08:47 . 2003-04-24 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-20 08:42 . 2008-04-20 08:42 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-20 08:41 . 2004-08-19 16:09 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-04-20 08:41 . 2003-04-24 14:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-04-20 08:41 . 2003-04-24 14:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-04-20 08:41 . 2003-04-24 14:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-04-20 08:25 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET22.tmp
2008-04-19 18:41 . 2008-04-19 18:41 <REP> d-------- C:\Program Files\Google
2008-04-19 14:53 . 2008-04-19 16:26 4 --a------ C:\WINDOWS\scanreg.ini
2008-04-19 14:49 . 2005-02-01 14:49 12 --a------ C:\WINDOWS\system32\wsxttime.sys
2008-04-19 14:37 . 2008-04-20 16:57 <REP> d-------- C:\Program Files\Systerac XP Tools 3
2008-04-19 14:36 . 2008-04-19 14:36 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-04-19 14:23 . 2008-04-20 16:55 <REP> d-------- C:\Program Files\SpyErazer
2008-04-19 14:23 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-04-19 14:23 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-04-19 14:23 . 2008-04-19 14:23 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-04-19 14:23 . 2008-04-19 14:23 3,120 --a------ C:\WINDOWS\118294.78
2008-04-19 14:23 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-04-19 11:30 . 2008-04-20 16:46 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-04-19 11:30 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-19 11:27 . 2008-04-19 11:27 <REP> d-------- C:\WINDOWS\system32\bits
2008-04-19 11:26 . 2004-08-19 16:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-19 11:26 . 2004-08-19 16:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-19 11:26 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-19 11:26 . 2004-08-19 16:09 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-19 11:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-19 11:20 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-19 11:18 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-19 11:18 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-19 11:18 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-19 11:18 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-19 11:18 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-19 11:18 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-19 11:18 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-19 11:18 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-19 10:59 . 2008-04-20 12:05 2 --a------ C:\1756552116
2008-04-19 09:19 . 2007-01-25 16:37 4,027,456 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-19 09:18 . 2008-04-19 09:18 <REP> d-------- C:\Program Files\Realtek AC97
2008-04-19 09:18 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-19 09:18 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-19 09:17 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-19 09:01 . 2008-04-19 09:01 <REP> d---s---- C:\Documents and Settings\Nico\UserData
2008-04-19 07:22 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-19 07:19 . 2008-04-20 11:38 109,756 --a------ C:\WINDOWS\BM6b81e887.xml
2008-04-19 06:43 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET1B.tmp
2008-04-19 06:43 . 2003-04-24 14:00 13,923 -ra------ C:\WINDOWS\SET27.tmp
2008-04-18 00:44 . 2008-04-18 00:44 116 --a------ C:\WINDOWS\system32\nbsven.bat
2008-04-17 18:07 . 2008-04-19 19:26 425,459 --a------ C:\Documents and Settings\Nico\scan.dat
2008-04-17 18:06 . 2008-04-17 18:06 114 --a------ C:\WINDOWS\system32\hjkh.bat
2008-04-17 18:03 . 2008-04-17 18:03 123 --a------ C:\WINDOWS\system32\ikye.bat
2008-04-17 17:59 . 2008-04-17 17:59 0 -ra------ C:\WINDOWS\system32\TFTP672
2008-04-17 17:50 . 2008-04-17 17:50 <REP> d-------- C:\Documents and Settings\Nico\Application Data\libresystem
2008-04-17 17:45 . 2008-04-17 17:45 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
2008-04-17 17:44 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-17 17:23 . 2008-04-17 17:23 121 --a------ C:\WINDOWS\system32\unnpqyed.bat
2008-04-16 21:38 . 2003-04-24 14:00 28,160 --a--c--- C:\WINDOWS\system32\dllcache\msoobe.exe
2008-04-16 21:33 . 2004-08-19 15:52 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2008-04-16 21:22 . 2003-04-24 14:00 1,086,182 -ra------ C:\WINDOWS\SET19.tmp
2008-04-16 21:22 . 2003-04-24 14:00 13,923 -ra------ C:\WINDOWS\SET25.tmp
2008-04-16 19:30 . 2008-04-16 19:30 <REP> d-------- C:\Documents and Settings\Daphn‚
2008-04-16 19:19 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-16 19:19 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-04-16 19:19 . 2003-02-21 04:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-04-16 19:18 . 2008-04-16 19:18 <REP> d-------- C:\Program Files\Alwil Software
2008-04-16 18:58 . 2008-04-16 18:58 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-16 18:54 . 2008-04-16 18:54 0 -ra------ C:\WINDOWS\system32\TFTP5412
2008-04-16 18:40 . 2008-04-16 18:40 13,736 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-16 18:39 . 2008-04-16 18:39 0 -ra------ C:\WINDOWS\system32\TFTP3304
2008-04-16 18:24 . 2008-04-16 18:24 <REP> d-------- C:\Program Files\Rockstar Games
2008-04-08 19:32 . 2008-04-08 19:32 <REP> d-------- C:\WINDOWS\system32\URTTemp
2008-04-08 19:28 . 2008-04-08 19:28 0 --a------ C:\WINDOWS\frontpg.ini
2008-04-08 19:27 . 2008-04-08 19:27 <REP> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-04-08 19:25 . 2008-04-08 19:26 <REP> d-------- C:\WINDOWS\system32\msmq
2008-04-07 05:12 . 2008-04-19 19:20 <REP> d-------- C:\Documents and Settings\Nico\Application Data\MSN6
2008-04-07 05:12 . 2008-04-07 05:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-07 05:05 . 2008-04-07 05:05 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-07 05:05 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 05:54 --------- d-----w C:\Program Files\Services en ligne
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1bd9becd-055a-4dba-9041-1c0a24c4026d}]
C:\WINDOWS\System32\npaoxjra.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:10 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-19 18:41 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"Microsoft Anivirus Monitor Process"="antiv.exe" []
"Microsft Security Monitor Process"="mssmpp.exe" []
"cookw"="C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" [ ]
"SBI"="C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Anivirus Monitor Process"="antiv.exe" []
"Microsft Security Monitor Process"="mssmpp.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe [2004-08-19 16:09]
S2 Distributed Allocated Memory Unit;Distributed Allocated Memory Unit;"C:\WINDOWS\system32\dllcache\mravsc32.exe" []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 18:43:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-20 18:46:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 16:46:49

