Avast edition familiale
Résolu/Fermé
A voir également:
- Avast edition familiale
- Macrium reflect 7 free edition - Télécharger - Sauvegarde
- Everest home edition - Télécharger - Informations & Diagnostic
- Avast antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Avast clear - Télécharger - Antivirus & Antimalwares
- Iqvw64e.sys avast ✓ - Forum Virus
51 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
11 sept. 2008 à 19:16
11 sept. 2008 à 19:16
L'infection Bagle avait envahit ton PC d'où le message d'erreur d'Avast.
On continue la désinfection.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Bagle vient d'un crack infecté, arrête de télécharger n'importe quoi.
On continue la désinfection.
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Bagle vient d'un crack infecté, arrête de télécharger n'importe quoi.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
11 sept. 2008 à 18:01
11 sept. 2008 à 18:01
Salut,
Pour vérifier un truc :
---> Télécharge EliBaglA.exe :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
---> Clique en bas de la page sur le bouton Descargar Elibagla.
Enregistre ce fichier sur le bureau.
---> Double-clique sur EliBaglA.exe pour l'ouvrir.
---> Assure-toi que dans le menu déroulant Unidad qu'il y ait bien C:\
Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée.
---> Clique sur le bouton Explorar pour lancer l'analyse.
---> L'analyse finie, redémarre, poste le rapport d'EliBaglA qui se trouve ici C:\InfoSat.txt
Pour vérifier un truc :
---> Télécharge EliBaglA.exe :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
---> Clique en bas de la page sur le bouton Descargar Elibagla.
Enregistre ce fichier sur le bureau.
---> Double-clique sur EliBaglA.exe pour l'ouvrir.
---> Assure-toi que dans le menu déroulant Unidad qu'il y ait bien C:\
Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée.
---> Clique sur le bouton Explorar pour lancer l'analyse.
---> L'analyse finie, redémarre, poste le rapport d'EliBaglA qui se trouve ici C:\InfoSat.txt
pascal_78
Messages postés
504
Date d'inscription
jeudi 10 août 2006
Statut
Membre
Dernière intervention
16 novembre 2014
38
11 sept. 2008 à 17:52
11 sept. 2008 à 17:52
Tu l'a télécharger ou?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
pascal_78
Messages postés
504
Date d'inscription
jeudi 10 août 2006
Statut
Membre
Dernière intervention
16 novembre 2014
38
11 sept. 2008 à 17:56
11 sept. 2008 à 17:56
Tu es sur XP ou vista?
pascal_78
Messages postés
504
Date d'inscription
jeudi 10 août 2006
Statut
Membre
Dernière intervention
16 novembre 2014
38
11 sept. 2008 à 17:59
11 sept. 2008 à 17:59
essais de réinstaller.
Tu as eu un message d'erreur lors de l'installation?
Tu as eu un message d'erreur lors de l'installation?
pascal_78
Messages postés
504
Date d'inscription
jeudi 10 août 2006
Statut
Membre
Dernière intervention
16 novembre 2014
38
11 sept. 2008 à 18:01
11 sept. 2008 à 18:01
supprimes le et réinstalle le, mais normalement l'installation se passe sans problème.
voici le rapport
Thu Sep 11 18:15:19 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Thu Sep 11 18:42:48 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Thu Sep 11 18:43:03 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Sep 11 18:47:55 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.
Thu Sep 11 18:47:58 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Sep 11 18:52:30 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr
Thu Sep 11 18:52:34 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Microsoft Works\WKFUD.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181454.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181455.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181511.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181512.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181513.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181560.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181561.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181562.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181600.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181601.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181602.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181664.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181665.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181666.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181678.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181701.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181702.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181703.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181725.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181726.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181727.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181738.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181739.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181740.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181850.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181855.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181857.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181859.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181881.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181882.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181883.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181893.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181911.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181913.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181914.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182041.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182042.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182043.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182053.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182076.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182077.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182078.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182148.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182223.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183221.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183224.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183225.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183232.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183233.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183355.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183356.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183357.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183366.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183370.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183371.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183377.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183378.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183503.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0184501.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185497.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185498.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185499.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185500.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185503.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1495718.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1500187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15253562.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\15361421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15435640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15448937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15626906.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15638437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16066078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16075640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16274609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\277281.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3012687.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\3057546.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3062312.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\323609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\325328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\339750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\342843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3514234.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\3769656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3975734.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\440390.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\711796.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\720312.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\724468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\745468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\753406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\758093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\778406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\788328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\790484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\868187.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\914484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\921062.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\951953.EXE --> Eliminado Bagle
Nº Total de Directorios: 8659
Nº Total de Ficheros: 75167
Nº de Ficheros Analizados: 12860
Nº de Ficheros Infectados: 103
Nº de Ficheros Limpiados: 103
Thu Sep 11 18:15:19 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle Acceso Denegado.
