Security toolbar 7.1 !!
Dranzeu
Messages postés
21
Statut
Membre
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
je voudrais d'abord savoir si "Security toolbar7.1" est un virus , si oui quelle est sa façon d'agir pour nuir ?
je voudrais aussi savoir comment le supprimer car j'ai essayé de tous les moyens sans succes !
Voici le rapport fait via hijakthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:33, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lfmnpqnx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\avpo.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\saiyzfbx.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender9\bdswitch.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender9\bdnagent.exe
O4 - HKLM\..\Run: [e44916f4] rundll32.exe "C:\WINDOWS\system32\emeaoexk.dll",b
O4 - HKLM\..\Run: [BMe77a2568] Rundll32.exe "C:\WINDOWS\system32\wnsjqndw.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\diplome_impression
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: diplome_impression.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer = 212.217.0.14 196.217.246.210
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\lfmnpqnx.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
je voudrais d'abord savoir si "Security toolbar7.1" est un virus , si oui quelle est sa façon d'agir pour nuir ?
je voudrais aussi savoir comment le supprimer car j'ai essayé de tous les moyens sans succes !
Voici le rapport fait via hijakthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:33, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lfmnpqnx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\avpo.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\saiyzfbx.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender9\bdswitch.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender9\bdnagent.exe
O4 - HKLM\..\Run: [e44916f4] rundll32.exe "C:\WINDOWS\system32\emeaoexk.dll",b
O4 - HKLM\..\Run: [BMe77a2568] Rundll32.exe "C:\WINDOWS\system32\wnsjqndw.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\diplome_impression
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: diplome_impression.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer = 212.217.0.14 196.217.246.210
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\lfmnpqnx.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
A voir également:
- Security toolbar 7.1 !!
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Google toolbar - Télécharger - Navigateurs
- Antivirus gratuit norton internet security - Télécharger - Antivirus & Antimalwares
- Account-security-noreply@ accountprotection.microsoft.com spam ✓ - Forum Hotmail / Outlook.com
- Cube security box - Forum Réseaux sociaux
26 réponses
salut,
télécharge smitfraudfix: smitfraudfix
# Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.
Tient moi au courant a+.
télécharge smitfraudfix: smitfraudfix
# Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.
Tient moi au courant a+.
bonjour, sur ton hijackthis tu as une infection multiple, 5 infection différente, si tu veux commencer par passer smitfraudfix tu fais la recherche en mode normal et le nettoyage en mode sans echec et poste le rapport merci , lis bien les explications
http://siri.urz.free.fr/Fix/SmitfraudFix.php
pour démarrer en mode sans échec :
Pour cela, tu redémarres ton pc et tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre
http://siri.urz.free.fr/Fix/SmitfraudFix.php
pour démarrer en mode sans échec :
Pour cela, tu redémarres ton pc et tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre
SmitFraudFix v2.324
Rapport fait à 19:34:59,17, 14/06/2008
Executé à partir de C:\Documents and Settings\MAISON\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lfmnpqnx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\avpo.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAISON
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAISON\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAISON\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.217.0.14
DNS Server Search Order: 196.217.246.210
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer=212.217.0.14 196.217.246.210
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer=212.217.0.14 196.217.246.210
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 19:34:59,17, 14/06/2008
Executé à partir de C:\Documents and Settings\MAISON\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lfmnpqnx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\avpo.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAISON
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MAISON\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MAISON\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.217.0.14
DNS Server Search Order: 196.217.246.210
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer=212.217.0.14 196.217.246.210
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer=212.217.0.14 196.217.246.210
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
En attendant de savoir qui continue je te propose de faire ca :
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
dou-l bonjour, désolé le temps que j'analyse hijackthis je nai pas vu que tu avais pris les choses en mains continu tu as bien vu toutes les infection et leur familles @+
en fait , même s'il j'ai des problème de sécurité.. comment detecter vous des infections a partir de hijackthis ou autre ?
re,
C'est compliqué il faut beaucoup apprendre pour savoir manier hijakcthis et ne pas faire d'erreur avec car elle pourrait etre irrversible!
