Sujet Précédent Sujet Suivant

Virus qui a efface mon antivirus?

Fermé
russkov - 6 juin 2008 à 20:57
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 12 juin 2008 à 19:34
Bonjour,
Logfile of HijackThis v1.99.1
Scan saved at 22:49:15, on 06/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\ASWLSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\186e4e.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\187c1d.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\ARC17\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\TEMP\parFB97.tmp"
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\syscmd\mscmp32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EBFE9D0-6E78-4367-B145-98CDDADDC509}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3999C0C-C904-40C3-8887-4FE7D5E276B4}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF223EF9-BB7F-4663-A788-C3C477C86D03}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.76 85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.76 85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.76 85.255.112.150
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\System32\ASWLSVC.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe (file missing)
O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\System32\wnslogan.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Fichiers communs\SRS Labs Shared\Service\srslabslicenseservice.exe



J ai chope un bon nombre de virus et je ne sais plus quoi faire ..
.Le pc de ma copine est infecte aussi apparement elle ne peut plus lancer de connection internet ... y a t il une solution ?
SPASIBO ! )
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
6 juin 2008 à 21:00
Bonsoir

en effet infectés :-)

1/ Télécharge FixWareout de l'un de ces deux liens :
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe

Sauvegarde-le sur ton Bureau, puis lance-le.
Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.
Suis les directives à l'écran.
L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.
Le redémarrage risque de prendre un peu plus de temps; ceci est normal.

Lorsque redémarré, un fichier texte apparaîtra (report.txt); copie/colle ce rapport dans ta prochaine réponse.




2/ Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse




3/ Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+
1
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169
6 juin 2008 à 21:06
Salut Ep44

Fais lui installer un AV dès que possible .... ;-)

Pour Jacques Gache...

Renommer HJT c'est quand on ne voit pas de 02/020 sur HJT ;-)

@+
0
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616 > jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011
8 juin 2008 à 17:51
ok pour les lignes 02/020 mais comme sa version hijackthis n'est pas à jour autant en profiter pour le renommer car ça ne gène en rien qu'il le soit sauf les infections vundo
0
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169 > jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016
8 juin 2008 à 17:57
autant en profiter pour le renommer car ça ne gène en rien

Citation de BiBi26 ( que tout le monde connais ;-)) au sujet de renommer systematiquement HJT

Pas toujours, car, si je ne me trompe pas, cela peut empêcher le bon fonctionnement de certaines options.

0
Réponse 2 / 26
Utilisateur anonyme
6 juin 2008 à 21:01
salut fais un scan en ligne avec bitdefender et kapersky et dis moi ce qu'il trouve d'aprèes l'analyse hijackthis il y a plusieurs processus malveillant tiens moi au courant A+
0
Réponse 3 / 26
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
6 juin 2008 à 21:03
bonjour, déja ta version d'hijackthis n'est plus d'actualité elle est périmé il va falloir la désinstaller et la retélécharger mais avant tu passes smitfraudfix tu fais la recherche en mode normal et le nettoyage en mode sans echec tu suis bien les explication http://siri.urz.free.fr/Fix/SmitfraudFix.php et tu refais un hijackthis de cette façon
le télécharger et l'enregistrer sur le bureau: https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
pour le rapport et fixer les lignes: http://pageperso.aol.fr/balltrap34/demohijack.htm
mais avant de le lancer pour analyse rends toi sur ton bureau et cliques droit sur hijackthis et renommer et la tu mets montruc et tu valides avec entrée
!!Déconnectes toi et fermes toute tes applications en cours !!
Double clik sur le raccourci du bureau,
Fais un scan montruc (ou HijackThis renommé) et postes le rapport générer pour analyse ...
car certaine infection se planque d'hijackthis
0
Réponse 4 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
6 juin 2008 à 21:14
Hello jorginho67,

Bien vu ;-) merci à toi

Télécharge Avira AntiVir Personal - FREE Antivirus ==>http://www.swl1f.net/viewtopic.php?f=14&t=59
Suit ce tuto ;-)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
jorginho67 Messages postés 14716 Date d'inscription mardi 11 septembre 2007 Statut Contributeur sécurité Dernière intervention 11 février 2011 1 169
6 juin 2008 à 21:25
Il y a surement du Bagle là dessous...