Thu Sep 11 18:42:48 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.
Thu Sep 11 18:43:03 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Sep 11 18:47:55 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.
Thu Sep 11 18:47:58 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Thu Sep 11 18:52:30 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\HERVé\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr
Thu Sep 11 18:52:34 2008
EliBagle v11.70 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\Microsoft Works\WKFUD.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181454.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181455.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181511.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181512.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1043\A0181513.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181560.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181561.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181562.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181600.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181601.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181602.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181664.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181665.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181666.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181678.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181701.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181702.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181703.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181725.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181726.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181727.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181738.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181739.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181740.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181850.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181855.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181857.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181859.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181881.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181882.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181883.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181893.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181911.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181913.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0181914.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182041.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182042.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182043.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182053.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182076.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182077.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182078.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182148.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0182223.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183221.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183224.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183225.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183232.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183233.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183355.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183356.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183357.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183366.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183370.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183371.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183377.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183378.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0183503.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0184501.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185497.EXE --> Eliminado Bagle
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185498.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185499.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185500.EXE --> Eliminado Bagle.dldr
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185503.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1495718.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1500187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15253562.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\15361421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15435640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15448937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15626906.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15638437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16066078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16075640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16274609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\277281.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3012687.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\3057546.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3062312.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\323609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\325328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\339750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\342843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3514234.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\3769656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3975734.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\440390.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\711796.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\720312.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\724468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\745468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\753406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\758093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\778406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\788328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\790484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\868187.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\914484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\921062.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\951953.EXE --> Eliminado Bagle
Nº Total de Directorios: 8659
Nº Total de Ficheros: 75167
Nº de Ficheros Analizados: 12860
Nº de Ficheros Infectados: 103
Nº de Ficheros Limpiados: 103
voila :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 2
11/09/2008 21:32:41
mbam-log-2008-09-11 (21-32-41).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 119429
Temps écoulé: 1 hour(s), 44 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 203
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hervé\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\config\40084332.Evt (Rootkit.Agent.H) -> Delete on reboot.
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185524.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1007265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1012640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1024203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1026578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1032312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1040406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1045968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1049250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1055000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1067578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1095328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1454500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1468453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1470187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15263250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15306593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15306765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15309546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1535578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15369140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15369250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15385453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1542656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15487265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15514703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15559031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15559062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15562953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15571046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15603359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15621515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15623875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15633140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15653234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15695234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15757281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15797890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15943171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15991140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16003843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16017062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16028156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1603531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16045000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16047859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16079000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16114484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1612078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16161640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1618718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16194156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16253578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16266281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16268062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16303656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16324359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16327140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16388031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16408906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16415515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16769375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16901875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\17117734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1798843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1813906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\258140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\269453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\270687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\284140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3017718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\303125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3035265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3039859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\304296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3073765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\315312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3159890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\316593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3173390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3174656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3188718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3195296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3220828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\322562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3225796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3258625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3265031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3284343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3294062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\331406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\333625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\334593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\339000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\345625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3518593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\352625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3729953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3731546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3780046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3806937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\384703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3848984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3853234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\387109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\390562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3984156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4014515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4016484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4027281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4035218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4062453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4066312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\421296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\426078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\438421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\443921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\446828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\521890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\543859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\545625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\566031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\572109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\594937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\628703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\634609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\649281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\658281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\683296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\698156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\699640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\700640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\702734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\710968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\712796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\714812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\716046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\717031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\721437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\722093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\722906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\729390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\730187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\743687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\746890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\750828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\752609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\753234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\755125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\757812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\766296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\769500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\772359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\784343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\785437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\788218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\799125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\802812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\804234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\806468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\809125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\814906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\823796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\826781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\833203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\837796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\838593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\839421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\845515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\851375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\858781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\859015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\860781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\869375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\871062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\873078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\874937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\885000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\892531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\893156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\899718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\899843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\917890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\921343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\926843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\940156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\942187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\955375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\957796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\958109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\959093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\961812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\963359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\964078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\985187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\986781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\989515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\993078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\995890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\997203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vccwvzm_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vccwvzm_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 2
11/09/2008 21:32:41
mbam-log-2008-09-11 (21-32-41).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 119429
Temps écoulé: 1 hour(s), 44 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 203
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hervé\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\config\40084332.Evt (Rootkit.Agent.H) -> Delete on reboot.