C'est compliqué il faut beaucoup apprendre pour savoir manier hijakcthis et ne pas faire d'erreur avec car elle pourrait etre irrversible!
regarde et lis ce lien tu pourras te faire une idée https://www.zebulon.fr/dossiers/securite/56-analyse-rapports-hijackthis.html
en attendant lequ ele telechargement de mbam finisse , pouvez vous m'informez sur le Security toolbar 7.1 .. est t'il vrai que c'est un virus ?
si tu es pressé recherche sur google et tu sauras qui il est et normalement si dou-l a bien vu toutes les infections il te proposera en temps voulu l'outil adéquat
voila le rapport avant le redemarrage de l'ordinateur :
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 856
20:20:02 14/06/2008
mbam-log-6-14-2008 (20-20-02).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 101105
Temps écoulé: 26 minute(s), 22 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 8
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 248
Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe (Rogue.Multiple) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cohewpxm.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\emeaoexk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\saiyzfbx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vtstt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifedby.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\bexwhekj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f29895c9-13e5-4d4d-b94b-067145a57d4e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f29895c9-13e5-4d4d-b94b-067145a57d4e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6db3f881-19a2-4085-abd0-dbd56e71f4f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6db3f881-19a2-4085-abd0-dbd56e71f4f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifedby (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{89ad4d75-2429-462e-bd4e-443f233f6033} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89ad4d75-2429-462e-bd4e-443f233f6033} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\saiyzfbx (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugcw (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw (Rogue.ProtectionComplete) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e44916f4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6db3f881-19a2-4085-abd0-dbd56e71f4f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe77a2568 (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtstt.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtstt.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\bbcjolfb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bflojcbb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bepwmdbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbdmwpeb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bhcpcvej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jevcpchb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brbsvgav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vagvsbrb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bvtaamef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\femaatvb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdueoxgt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgxoeudc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cetoxbur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rubxotec.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cohewpxm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mxpwehoc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\devwixyt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tyxiwved.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxjbprte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etrpbjxd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edkkldef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fedlkkde.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edxhmxfb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfxmhxde.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egbkbycp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcybkbge.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emeaoexk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kxeoaeme.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjbmxelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olexmbjf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnrpcbhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhbcprnf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frudewwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwwedurf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftlvusce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ecsuvltf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fvdnfute.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etufndvf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gepknvpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpvnkpeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkwigmdn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndmgiwkg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxrpywfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfwyprxg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpjqjucy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ycujqjph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iqebiwyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xywibeqi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jqhwvplp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plpvwhqj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kgnbgjle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eljgbngk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjccpgwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwgpccjk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\letlcglh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlgcltel.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meislycj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jcylsiem.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhksgoej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jeogskhm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nkavbdei.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iedbvakn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nolotvwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwvtolon.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojhbthoj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\johtbhjo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olobtvxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxvtbolo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqpkptmu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umtpkpqo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oycmywmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmwymcyo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjboofst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsfoobjp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqyqvrfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfrvqyqp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtgfoqbu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubqofgtq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtvuajyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyjauvtq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rsovigtf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftgivosr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saiyzfbx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\saiyzfbx.dllbox (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sgnnjpes.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sepjnngs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sqnhrmjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjmrhnqs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbqbihpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kphibqbt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twxxforx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrofxxwt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugqmsmfk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfmsmqgu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unkkswto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otwskknu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtstt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ttstv.bak1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttstv.bak2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttstv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttstv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wctvypof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fopyvtcw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wemtpscm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcsptmew.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wouejjdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdjjeuow.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqbinhag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gahnibqw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjadnbed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\debndajx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ycnniewu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uweinncy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ygbodqth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\htqdobgy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhdpxpsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bspxpdhy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrjjhrde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edrhjjry.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytrtcnpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npnctrty.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifedby.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bexwhekj.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\MAISON\Local Settings\Temp\afjyqmuk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\agrrwloa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\anidphca.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\bjfiaxeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\bptikjrf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\cacooyjy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\caqlyuvv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\dlwixoql.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\dswtmhmj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\dyekuyln.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\edxucmxv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\efcgxlvu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\elqajavu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ewhthnhi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\exjegpqb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\fblvlwdu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\fplekgwa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gcaaqyqf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gfnsaqmf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gitobxmn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\glcjwfdv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gxwbvyhb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\hknbrhhh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\hlpmcyac.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\hqhmhmdi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\iodkhyci.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\jhvfdmjj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\jqkbaytg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\kaxqtjro.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\kjymxiuq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\kpwopudo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lfnhfjob.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lkrxanxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lkvrkapt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lnbofxck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lpllfrfy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mihungvi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mknyuuki.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mlaitrtq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mluaokcq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mofugclq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mxganqff.