Pre-Run: 32,560,791,552 octets libres
Post-Run: 32,595,222,528 octets libres

219
0
Réponse 13 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 19:04
refais un scan hijackthis et poste le rapport stp
0
Réponse 14 / 22
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 19:09
--Le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:11, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nico\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 15 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 19:14
supprime ces lignes:

O2 - BHO: {d6204c42-a0c1-1409-abd4-a550dceb9db1} - {1bd9becd-055a-4dba-9041-1c0a24c4026d} - C:\WINDOWS\System32\npaoxjra.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FICHIE~1\LIBRES~1\cookw.exe" -start

O4 - HKLM\..\RunServices: [Microsoft Anivirus Monitor Process] antiv.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe

pour les supprimer tu les coches ensuite tu clic sur fix checked

apres fais ça :

Démarrer > executer > ' services.msc ' ,

- Clic droit sur le service cité - Distributed Allocated Memory Unit
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

2) Supprime le dossier :

Va dans "C:\WINDOWS\system32\trouve et supprime le dossier dllcache
0
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 19:20
ok...

-
Pas de pain, pas de gain!
0
Réponse 16 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 19:23
ok refais un scan hijackthis et poste le nouveau rapport stp
0
Réponse 17 / 22
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 19:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:33, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nico\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Nico\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 18 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 19:53
ton rapport est propre mis a part cette ligne:

O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe (file missing)

pour l enlever

il faut faire ceci :

Démarrer > executer > ' services.msc ' ,

- Clic droit sur le service cité - Distributed Allocated Memory Unit
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

2) Supprime le dossier :

Va dans cherche et supprime ce fichier :
C:\WINDOWS\system32\dllcache\mravsc32.exe
0
Réponse 19 / 22
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 20:03
je ne trouve pas le fichier C:\WINDOWS\system32\dllcache\mravsc32.exe,malgré une recherche poussée...
0
Réponse 20 / 22
cedric241 Messages postés 3367 Date d'inscription mardi 26 février 2008 Statut Membre Dernière intervention 23 avril 2008 119
20 avril 2008 à 20:08
ok si tu le trouve supprme le

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


? Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
0
gorgutz Messages postés 242 Date d'inscription samedi 19 avril 2008 Statut Membre Dernière intervention 18 janvier 2010 12
20 avril 2008 à 21:17
un message d erreur apparait: impossible d importer C:\Sauv.reg.Voici le seul rapport dont je dispose:
---->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\Nico\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Nico\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Nico\Bureau\Clean: trouvé !
C:\Documents and Settings\Nico\Bureau\Clean\Clean: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Nico\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\Nico\Bureau\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\Nico\Bureau\Clean: supprimé !

Fichiers temporaires nettoyés !
Sauvegarde du registre crée!
Pas de pain, pas de gain!
0

Discussions similaires

Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
win32 bogent [susp]
hidalgo -
papajohn -

36 réponses