Dispatition périphériques audio

Résolu
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention   -  
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
c'est après avoir bcp lu sur ce sujet que je reposte mon problème.
En quelques minutes (progressivement) mes périphériques audio ont disparu . Donc, ds mes propriétés audio, plus rien n'apparait.
Je n'ai pas de conflit (logo jaune) dans les propriétés système. Çà me dit que tout va bien.
J'ai effectué plusieurs opérations sans succès :
- restauration à date ultérieure
- redémarrage de "audio windows" dans les services win
- reinstallation des drivers audio à partir du cd de ma carte mère,
- reinstallation des drivers audio à partir des sites constructeur (realtek et sygma tel ).

Ma config : Système d'exploitation: Microsoft Windows XP Home Edition Service Pack 2
carte mère :
Fabricant ASUSTeK Computer INC.
Produit P5K SE
Version Rev 1.xx
Numéro de série MT7081K04603926
carte son intégrée : sygma tel Major, avec gestionnaire audio HD realtek.

Voilà, j'espère trouver de l'aide (si il faut agir sur le chipset par ex, là c'est les limites de mes compétences...)
D'avance merci ;)
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Installe ceci :
http://www.commentcamarche.net/telecharger/telecharger 34056608 drivers realtek high definition audio pour 2000 xp
1
Réponse 2 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Installe ceci :
http://www.commentcamarche.net/telecharger/telecharger 34056540 pilote intel inf update utility
1
Réponse 3 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
1
Réponse 4 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
T'es infecté par Bagle qui s'attrape dans les cracks.

--> Télécharge FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l'installation avec les paramètres par defaut

--> Double-clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
he tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

--> Double-clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
1
Réponse 6 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Supprime FindyKill

---> Fais ceci :

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
1
Réponse 7 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
/!\ Seul romrick peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

Folder::
C:\Program Files\FindyKill

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"nwiz"=-
"RTHDCPL"=-






---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1
Réponse 8 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Supprime ComboFix, CFScript et le dossier Qoobox situé dans C:\

---> Fais un scan rapide avec MBAM
1
Réponse 9 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Fais ceci :

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
1
Réponse 10 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Tu dois installer un antivirus : je te conseille Antivir ou AVG en gratuit.
1
Réponse 11 / 26
Destrio5 Messages postés 85985 Date d'inscription   Statut Modérateur Dernière intervention   10 302
 
Salut,

Tu as un chipset audio Realtek ALC883 pas Sigmatel.
0
Réponse 12 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
salut, ok mais la réinstall à partir du cd asus ne marche pas.
0
Réponse 13 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
alors, j'ai installé ces drivers : résultat ---> au démarrage, son windows OK, mais après quelques secondes, l'icone du mixeur audio se barre et re plus de periph audio. Virus ?
0
Réponse 14 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
ben pareil...son win au démarrage et puis plus rien.
Et merci beaucoup pour ton aide au fait ;)
0
Réponse 15 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
WAOW ben je suis bien infecté !!! Je poste le long rapport. Mais le son est revenu (pour le moment). Pas de mixer realtek en barre des taches ni celui de windows. maisbon j'ai du son.

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1190
Windows 5.1.2600 Service Pack 2

22/09/2008 11:13:24
mbam-log-2008-09-22 (11-13-24).txt

Type de recherche: Examen rapide
Eléments examinés: 44887
Temps écoulé: 2 minute(s), 56 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 321