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nccycasy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nephiqpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ngproxvf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nmbakdsj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nybcpinr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ogdeairw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\oxjhwwnr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\peuagbsx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\pynnpbme.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\qrjatydi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\qvlnnfkd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rhmutgpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rhvqsuwb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rmlcydcs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\roamakdt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rvkqxeep.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\sdoxevme.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\sheqipoi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\sjmjgsbf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\snancrds.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\tcamkbkh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\tevobesr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ujjivnwv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ukssxmod.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\upbcsioj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\urclqecd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\uytabtic.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vhgtvwel.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vntmrykt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vqdsbjso.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vxpnawsk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\wjiumwsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xdyitjoc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xihvkrno.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xkgqbhbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xqedqkpr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xunsrkcf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xwlgdhfs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xysjgjdy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\yglcrqep.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ymqysuwq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ywssmfiq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ywuecxwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-5NI21.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-5NI21.tmp\XmlReplacer.exe (Generic.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-60CC4.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-60CC4.tmp\XmlReplacer.exe (Generic.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\Temporary Internet Files\Content.IE5\09IZ0X67\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temporary Internet Files\Content.IE5\8V6TYB2L\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\BestsellerAntivirus\ugcw.exe (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP204\A0364014.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP205\A0365060.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP206\A0369264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP206\A0370384.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP206\A0370385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP207\A0371528.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP209\A0380983.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP211\A0381389.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP211\A0383389.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP213\A0394558.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP214\A0399848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP214\A0400894.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP215\A0410212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP215\A0412211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\FMTR.sys (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\amvo2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo4.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo5.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo6.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo8.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrpiyawo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\jfiftejt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 856
20:20:02 14/06/2008
mbam-log-6-14-2008 (20-20-02).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 101105
Temps écoulé: 26 minute(s), 22 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 8
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 248
Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe (Rogue.Multiple) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cohewpxm.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\emeaoexk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\saiyzfbx.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vtstt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\iifedby.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\bexwhekj.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f29895c9-13e5-4d4d-b94b-067145a57d4e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f29895c9-13e5-4d4d-b94b-067145a57d4e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6db3f881-19a2-4085-abd0-dbd56e71f4f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6db3f881-19a2-4085-abd0-dbd56e71f4f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifedby (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{89ad4d75-2429-462e-bd4e-443f233f6033} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89ad4d75-2429-462e-bd4e-443f233f6033} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\saiyzfbx (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugcw (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw (Rogue.ProtectionComplete) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DomainService (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e44916f4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6db3f881-19a2-4085-abd0-dbd56e71f4f5} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe77a2568 (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtstt.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtstt.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\UGA6P (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\UGA6P\Quar (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\bbcjolfb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bflojcbb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bepwmdbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbdmwpeb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bhcpcvej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jevcpchb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brbsvgav.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vagvsbrb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bvtaamef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\femaatvb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdueoxgt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgxoeudc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cetoxbur.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rubxotec.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cohewpxm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mxpwehoc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\devwixyt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tyxiwved.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxjbprte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etrpbjxd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edkkldef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fedlkkde.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edxhmxfb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfxmhxde.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egbkbycp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pcybkbge.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emeaoexk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kxeoaeme.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjbmxelo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olexmbjf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnrpcbhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhbcprnf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frudewwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwwedurf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftlvusce.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ecsuvltf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fvdnfute.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etufndvf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gepknvpj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpvnkpeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkwigmdn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndmgiwkg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxrpywfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfwyprxg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpjqjucy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ycujqjph.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iqebiwyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xywibeqi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jqhwvplp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\plpvwhqj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kgnbgjle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eljgbngk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjccpgwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwgpccjk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\letlcglh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlgcltel.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meislycj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jcylsiem.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhksgoej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jeogskhm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nkavbdei.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iedbvakn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nolotvwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwvtolon.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojhbthoj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\johtbhjo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olobtvxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxvtbolo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oqpkptmu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umtpkpqo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oycmywmk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmwymcyo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjboofst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsfoobjp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqyqvrfn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nfrvqyqp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtgfoqbu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubqofgtq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtvuajyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyjauvtq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rsovigtf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftgivosr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saiyzfbx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\saiyzfbx.dllbox (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sgnnjpes.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sepjnngs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sqnhrmjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjmrhnqs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tbqbihpk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kphibqbt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twxxforx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrofxxwt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugqmsmfk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfmsmqgu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unkkswto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otwskknu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtstt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ttstv.bak1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttstv.bak2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttstv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttstv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wctvypof.