On le saura si il nous dit qu'il n'a pas réussi a instaler Avira

@+
0
Réponse 6 / 26
russkov
7 juin 2008 à 14:29
rapport FixWareout

Username "damien" - 07/06/2008 16:09:14 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.76 85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{080287B2-E1CB-493E-84DC-C79E7923CF19}
"nameserver"="85.255.114.76,85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9EBFE9D0-6E78-4367-B145-98CDDADDC509}
"nameserver"="85.255.114.76,85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A3999C0C-C904-40C3-8887-4FE7D5E276B4}
"nameserver"="85.255.114.76,85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DF223EF9-BB7F-4663-A788-C3C477C86D03}
"nameserver"="85.255.114.76,85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{080287B2-E1CB-493E-84DC-C79E7923CF19}
"DhcpNameServer"="85.255.114.76,85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9EBFE9D0-6E78-4367-B145-98CDDADDC509}
"DhcpNameServer"="85.255.114.76,85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DF223EF9-BB7F-4663-A788-C3C477C86D03}
"DhcpNameServer"="85.255.114.76,85.255.112.150" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F29820A6-F1CA-4716-BD29-1CF5C733B54A}
"DhcpNameServer"="85.255.114.76,85.255.112.150" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
0
Réponse 7 / 26
russkov
7 juin 2008 à 14:42
Pour le redemarrage en mode sans echec, c est mort ... page bleu .. qui me dit de checker les virus sur mon pc :P
des idees ?))
0
Réponse 8 / 26
russkov
7 juin 2008 à 14:45
SmitFraudFix v2.323

Rapport fait à 16:44:04,19, 07/06/2008
Executé à partir de C:\Documents and Settings\damien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\ASWLSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\damien\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\damien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\damien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\damien\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\wowfx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau ASUS 802.11g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D69B409F-8DA3-4823-A61C-D9BB2BA07E21}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: DhcpNameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: NameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9EBFE9D0-6E78-4367-B145-98CDDADDC509}: DhcpNameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9EBFE9D0-6E78-4367-B145-98CDDADDC509}: NameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A3999C0C-C904-40C3-8887-4FE7D5E276B4}: NameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D69B409F-8DA3-4823-A61C-D9BB2BA07E21}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF223EF9-BB7F-4663-A788-C3C477C86D03}: DhcpNameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF223EF9-BB7F-4663-A788-C3C477C86D03}: NameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F29820A6-F1CA-4716-BD29-1CF5C733B54A}: DhcpNameServer=85.255.114.76,85.255.112.150
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D69B409F-8DA3-4823-A61C-D9BB2BA07E21}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D69B409F-8DA3-4823-A61C-D9BB2BA07E21}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.76 85.255.112.150
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 9 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
7 juin 2008 à 20:16
Bonjour,

As tu installé l'antivirus ?
Si non fait le avant de faire ce qui suit

Télécharge ELIBAGLA (de MSC HotlineSat)
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Clique sur le bouton Descargar Elibagla 11.40
( tout en bas de la page au dessus de Tamaño Descargados Licencia Web 44,51 Kb.)
Pour télécharger le fichier sur le bureau.
Double-clique sur EliBaglA.exe.
Dans le cartouche Unidad, tu dois voir C:\

L'option en bas de la fenêtre "Eliminar Ficheros Automaticamente" doit être cochée.
Clique sur le bouton "Explorar" pour lancer l'analyse.

https://i18.servimg.com/u/f18/11/05/93/83/elibag10.jpg

poste le rapport de elibagla qui est dans c:\infosat.txt

Puis tu postes un rapport Hijackthis et des nouvelles de ton pc après le scan Elibagla
@+
0
Réponse 10 / 26
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
7 juin 2008 à 21:00
bonjour, si si il l'a fais tu le trouves sur le rapport smitfraudfix ici C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
0
Réponse 11 / 26
russkov
8 juin 2008 à 12:52
rapport Bitdefender , y a du boulot !!! ))