Processus mémoire infecté(s):
C:\WINDOWS\system32\drivers\downld\59281.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\100812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\100859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\102093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\103031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\103140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\104875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105800296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105808312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105809031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105813437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105816796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105825937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105828218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105873500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105873656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\105880750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\106203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\107125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\116203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\118312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120300484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120301140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120305296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120306421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120316312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120318390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120384312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120384468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\120390203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\121140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\123140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\123453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\125625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\126687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\127234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\128218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\128359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\130531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\130968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\130984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\133781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\134808968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\134812828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\134818421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\134819375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\134829546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\134916921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\134922937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\135546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\139828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\140281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\140890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\140968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\141828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\141984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\144484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14580281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14580937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14586578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14594562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14596812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14619953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14620656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14634984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14637156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14641562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14647781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\146734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14680734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14686328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\147078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14764531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14765187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14799640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14808265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\148937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14896765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14902437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149336234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149337109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149342640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149343125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149351140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149353843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149397531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\149409312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\150046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\152156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\152640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\153125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\153921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\155140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\156328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\157765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\159015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\159328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\162015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163828375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163829156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163837046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163838156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163848312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163850796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163896250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163922671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\171984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\174281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178337875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178338531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178344218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178345453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178352500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178354703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178406531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178432656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\184187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192846796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192847578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192852078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192853984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192881640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192883859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192931468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\192940453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\194578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\197203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\200828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\203593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\227031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\233671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\251000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\260453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29100406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29105875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29106593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29270578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29273140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29316953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29317593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29322250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29327203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29328000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29340421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29342406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29387421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29393421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\296640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\303562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33305296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33306015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33311593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33312640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33320968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33323125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33367125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\33373046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43744281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43745000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43772468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43774468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43788453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43790640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43830062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43830796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43842187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43859203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43861421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43868437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43878328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43914515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\43922265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\47788921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\47789625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\47796953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\47805031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\47807171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\47852828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\47858781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\48796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\48875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\49671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4978265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4978906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4986453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\49937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\4996531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\5000000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\50109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\50343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\5036718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\50390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\5058953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\5065125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\50671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\50796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\50843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\51125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\52000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\53156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\53296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\53968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\53984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\54687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\54734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\54953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\56578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\57546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\58453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\59093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\59281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\60968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\61296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62274312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62275093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62306359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62307296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62314625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62316640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62361421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62367046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\63406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\65703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\65734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\67671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\68390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\68750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\68906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\69625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\70265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\70515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\70640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\70890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\71156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\71203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\71593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\71640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\72343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\72437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\72484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\73125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\73234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\73375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\73765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\73796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\74468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\74531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\74671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\75312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\75375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\75812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76779796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76786718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76787390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76796062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76797968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76823578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76825812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76877531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\76883515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\77171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\77250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\78031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\78484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\79250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\79625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\80093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\80109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\80875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\81578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\81828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\82109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\82250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\83046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\83234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\83687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\86203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\86421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\86828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\87406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\88093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\88656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\90093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\90375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\90796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91315343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91315984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91321812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91323218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91331125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91333281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91378484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91379234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91385281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\91531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\92250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\93015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\93125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\93156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\93562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\93875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\95781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\98390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\98765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\99781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
0
Réponse 16 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Bravo à toi destrio5, réponses pertinentes et quasi en temps réel. Site utile avec internautes compétents. Que dire de plus : un grand MERCI !
Suis ouvert à des tuyaux de sécurité sur les trojans (fixes). Mais mon problème est résolu.
0
Réponse 17 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
----------------- FindyKill V3.095 ------------------


* User : akhnot Platform : Windows XP
* Emplacement : C:\Program Files\FindyKill\FindyKill.exe
* Outils Mis a jours le 22/09/08 par Chiquitine29
* Recherche effectuée à 11:58:26 le 22/09/2008


----------------- *** Recherche *** ------------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Present ! - C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Present ! - C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Présent ! - C:\WINDOWS\system32\mdelk.exe
Présent ! - C:\WINDOWS\system32\wintems.exe
Présent ! - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Présent ! - C:\WINDOWS\system32\drivers\srosa.sys
Présent ! - C:\WINDOWS\system32\drivers\hldrrr.exe
Présent ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Presence des fichiers dans C:\Documents and Settings\akhnot\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\akhnot\LOCALS~1\Temp

Present ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\Rar$LS00.094
Present ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\Rar$LS03.375
Present ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\PatchByFile.tmp

»»»» Registre :

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
itype REG_SZ "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
IntelliPoint REG_SZ "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SecurDisc REG_SZ C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
InCD REG_SZ C:\Program Files\Nero\Nero 7\InCD\InCD.exe
CloneCDTray REG_SZ "C:\[ UTILZ ]\CloneCD\CloneCDTray.exe" /s
Adobe Reader Speed Launcher REG_SZ "C:\[ UTILZ ]\acrobat reader\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\[ VIDEO ]\quicktime\QTTask.exe" -atboottime
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Ulead AutoDetector v2 REG_SZ C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
D-Link AirPlus XtremeG REG_SZ C:\[ DRIVERS ]\WI-FI\AirPlusCFG.exe
ANIWZCS2Service REG_SZ C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools Lite REG_SZ "C:\[ UTILZ ]\daemontoolz\DAEMON Tools Lite\daemon.exe" -autorun
TrueTransparency REG_SZ "C:\[ LOISIRS ]\truetransparency-crystalxp.net-fr-5139\TrueTransparency\TrueTransparency.exe"
Google Update REG_SZ "C:\Documents and Settings\akhnot\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\hldrrr
Présent ! - HKEY_CURRENT_USER\Software\bisoft
Présent ! - HKEY_CURRENT_USER\Software\DateTime4
Présent ! - HKEY_CURRENT_USER\Software\FirtR