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fopyvtcw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wemtpscm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcsptmew.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wouejjdr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdjjeuow.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wqbinhag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gahnibqw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjadnbed.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\debndajx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ycnniewu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uweinncy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ygbodqth.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\htqdobgy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhdpxpsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bspxpdhy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrjjhrde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edrhjjry.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytrtcnpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\npnctrty.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifedby.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bexwhekj.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\MAISON\Local Settings\Temp\afjyqmuk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\agrrwloa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\anidphca.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\bjfiaxeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\bptikjrf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\cacooyjy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\caqlyuvv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\dlwixoql.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\dswtmhmj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\dyekuyln.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\edxucmxv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\efcgxlvu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\elqajavu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ewhthnhi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\exjegpqb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\fblvlwdu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\fplekgwa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gcaaqyqf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gfnsaqmf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gitobxmn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\glcjwfdv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\gxwbvyhb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\hknbrhhh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\hlpmcyac.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\hqhmhmdi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\iodkhyci.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\jhvfdmjj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\jqkbaytg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\kaxqtjro.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\kjymxiuq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\kpwopudo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lfnhfjob.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lkrxanxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lkvrkapt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lnbofxck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\lpllfrfy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mihungvi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mknyuuki.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mlaitrtq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mluaokcq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mofugclq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\mxganqff.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nccycasy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nephiqpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ngproxvf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nmbakdsj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\nybcpinr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ogdeairw.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\oxjhwwnr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\peuagbsx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\pynnpbme.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\qrjatydi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\qvlnnfkd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rhmutgpn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rhvqsuwb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rmlcydcs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\roamakdt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\rvkqxeep.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\sdoxevme.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\sheqipoi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\sjmjgsbf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\snancrds.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\tcamkbkh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\tevobesr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ujjivnwv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ukssxmod.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\upbcsioj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\urclqecd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\uytabtic.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vhgtvwel.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vntmrykt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vqdsbjso.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\vxpnawsk.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\wjiumwsc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xdyitjoc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xihvkrno.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xkgqbhbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xqedqkpr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xunsrkcf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xwlgdhfs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\xysjgjdy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\yglcrqep.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ymqysuwq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ywssmfiq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\ywuecxwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-5NI21.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-5NI21.tmp\XmlReplacer.exe (Generic.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-60CC4.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\is-60CC4.tmp\XmlReplacer.exe (Generic.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\Temporary Internet Files\Content.IE5\09IZ0X67\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temporary Internet Files\Content.IE5\8V6TYB2L\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\BestsellerAntivirus\ugcw.exe (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP204\A0364014.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP205\A0365060.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP206\A0369264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP206\A0370384.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP206\A0370385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP207\A0371528.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP209\A0380983.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP211\A0381389.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP211\A0383389.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP213\A0394558.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP214\A0399848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP214\A0400894.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP215\A0410212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{278B1A4B-22E0-4AC5-AB77-86FE66B8CBDE}\RP215\A0412211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\FMTR.sys (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAISON\Local Settings\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\amvo2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo4.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo5.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo6.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amvo8.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrpiyawo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\jfiftejt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully.
perso je viderais la quarantaine de malwarebytes et je re démarrerais et je le repasserais pour controle et suivi d'un nouveau hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:47, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender9\bdswitch.exe
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\diplome_impression
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: diplome_impression.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer = 212.217.0.14 196.217.246.210
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Scan saved at 20:35:47, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender9\bdswitch.exe
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\diplome_impression
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: diplome_impression.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer = 212.217.0.14 196.217.246.210
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
bon c'est mieux mais pas encore suffisant tu télécharges OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assurez vous que la case "Unregister Dll 's and Ocx's" soit bien cochée
copie les lignes qui se trouvent en gras ci-dessous,
et colle-les dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Program Files\BestsellerAntivirus\pgs.exe
C:\WINDOWS\system32\avpo.exe
clique sur MoveIt! pour lancer la suppression. S'il propose de redémarrer votre PC, acceptez
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
et tu remets un nouveau hijackthis pour control et pour voir les lignes à fixer merci
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assurez vous que la case "Unregister Dll 's and Ocx's" soit bien cochée
copie les lignes qui se trouvent en gras ci-dessous,
et colle-les dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Program Files\BestsellerAntivirus\pgs.exe
C:\WINDOWS\system32\avpo.exe
clique sur MoveIt! pour lancer la suppression. S'il propose de redémarrer votre PC, acceptez
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
et tu remets un nouveau hijackthis pour control et pour voir les lignes à fixer merci
1) le rapport via OYmoveIt
File/Folder C:\Program Files\BestsellerAntivirus\pgs.exe not found.
C:\WINDOWS\system32\avpo.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06142008_210024
2) Le rapport via hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:30, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender9\bdswitch.exe
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\diplome_impression
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: diplome_impression.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer = 212.217.0.14 196.217.246.210
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
File/Folder C:\Program Files\BestsellerAntivirus\pgs.exe not found.
C:\WINDOWS\system32\avpo.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06142008_210024
2) Le rapport via hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:30, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender9\bdswitch.exe
O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [] C:\WINDOWS\system32\drivers\diplome_impression
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: diplome_impression.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8494C58-4139-4084-BDE0-68D9492C7AF6}: NameServer = 212.217.0.14 196.217.246.210
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