BitDefender Online Scanner



Scan report generated at: Sat, Jun 07, 2008 - 19:34:00





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;K:\;L:\;







Statistics

Time
02:32:01

Files
153769

Folders
4256

Boot Sectors
7

Archives
1589

Packed Files
7449




Results

Identified Viruses
15

Infected Files
1114

Suspect Files
1

Warnings
0

Disinfected
994

Deleted Files
121




Engines Info

Virus Definitions
1256841

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\damien\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
Disinfected

C:\Documents and Settings\damien\Bureau\Fixwareout.exe
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 0)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 1)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 2)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 3)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 4)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 5)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 6)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 7)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 8)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 9)
Clean

C:\Documents and Settings\damien\Bureau\Fixwareout.exe=>(Instyler o)=>(Instyler Module 10)
Clean

C:\Documents and Settings\damien\Bureau\Francais.sbl
Clean

C:\Documents and Settings\damien\Bureau\IMGP0294.JPG
Clean

C:\Documents and Settings\damien\Bureau\IMG_1081.JPG
Clean

C:\Documents and Settings\damien\Bureau\IMG_1086.JPG
Clean

C:\Documents and Settings\damien\Bureau\IMG_1135.JPG
Clean

C:\Documents and Settings\damien\Bureau\Includes\
Clean

C:\Documents and Settings\damien\Bureau\Includes\Adware.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\AdwareC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Browserpages.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\Cookies.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Cookies.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\Dialer.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Dialer.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\DialerC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Domains.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\HeavyDuty.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Hijackers.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\HijackersC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Keyloggers.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\KeyloggersC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Logs.uts
Clean

C:\Documents and Settings\damien\Bureau\Includes\LSP.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Malware.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\MalwareC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\OperaPlugins.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\ProcWatch.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\PUPS.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\PUPSC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\RegWatch.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\Revision.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Revision.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\Searchpages.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\Security.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\SecurityC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Services.sbs
Clean

C:\Documents and Settings\damien\Bureau\Includes\Spybots.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\SpybotsC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Spyware.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\SpywareC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\Tracks.uti
Clean

C:\Documents and Settings\damien\Bureau\Includes\Trojans.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\TrojansC.sbi
Clean

C:\Documents and Settings\damien\Bureau\Includes\URL-Blacklist.sbs
Clean

C:\Documents and Settings\damien\Bureau\instructions.txt
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 0)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 1)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 2)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 3)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 4)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 5)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 6)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 7)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 8)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 9)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 10)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 11)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 12)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 13)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 14)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 15)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 16)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 17)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 18)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 19)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 20)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 21)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 22)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 23)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 24)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 25)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 26)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 27)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 28)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 29)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 30)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 31)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 32)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 32)=>(boot image)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 33)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 34)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 35)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 36)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 37)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 38)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 39)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 40)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 41)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 42)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 43)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 44)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 45)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 46)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 47)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 48)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 49)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 50)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 51)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 52)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 53)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 54)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 55)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 56)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 57)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 58)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 59)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 60)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 61)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 62)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 63)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 64)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 65)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 66)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 67)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 68)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 69)
Clean

C:\Documents and Settings\damien\Bureau\jv16pt_setup1.3.0.195.exe=>(Instyler o)=>(Instyler Module 70)
Clean

C:\Documents and Settings\damien\Bureau\SmitfraudFix\404Fix.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\404Fix.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\dumphive.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\dumphive.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\GenericRenosFix.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\GenericRenosFix.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\HostsChk.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\HostsChk.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\IEDFix.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\IEDFix.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\Policies.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\Policies.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\Process.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\Process.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\Reboot.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\Reboot.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\restart.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\restart.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\SmiUpdate.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\SmiUpdate.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\swreg.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\swreg.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\swsc.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\swsc.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\swxcacls.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\swxcacls.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\UIFix.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\UIFix.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\unzip.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\unzip.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\VACFix.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\VACFix.exe
Disinfected