»»»» Presence d infections dans Support amovible :



----------- ! Recherche realisée avec success ! -----------
0
Réponse 18 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
----------------- FindyKill V3.O85 -----------------


* User : akhnot Platform : Windows XP
* Suppression effectuée à 15:13:04 le 22/09/2008
* Emplacement : C:\Program Files\FindyKill\FindyKill.exe
* Outils Mis a jours le 22/09/08 par Chiquitine29



-----------------*** Suppression ***----------------



»»»» Suppression des fichiers dans C:


»»»» Suppression des fichiers dans C:\WINDOWS


»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch

Supprimé ! - C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Supprimé ! - C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf

»»»» Suppression des fichiers dans C:\WINDOWS\system32

Supprimé ! - C:\WINDOWS\system32\mdelk.exe
Supprimé ! - C:\WINDOWS\system32\wintems.exe
Supprimé ! - C:\WINDOWS\system32\ban_list.txt

»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers

Supprimé ! - C:\WINDOWS\system32\drivers\srosa.sys
Supprimé ! - C:\WINDOWS\system32\drivers\hldrrr.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\117390.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\129359.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\135359.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\47828.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\48656.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\50312.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\51046.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\54421.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\57984.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\65859.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\68218.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\84593.exe
Supprimé ! - C:\WINDOWS\system32\drivers\downld\86734.exe
Supprimé ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Suppression des fichiers dans C:\Documents and Settings\akhnot\Application Data


»»»» Suppression des fichiers dans C:\DOCUME~1\akhnot\LOCALS~1\Temp

Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\13f85f.mst
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\169b4b.mst
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\184_appcompat.txt
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\2b95a1a.mst
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\3B5DC6D.dmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\49bc_appcompat.txt
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\4aea_appcompat.txt
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\510276.dmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\94517B.dmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\9C3613F.dmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd29B5.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd29C3.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd29CA.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd29DC.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd68.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd77.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd86.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acd96.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\acdB1.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\AE32508.dmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\ambassade_cg_2008.pdf
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\Arabic.bin
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\ASPNETSetup.log
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\ASPNETSetup_00000.log
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\BCG6.tmp
Supprimé ! - C:\DOCUME~1\akhnot\LOCALS~1\Temp\BCG7.tmp

»»»» Suppression des clefs du registre..

Supprimé ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Supprimé ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Supprimé ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Supprimé ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA

»»»» Suppression des clefs du registre effectuée !


»»»» Affichage des fichiers cachés réparé !


»»»» Services de securité Windows redemarré !


»»»» Suppression des fichiers temporaires :


»»»»»»»»»»»»»»»»»»»» OK!
0
Réponse 19 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
ComboFix 08-09-20.05 - akhnot 2008-09-23 0:53:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2869 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\akhnot\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
.