C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP1044\A0185524.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1007265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1012640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1024203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1026578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1032312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1040406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1045968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1049250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1055000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1067578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1095328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1454500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1468453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1470187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15263250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15306593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15306765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15309546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1535578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15369140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15369250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15385453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1542656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15487265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15514703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15559031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15559062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15562953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15571046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15603359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15621515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15623875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15633140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15653234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15695234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15757281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15797890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15943171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15991140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16003843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16017062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16028156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1603531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16045000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16047859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16079000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16114484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1612078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16161640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1618718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16194156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16253578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16266281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16268062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16303656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16324359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16327140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16388031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16408906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16415515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16769375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\16901875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\17117734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1798843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1813906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\258140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\269453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\270687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\284140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3017718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\303125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3035265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3039859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\304296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3073765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\315312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3159890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\316593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3173390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3174656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3188718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3195296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3220828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\322562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3225796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3258625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3265031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3284343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3294062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\331406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\333625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\334593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\339000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\345625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3518593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\352625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3729953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3731546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3780046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3806937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\384703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3848984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3853234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\387109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\390562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3984156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4014515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4016484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4027281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4035218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4062453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4066312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\421296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\426078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\438421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\443921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\446828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\521890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\543859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\545625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\566031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\572109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\594937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\628703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\634609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\649281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\658281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\683296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\698156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