C:\Documents and Settings\damien\Bureau\SmitfraudFix\WS2Fix.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\SmitfraudFix\WS2Fix.exe
Disinfected

C:\Documents and Settings\damien\Bureau\spyguarder_install.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\spyguarder_install.exe
Disinfected

C:\Documents and Settings\damien\Bureau\spyguarder_install.exe
Suspected of: BehavesLike:Trojan.Downloader

C:\Documents and Settings\damien\Bureau\spyguarder_install.exe
Disinfection failed

C:\Documents and Settings\damien\Bureau\spyguarder_install.exe
Deleted

C:\Documents and Settings\damien\Bureau\VundoFix.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\VundoFix.exe
Disinfected

C:\Documents and Settings\damien\Bureau\zte531b_new_disk\Autorun.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Bureau\zte531b_new_disk\Autorun.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Application Data\V-Safe 100\V-Safe100.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Application Data\V-Safe 100\V-Safe100.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\105ecaa.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\105ecaa.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\105ecaa.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\105ecaa.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\115b30d.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\115b30d.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\115b30d.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\115b30d.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1162d6a.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1162d6a.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1162d6a.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1162d6a.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1439713.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1439713.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1439713.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1439713.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1442c00.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1442c00.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1442c00.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1442c00.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\14758.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\14758.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\14758.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\14758.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1717b88.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1717b88.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1717b88.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1717b88.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1722440.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1722440.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1722440.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1722440.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\186e4e.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\186e4e.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\186e4e.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\186e4e.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\187c1d.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\187c1d.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\187c1d.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\187c1d.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\19f63c8.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\19f63c8.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\19f63c8.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\19f63c8.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1a01363.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1a01363.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1a01363.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1a01363.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1cd4b2c.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1cd4b2c.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1cd4b2c.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1cd4b2c.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1ce0588.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1ce0588.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1ce0588.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1ce0588.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1fb3268.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1fb3268.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1fb3268.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1fb3268.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\1fbf790.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\1fbf790.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\1fbf790.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\1fbf790.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\22915c4.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\22915c4.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\22915c4.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\22915c4.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\229eae2.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\229eae2.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\229eae2.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\229eae2.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\2570876.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\2570876.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\2570876.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\2570876.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\263478.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\263478.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\263478.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\263478.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\2768eb.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\2768eb.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\2768eb.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\2768eb.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\27855c.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\27855c.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\27855c.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\27855c.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\278fd8.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\278fd8.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\278fd8.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\278fd8.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\27a4ed.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\27a4ed.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\27a4ed.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\27a4ed.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\27af7d.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\27af7d.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\27af7d.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\27af7d.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\280a5d.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\280a5d.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\280a5d.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\280a5d.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\28189a.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\28189a.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\28189a.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\28189a.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\284f214.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\284f214.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\284f214.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\284f214.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\29f92d.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\29f92d.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\29f92d.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\29f92d.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\2f140e.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\2f140e.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\2f140e.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\2f140e.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\2f1f5c.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\2f1f5c.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\2f1f5c.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\2f1f5c.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\2ff511.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\2ff511.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\2ff511.exe
Infected with: Generic.Malware.FYd.D2A4E2F6

C:\Documents and Settings\damien\Local Settings\Temp\2ff511.exe
Disinfection failed

C:\Documents and Settings\damien\Local Settings\Temp\2ff511.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\30099a.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\30099a.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\30099a.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\30099a.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\3071f9.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\3071f9.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\3071f9.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\3071f9.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\307bc0.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\307bc0.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\307bc0.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\307bc0.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\307be8.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\307be8.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\307be8.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\307be8.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\308452.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\308452.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\308452.exe
Infected with: Generic.Malware.FYd.D2A4E2F6

C:\Documents and Settings\damien\Local Settings\Temp\308452.exe
Disinfection failed

C:\Documents and Settings\damien\Local Settings\Temp\308452.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\30963c.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\30963c.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\30963c.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\30963c.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\3097a5.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\3097a5.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\3097a5.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\3097a5.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\309f13.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\309f13.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\309f13.exe
Infected with: Generic.Malware.FYd.D2A4E2F6