2008-09-22 11:58 . 2008-09-23 00:52 <REP> d-------- C:\Program Files\FindyKill
2008-09-22 11:08 . 2008-09-22 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 11:08 . 2008-09-22 11:08 <REP> d-------- C:\Documents and Settings\akhnot\Application Data\Malwarebytes
2008-09-22 11:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 11:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 09:58 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-09-22 02:17 . 2008-09-22 02:17 <REP> d-------- C:\cabs
2008-09-22 02:01 . 2008-08-05 20:10 1,684,736 --a------ C:\WINDOWS\system32\drivers\Ambfilt.sys
2008-09-22 02:01 . 2006-01-04 15:41 1,389,056 --a------ C:\WINDOWS\system32\drivers\Monfilt.sys
2008-09-22 01:41 . 2008-06-19 16:20 57,344 --a------ C:\WINDOWS\ALCMTR.EXE
2008-09-17 11:36 . 1998-06-23 04:00 525,352 --a------ C:\WINDOWS\system32\Dbgrid32.ocx
2008-09-17 10:09 . 2008-09-17 10:11 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-09-17 09:36 . 2008-09-17 09:36 <REP> d-------- C:\Program Files\MSECache
2008-09-06 20:54 . 2008-09-06 21:02 10 --a------ C:\WINDOWS\popcinfo.dat
2008-09-06 20:53 . 2008-09-06 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-09-06 20:53 . 2008-09-06 20:53 <REP> d-------- C:\Documents and Settings\akhnot\Application Data\Zylom
2008-08-28 03:07 . 2008-08-28 03:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-08-28 03:07 . 2008-08-28 03:07 <REP> d-------- C:\Documents and Settings\akhnot\Application Data\X-Setup Pro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 10:26 --------- d-----w C:\Documents and Settings\akhnot\Application Data\OpenOffice.org2
2008-09-22 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 00:01 319,488 ----a-w C:\WINDOWS\HideWin.exe
2008-09-21 23:41 --------- d-----w C:\Program Files\Realtek
2008-09-20 01:18 --------- d-----w C:\Documents and Settings\akhnot\Application Data\GrabIt
2008-09-17 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 16:39 16,851,968 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-09-09 16:07 4,813,824 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-08-19 11:26 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE
2008-08-06 13:51 1,200,128 ----a-w C:\WINDOWS\RtlUpd.exe
2008-08-02 08:45 --------- d-----w C:\Program Files\WinFlip
2008-07-29 13:42 528,384 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-07-26 15:51 --------- d-----w C:\Program Files\ANI
2008-07-25 18:44 --------- d-----w C:\Program Files\Java
2008-07-25 11:55 --------- d-----w C:\Documents and Settings\akhnot\Application Data\uTorrent
2008-07-25 11:54 --------- d-----w C:\Program Files\uTorrent
2008-07-02 10:19 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-07-02 10:19 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-07-02 10:19 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-07-02 10:19 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-07-02 10:17 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-07-02 10:17 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-07-02 10:17 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-06-25 08:28 51,570 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-25 08:28 4,835 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-25 08:28 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

------- Sigcheck -------

2006-03-02 14:00 1138176 bfc6bc83231984030ec672323c9d8865 C:\WINDOWS\system32\wininet.dll
2006-03-02 14:00 1138176 bfc6bc83231984030ec672323c9d8865 C:\WINDOWS\system32\dllcache\wininet.dll

2006-03-02 14:00 3198464 cbd11120f0aef7e7567fb04ba1236fdf C:\WINDOWS\explorer.exe
2006-03-02 14:00 3198464 cbd11120f0aef7e7567fb04ba1236fdf C:\WINDOWS\system32\dllcache\explorer.exe

2006-03-02 14:00 104448 2a51fc3bd21f044440b0f01fc78e8620 C:\WINDOWS\system32\wuauclt.exe
2006-03-02 14:00 104448 2a51fc3bd21f044440b0f01fc78e8620 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"DAEMON Tools Lite"="C:\[ UTILZ ]\daemontoolz\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"TrueTransparency"="C:\[ LOISIRS ]\truetransparency-crystalxp.net-fr-5139\TrueTransparency\TrueTransparency.exe" [2008-06-24 21:19 372224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-10-03 851976]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"CloneCDTray"="C:\[ UTILZ ]\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"Adobe Reader Speed Launcher"="C:\[ UTILZ ]\acrobat reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\[ VIDEO ]\quicktime\QTTask.exe" [2008-05-27 10:50 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-09-22 90112]
"D-Link AirPlus XtremeG"="C:\[ DRIVERS ]\WI-FI\AirPlusCFG.exe" [2006-07-07 11:56 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 49152]
"nwiz"="nwiz.exe" [2007-12-04 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

C:\Documents and Settings\akhnot\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]
RocketDock.lnk - C:\[ UTILZ ]\themexp\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48 344064]
UberIcon.lnk - C:\[ UTILZ ]\themexp\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\[ JEUX ]\\NN2\\nwn2main.exe"=
"C:\\[ JEUX ]\\NN2\\nwn2main_amdxp.exe"=
"C:\\[ JEUX ]\\NN2\\nwupdate.exe"=
"C:\\[ JEUX ]\\NN2\\nwn2server.exe"=
"C:\\[ JEUX ]\\Le Seigneur des anneaux Online\\lotroclient.exe"=
"C:\\[ P2P ]\\eMule\\emule.exe"=
"C:\\[ INTERNET ]\\amsn\\bin\\wish.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]