\699640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\700640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\702734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\710968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\712796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\714812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\716046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\717031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\721437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\722093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\722906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\729390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\730187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\743687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\746890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\750828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\752609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\753234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\755125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\757812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\766296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\769500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\772359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\784343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\785437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\788218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\799125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\802812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\804234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\806468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\809125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\814906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\823796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\826781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\833203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\837796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\838593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\839421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\845515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\851375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\858781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\859015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\860781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\869375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\871062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\873078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\874937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\885000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\892531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\893156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\899718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\899843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\917890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\921343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\926843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\940156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\942187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\955375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\957796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\958109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\959093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\961812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\963359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\964078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\985187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\986781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\989515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\993078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\995890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\997203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vccwvzm_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vccwvzm_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
11 sept. 2008 à 22:14
11 sept. 2008 à 22:14
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Et voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:08, on 11/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran40perso.IEPlugIn - {397B3223-7D10-11D6-ABC6-00B0D094B576} - C:\Program Files\Systran\4_0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher avec Google... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9F4AA2-1E80-4E21-8C91-8E3B8F1EF84B}: NameServer = 80.10.246.130 81.253.149.10
O20 - Winlogon Notify: wmmres32 - C:\WINDOWS\SYSTEM32\wmmres32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Movie Maker (wmmres32) - Unknown owner - rundll32.exe (file missing)
O24 - Desktop Component 0: (no name) - http://perso.orange.fr/scl/images/CDAmourAnarchie1.jpg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:08, on 11/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran40perso.IEPlugIn - {397B3223-7D10-11D6-ABC6-00B0D094B576} - C:\Program Files\Systran\4_0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher avec Google... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9F4AA2-1E80-4E21-8C91-8E3B8F1EF84B}: NameServer = 80.10.246.130 81.253.149.10
O20 - Winlogon Notify: wmmres32 - C:\WINDOWS\SYSTEM32\wmmres32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Movie Maker (wmmres32) - Unknown owner - rundll32.exe (file missing)
O24 - Desktop Component 0: (no name) - http://perso.orange.fr/scl/images/CDAmourAnarchie1.jpg
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
11 sept. 2008 à 22:23
11 sept. 2008 à 22:23
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
voila :
ComboFix 08-09-10.04 - Hervé 2008-09-11 22:28:32.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.96 [GMT 2:00]
Endroit: C:\Program Files\Programmes téléchargés\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\config\49472178.Evt
C:\WINDOWS\system32\dao350.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Legacy_NPF
-------\Legacy_SROSA
-------\Service_asc3550p
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 22:15 . 2008-09-11 22:15 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 19:37 . 2008-09-11 19:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 19:37 . 2008-09-11 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-11 19:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 19:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 16:37 . 2008-09-09 17:50 <REP> d-------- C:\Program Files\splus
2008-09-07 16:37 . 2005-10-17 18:13 447,488 --a------ C:\WINDOWS\system32\splus.cpl
2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\TechSmith
2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-09-07 16:35 . 2002-12-23 01:01 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-09-07 16:28 . 2008-09-07 16:30 <REP> d-------- C:\Program Files\camtasia studio v3.0.2
2008-09-07 16:09 . 2008-09-07 16:09 <REP> d-------- C:\Program Files\Alwil Software
2008-08-19 17:44 . 2008-08-19 17:45 <REP> d-------- C:\Program Files\Philips
2008-08-19 17:44 . 2008-01-14 16:58 19,840 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-08-14 17:19 . 2005-05-05 10:59 9,918,872 --a------ C:\WINDOWS\wmsetup.exe
2008-08-14 17:19 . 2005-09-18 20:32 1,416,944 --a------ C:\WINDOWS\wmwinxp.exe
2008-08-14 17:19 . 2005-09-18 20:32 1,186,032 --a------ C:\WINDOWS\wm2000.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 20:37 --------- d-----w C:\Program Files\Wanadoo
2008-09-11 20:25 --------- d-----w C:\Program Files\Programmes téléchargés