C:\Documents and Settings\damien\Local Settings\Temp\309f13.exe
Disinfection failed

C:\Documents and Settings\damien\Local Settings\Temp\309f13.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\30a1d0.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\30a1d0.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\30a1d0.exe
Infected with: Generic.Malware.FYd.D2A4E2F6

C:\Documents and Settings\damien\Local Settings\Temp\30a1d0.exe
Disinfection failed

C:\Documents and Settings\damien\Local Settings\Temp\30a1d0.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\30a4f2.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\30a4f2.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\30a4f2.exe
Infected with: Generic.Malware.FYd.D2A4E2F6

C:\Documents and Settings\damien\Local Settings\Temp\30a4f2.exe
Disinfection failed

C:\Documents and Settings\damien\Local Settings\Temp\30a4f2.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\30aeb9.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\30aeb9.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\30afdc.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\30afdc.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\30afdc.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\30afdc.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\388104.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\388104.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\388104.exe
Infected with: Generic.Malware.FYd.5743EBD5

C:\Documents and Settings\damien\Local Settings\Temp\388104.exe
Disinfection failed

C:\Documents and Settings\damien\Local Settings\Temp\388104.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\38b61a.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\38b61a.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\38b61a.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\38b61a.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\3c34dd.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\3c34dd.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\3c34dd.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\3c34dd.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\3c40d6.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\3c40d6.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\3c40d6.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\3c40d6.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\4c41e6.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\4c41e6.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\4c41e6.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\4c41e6.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\4c70eb.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\4c70eb.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\4c70eb.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\4c70eb.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\4cb37f.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\4cb37f.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\4cb37f.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\4cb37f.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\4ed44.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\4ed44.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\4ed44.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\4ed44.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\4f1927.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\4f1927.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\4f1927.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\4f1927.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\55749c.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\55749c.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\55749c.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\55749c.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\5dfca6.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\5dfca6.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\5dfca6.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\5dfca6.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\5e6b0b.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\5e6b0b.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\5e6b0b.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\5e6b0b.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\5e6b1f.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\5e6b1f.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\5e6b1f.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\5e6b1f.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\5e8cec.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\5e8cec.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\5e8cec.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\5e8cec.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\5e9482.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\5e9482.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\5e9482.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\5e9482.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\716443.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\716443.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\716443.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\716443.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\71975.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\71975.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\71975.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\71975.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\719782.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\719782.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\719782.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\719782.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\71a637.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\71a637.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\71a637.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\71a637.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\71edb.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\71edb.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\71edb.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\71edb.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\72bcd.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\72bcd.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\72bcd.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\72bcd.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\7a70ea.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\7a70ea.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\7a70ea.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\7a70ea.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\834c97.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\834c97.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\834c97.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\834c97.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\8c00c1.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\8c00c1.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\8c00c1.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\8c00c1.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\8c5a2e.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\8c5a2e.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\8c5a2e.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\8c5a2e.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\90d47.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\90d47.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\90d47.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\90d47.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\91921.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\91921.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\91921.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\91921.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\91fd1.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\91fd1.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\91fd1.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\91fd1.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\92be8.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\92be8.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\92be8.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\92be8.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\964ae4.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\964ae4.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\964ae4.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\964ae4.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\967972.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\967972.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\967972.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\967972.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\9eaf6.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\9eaf6.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\9eaf6.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\9eaf6.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\9f70d.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\9f70d.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\9f70d.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\9f70d.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\a3503.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\a3503.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\a3503.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\a3503.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\a435f.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\a435f.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\a435f.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\a435f.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\a82428.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\a82428.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\a82428.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\a82428.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\b19f0.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\b19f0.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\b19f0.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\b19f0.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\b26a6.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\b26a6.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\b26a6.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\b26a6.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\b8aa76.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\b8aa76.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\b9e8f7.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\b9e8f7.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\b9e8f7.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\b9e8f7.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\ba496e.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\ba496e.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\ba496e.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\ba496e.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\bbb578.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\bbb578.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\bbb578.exe
Infected with: Trojan.Pramro.A