*Newly Created Service* - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\akhnot\Application Data\Mozilla\Firefox\Profiles\4z9xblv8.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - C:\[ INTERNET ]\plugins\np-mswmp.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npdivx32.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npnul32.dll
FF -: plugin - C:\[ INTERNET ]\plugins\NPOFF12.DLL
FF -: plugin - C:\[ INTERNET ]\plugins\nppdf32.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npqtplugin.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npqtplugin2.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npqtplugin3.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npqtplugin4.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npqtplugin5.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npqtplugin6.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npqtplugin7.dll
FF -: plugin - C:\[ INTERNET ]\plugins\NPSWF32.dll
FF -: plugin - C:\[ INTERNET ]\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\[ UTILZ ]\acrobat reader\Reader\browser\nppdf32.dll
FF -: plugin - C:\[ VIDEO ]\divx\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - C:\[ VIDEO ]\divx\DivX Web Player\npdivx32.dll
FF -: plugin - C:\[ VIDEO ]\quicktime\Plugins\npqtplugin.dll
FF -: plugin - C:\[ VIDEO ]\quicktime\Plugins\npqtplugin2.dll
FF -: plugin - C:\[ VIDEO ]\quicktime\Plugins\npqtplugin3.dll
FF -: plugin - C:\[ VIDEO ]\quicktime\Plugins\npqtplugin4.dll
FF -: plugin - C:\[ VIDEO ]\quicktime\Plugins\npqtplugin5.dll
FF -: plugin - C:\[ VIDEO ]\quicktime\Plugins\npqtplugin6.dll
FF -: plugin - C:\[ VIDEO ]\quicktime\Plugins\npqtplugin7.dll
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 00:55:21
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-23 0:56:03
ComboFix-quarantined-files.txt 2008-09-22 22:55:53

Avant-CF: 11ÿ445ÿ972ÿ992 octets libres
Après-CF: 11,439,112,192 octets libres

164
0
Réponse 20 / 26
romrick Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
NB : Le PC s'est bloqué au moment de la fermeture de windows. J'ai fait reset. Mais le rapport s'est quand même affiché, le voici. Si besoin je peux refaire l'opération.




ComboFix 08-09-20.05 - akhnot 2008-09-23 9:17:37.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2901 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\akhnot\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\akhnot\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FindyKill

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-23 09:28 . 2008-09-23 09:28 <REP> d-------- C:\WINDOWS\system32\drivers\downld
2008-09-23 08:22 . 2008-09-23 08:28 <REP> d-------- C:\Documents and Settings\akhnot\Application Data\Winamp
2008-09-22 11:08 . 2008-09-22 11:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 11:08 . 2008-09-22 11:08 <REP> d-------- C:\Documents and Settings\akhnot\Application Data\Malwarebytes
2008-09-22 11:08 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 11:08 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 09:58 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-09-22 02:17 . 2008-09-22 02:17 <REP> d-------- C:\cabs
2008-09-22 02:01 . 2008-08-05 20:10 1,684,736 --a------ C:\WINDOWS\system32\drivers\Ambfilt.sys
2008-09-22 02:01 . 2006-01-04 15:41 1,389,056 --a------ C:\WINDOWS\system32\drivers\Monfilt.sys
2008-09-22 01:41 . 2008-06-19 16:20 57,344 --a------ C:\WINDOWS\ALCMTR.EXE
2008-09-17 11:36 . 1998-06-23 04:00 525,352 --a------ C:\WINDOWS\system32\Dbgrid32.ocx
2008-09-17 10:09 . 2008-09-17 10:11 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-09-17 09:36 . 2008-09-17 09:36 <REP> d-------- C:\Program Files\MSECache
2008-09-06 20:54 . 2008-09-06 21:02 10 --a------ C:\WINDOWS\popcinfo.dat
2008-09-06 20:53 . 2008-09-06 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-09-06 20:53 . 2008-09-06 20:53 <REP> d-------- C:\Documents and Settings\akhnot\Application Data\Zylom
2008-08-28 03:07 . 2008-08-28 03:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-08-28 03:07 . 2008-08-28 03:07 <REP> d-------- C:\Documents and Settings\akhnot\Application Data\X-Setup Pro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 07:28 --------- d-----w C:\Documents and Settings\akhnot\Application Data\OpenOffice.org2
2008-09-22 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-22 00:01 319,488 ----a-w C:\WINDOWS\HideWin.exe
2008-09-21 23:41 --------- d-----w C:\Program Files\Realtek
2008-09-20 01:18 --------- d-----w C:\Documents and Settings\akhnot\Application Data\GrabIt
2008-09-17 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 16:39 16,851,968 ----a-w C:\WINDOWS\RTHDCPL.EXE
2008-09-09 16:07 4,813,824 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-08-19 11:26 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE
2008-08-06 13:51 1,200,128 ----a-w C:\WINDOWS\RtlUpd.exe
2008-08-02 08:45 --------- d-----w C:\Program Files\WinFlip
2008-07-29 13:42 528,384 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-07-26 15:51 --------- d-----w C:\Program Files\ANI
2008-07-25 18:44 --------- d-----w C:\Program Files\Java
2008-07-25 11:55 --------- d-----w C:\Documents and Settings\akhnot\Application Data\uTorrent
2008-07-25 11:54 --------- d-----w C:\Program Files\uTorrent
2008-07-02 10:19 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-07-02 10:19 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-07-02 10:19 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-07-02 10:19 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-07-02 10:17 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-07-02 10:17 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-07-02 10:17 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-06-25 08:28 51,570 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-25 08:28 4,835 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

------- Sigcheck -------

2006-03-02 14:00 1138176 bfc6bc83231984030ec672323c9d8865 C:\WINDOWS\system32\wininet.dll
2006-03-02 14:00 1138176 bfc6bc83231984030ec672323c9d8865 C:\WINDOWS\system32\dllcache\wininet.dll

2006-03-02 14:00 3198464 cbd11120f0aef7e7567fb04ba1236fdf C:\WINDOWS\explorer.exe
2006-03-02 14:00 3198464 cbd11120f0aef7e7567fb04ba1236fdf C:\WINDOWS\system32\dllcache\explorer.exe

2006-03-02 14:00 104448 2a51fc3bd21f044440b0f01fc78e8620 C:\WINDOWS\system32\wuauclt.exe
2006-03-02 14:00 104448 2a51fc3bd21f044440b0f01fc78e8620 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"DAEMON Tools Lite"="C:\[ UTILZ ]\daemontoolz\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"TrueTransparency"="C:\[ LOISIRS ]\truetransparency-crystalxp.net-fr-5139\TrueTransparency\TrueTransparency.exe" [2008-06-24 21:19 372224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-04 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-04 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-10-03 851976]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2006-10-03 851976]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"CloneCDTray"="C:\[ UTILZ ]\CloneCD\CloneCDTray.exe" [2005-05-19 15:47 57344]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-09-22 90112]
"D-Link AirPlus XtremeG"="C:\[ DRIVERS ]\WI-FI\AirPlusCFG.exe" [2006-07-07 11:56 1323008]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 49152]
"WinampAgent"="C:\[ AUDIO ]\Winamp\winampa.exe" [2008-08-04 01:02 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

C:\Documents and Settings\akhnot\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]
RocketDock.lnk - C:\[ UTILZ ]\themexp\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48 344064]
UberIcon.lnk - C:\[ UTILZ ]\themexp\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\[ JEUX ]\\NN2\\nwn2main.exe"=
"C:\\[ JEUX ]\\NN2\\nwn2main_amdxp.exe"=
"C:\\[ JEUX ]\\NN2\\nwupdate.exe"=
"C:\\[ JEUX ]\\NN2\\nwn2server.exe"=
"C:\\[ JEUX ]\\Le Seigneur des anneaux Online\\lotroclient.exe"=
"C:\\[ P2P ]\\eMule\\emule.exe"=
"C:\\[ INTERNET ]\\amsn\\bin\\wish.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 347648]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 09:28:59
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\[ DRIVERS ]\WI-FI\AirPlusCFG.exe
C:\[ AUDIO ]\Winamp\winampa.exe
C:\[ UTILZ ]\daemontoolz\DAEMON Tools Lite\daemon.exe
C:\[ LOISIRS ]\truetransparency-crystalxp.net-fr-5139\TrueTransparency\TrueTransparency.exe
C:\[ UTILZ ]\themexp\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
C:\[ UTILZ ]\themexp\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\ComboFix\pv.cfexe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-23 9:31:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-23 07:30:59
ComboFix2.txt 2008-09-23 07:16:32
ComboFix3.txt 2008-09-22 22:56:04

Avant-CF: 11ÿ465ÿ359ÿ360 octets libres
Après-CF: 11,456,135,168 octets libres

156
0