2008-09-11 16:56 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 18:03 --------- d-----w C:\Program Files\eMule
2008-09-07 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-09-07 08:52 --------- d-----w C:\Program Files\CamStudio
2008-09-07 08:33 --------- d-----w C:\Program Files\HyCam2
2008-08-19 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 16:50 --------- d-----w C:\Program Files\TubeMaster
2008-08-09 09:44 --------- d-----w C:\Program Files\IVCsoft
2008-08-09 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2008-08-05 14:46 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="00" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-10-05 331830]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 28738]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-31 151597]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975]
"Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 44544]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 295936]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="atiptaxx.exe" [2002-07-04 ATI\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmmres32]
2004-09-07 13:04 12288 C:\WINDOWS\system32\wmmres32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.LM20"= lm20.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8112:TCP"= 8112:TCP:messenger
"3658:TCP"= 3658:TCP:messenger
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2003-11-30 2368]
S2 wmmres32;Windows Movie Maker;rundll32.exe C:\WINDOWS\system32\wmmres32.dll,ocib [ ]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237cc8ac-aaf3-11dc-8f59-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4399870e-a41f-11dc-8f4f-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdb3df1-6e05-11dd-9080-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5859fe4-8f7c-11db-8dad-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WorksFUD - C:\Program Files\Microsoft Works\wkfud.exe
HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKU-Default-Run-AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Hervé\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]taqxaia.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 22:38:04
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 22:49:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-11 20:49:02
Pre-Run: 23,276,920,832 octets libres
Post-Run: 23,270,830,080 octets libres
181 --- E O F --- 2008-01-04 19:14:31
ComboFix 08-09-10.04 - Hervé 2008-09-11 22:28:32.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.96 [GMT 2:00]
Endroit: C:\Program Files\Programmes téléchargés\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\InfoSat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\config\49472178.Evt
C:\WINDOWS\system32\dao350.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3550P
-------\Legacy_NPF
-------\Legacy_SROSA
-------\Service_asc3550p
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 22:15 . 2008-09-11 22:15 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 19:37 . 2008-09-11 19:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 19:37 . 2008-09-11 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-11 19:37 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 19:37 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 16:37 . 2008-09-09 17:50 <REP> d-------- C:\Program Files\splus
2008-09-07 16:37 . 2005-10-17 18:13 447,488 --a------ C:\WINDOWS\system32\splus.cpl
2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\TechSmith
2008-09-07 16:35 . 2008-09-07 16:35 <REP> d-------- C:\Program Files\Fichiers communs\TechSmith Shared
2008-09-07 16:35 . 2002-12-23 01:01 110,592 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-09-07 16:28 . 2008-09-07 16:30 <REP> d-------- C:\Program Files\camtasia studio v3.0.2
2008-09-07 16:09 . 2008-09-07 16:09 <REP> d-------- C:\Program Files\Alwil Software
2008-08-19 17:44 . 2008-08-19 17:45 <REP> d-------- C:\Program Files\Philips
2008-08-19 17:44 . 2008-01-14 16:58 19,840 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-08-14 17:19 . 2005-05-05 10:59 9,918,872 --a------ C:\WINDOWS\wmsetup.exe
2008-08-14 17:19 . 2005-09-18 20:32 1,416,944 --a------ C:\WINDOWS\wmwinxp.exe
2008-08-14 17:19 . 2005-09-18 20:32 1,186,032 --a------ C:\WINDOWS\wm2000.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 20:37 --------- d-----w C:\Program Files\Wanadoo
2008-09-11 20:25 --------- d-----w C:\Program Files\Programmes téléchargés
2008-09-11 16:56 --------- d-----w C:\Program Files\Microsoft Works
2008-09-10 18:03 --------- d-----w C:\Program Files\eMule
2008-09-07 09:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-09-07 08:52 --------- d-----w C:\Program Files\CamStudio
2008-09-07 08:33 --------- d-----w C:\Program Files\HyCam2
2008-08-19 15:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 16:50 --------- d-----w C:\Program Files\TubeMaster
2008-08-09 09:44 --------- d-----w C:\Program Files\IVCsoft
2008-08-09 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2008-08-05 14:46 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="00" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-10-05 331830]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 28738]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-08-31 151597]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2004-12-06 36975]
"Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 44544]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 295936]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="atiptaxx.exe" [2002-07-04 ATI\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmmres32]
2004-09-07 13:04 12288 C:\WINDOWS\system32\wmmres32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.LM20"= lm20.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8112:TCP"= 8112:TCP:messenger
"3658:TCP"= 3658:TCP:messenger
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2003-11-30 2368]
S2 wmmres32;Windows Movie Maker;rundll32.exe C:\WINDOWS\system32\wmmres32.dll,ocib [ ]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237cc8ac-aaf3-11dc-8f59-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4399870e-a41f-11dc-8f4f-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcdb3df1-6e05-11dd-9080-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5859fe4-8f7c-11db-8dad-4d6564696130}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WorksFUD - C:\Program Files\Microsoft Works\wkfud.exe
HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKU-Default-Run-AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Hervé\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]taqxaia.default\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 22:38:04
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\Panneau de contrôle ATI\atiptaxx.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 22:49:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-11 20:49:02
Pre-Run: 23,276,920,832 octets libres
Post-Run: 23,270,830,080 octets libres
181 --- E O F --- 2008-01-04 19:14:31
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
12 sept. 2008 à 17:05
12 sept. 2008 à 17:05
- Télécharge RavAntivirus d'Evosla sur ton bureau :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix
- Clique droit sur le fichier rav.zip, puis "Extraire Ici".
- Doucle-clique sur "rav.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
- Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir avant de lancer le fix
- Clique droit sur le fichier rav.zip, puis "Extraire Ici".
- Doucle-clique sur "rav.exe" pour lancer le fix.
- Laisse le programme agir : il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
- En cas d'infections un rapport sera généré : poste-le dans ta prochaine réponse stp.
- Ensuite : retire tes disques amovibles et redémarre le PC.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
12 sept. 2008 à 21:06
12 sept. 2008 à 21:06
Il a trouvé quelque chose ?