C:\Documents and Settings\damien\Local Settings\Temp\bbb578.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\dd9398.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\dd9398.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\dd9398.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\dd9398.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\e7cd07.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\e7cd07.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\e7cd07.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\e7cd07.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\e83df7.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\e83df7.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\e83df7.exe
Infected with: Backdoor.Yacspeel.A

C:\Documents and Settings\damien\Local Settings\Temp\e83df7.exe
Deleted

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avcenter.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avcenter.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avconfig.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avconfig.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avnotify.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avnotify.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avscan.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\avscan.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\licmgr.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\licmgr.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\preupd.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\preupd.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\sched.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\sched.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\setup.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\setup.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\update.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX0\basic\update.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avcenter.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avcenter.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avconfig.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avconfig.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avnotify.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avnotify.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avscan.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\avscan.exe
Disinfected

C:\Documents and Settings\damien\Local Settings\Temp\RarSFX1\basic\licmgr.exe
Infected with: Win32.Sality.NX

C:\Documents and Settings\damien\
0
Réponse 12 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
8 juin 2008 à 13:06
Bon très bien le rapport de bitdefender
mais si tu ne fait pas ce que l'on te demande on va avoir du mal à avancer !
0
Réponse 13 / 26
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
8 juin 2008 à 14:23
russkov bonjour, écoute ce que te demande ep44 car des gens comme lui passent beaucoup "gratuitement"de temps pour nous aider et le moins que nous puissions faire c'est de les écouter et de faire et suivre ce qu'ils nous demandent
0
Réponse 14 / 26
russkov
8 juin 2008 à 17:30
Sun Jun 08 15:00:51 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Jun 08 15:01:03 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3724
Nº Total de Ficheros: 41615
Nº de Ficheros Analizados: 10686
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0



Pour Avir, j'arrive toujours pas a le lancer, il est supprime tres rapidement apres installation...
0
Réponse 15 / 26
russkov
8 juin 2008 à 18:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:07, on 08/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\ASWLSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\2c8029.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\2c8c9a.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\10e42e8.exe
C:\Documents and Settings\damien\Bureau\montruc.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe ""
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\syscmd\mscmp32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\damien\Application Data\Mozilla\Firefox\Profiles\j8mfqmqk.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\damien\Application Data\Mozilla\Firefox\Profiles\j8mfqmqk.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\System32\ASWLSVC.exe
O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\System32\wnslogan.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Fichiers communs\SRS Labs Shared\Service\srslabslicenseservice.exe
0
Réponse 16 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
8 juin 2008 à 18:30 
Pour Avir, j'arrive toujours pas a le lancer, il est supprime tres rapidement apres installation...


Comment ça Avir ?
tu veux parler de Antivir


Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse



ensuite
Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+
0
Réponse 17 / 26
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
8 juin 2008 à 18:36
bonjour, as tu passé SDfix en modes sans echec ? j'ai vu que tu as passé smitfraudfix mais avec smitfraudfix il faut faire la recherche en mode normal et le nettoyage en mode sans echec as tu fais le nettoyage avec smitfraudfix
0
Réponse 18 / 26
Russkov
10 juin 2008 à 20:14
J ai essaye de passer SDfix, mais le mode sans echec plante tout le temps, lorsqu il est pret a se lance, breve fenetre bleue et redemarrage... et Antivir pareil impossible de le lancer correctement , trop rapidement supprime ...
0
Réponse 19 / 26
Russkov
10 juin 2008 à 20:40
Lorsque je demarre windows, lors du chargement de la page principal, je recois un message d'erreur qui dit :
explorer.exe - pas de disque
Il n'y a pas de disque dans le lecteur. Inserez un disque dans le lecteur \Device\Harddisk2\DR7
0
Réponse 20 / 26
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
10 juin 2008 à 21:19
Bonsoir

ok on vérifie une chose :-)

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau


Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : ahr.exe
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses