Virus "your computer is infected"

miskizou -  
 miskizou -
Bonjour,
Mon ordinateur est infecté par le virus "your computer is infected", ca m'empeche d'envoyer des fichier de mon ordi par mail, ca maffiche des pub sans arret (meme des pages porno). Dernierement mon fond d'ecran est devenu tout bleu avec des message d'alerte en fond "your computer has a several fatals error due to spyware activity"...
j'espere que ce qu'on va dit va changer tout ca.
J'envoie le premier rapport de smitfraudfix:
SmitFraudFix v2.381

Rapport fait à 14:56:51,48, 09/12/2008
Executé à partir de C:\Documents and Settings\Multiservices\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$QUADBASE\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
C:\Program Files\Companion Suite Pro LM2\MFServices.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\brastk.exe PRESENT !
C:\WINDOWS\system32\karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="karna.dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\uesiuqcr.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK

C:\WINDOWS\system32\drivers\beep.sys infecté !


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/1000 CT Network Connection
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



je vais poursuivre ce qui ai dit j'enverrai le second rapport...
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
Ben92
 
L'idéal, à ce niveau, serait de formater ton disque et de réinstaller ton système. Sinon, télécharge MalwareBytes et Avira, mets à jour et lance l'analyse.
0
Réponse 2 / 31
zorinho Messages postés 829 Statut Membre 51
 
Salut,

relance Smitfraudfix en mode sans échec et clique sur la fonction 2

A plus

Zor
0
Réponse 3 / 31
miskizou
 
voici le second rapport, mais CA N'A RIEN CHANGE, j'ai toujours, les message qui s'affiche (your computer is infected) et le fond d'écran bleu avec tout le tralala ecrit (attetion, ordi infecté....)

SmitFraudFix v2.381

Rapport fait à 15:43:09,59, 09/12/2008
Executé à partir de C:\Documents and Settings\Multiservices\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$QUADBASE\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
C:\Program Files\Companion Suite Pro LM2\MFServices.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\default.htm PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\Delete_Me_Dummy_karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\uesiuqcr.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/1000 CT Network Connection
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



POURTANT J'AI SUIVI TOUT CE QUI éTAIT EXPLIQUE... que faire a ce niveau. Formater l'ordi, est ce vraiment une bonne idée, sioui, comment s'y prend t-on, faut-il sauvegarder toutes les données (genre les fichiers word)??

MERCI POUR VOS REPONSES
0
Réponse 4 / 31
miskizou
 
quand je dis que j'ai envoyé le second rapport, c'est le rapport après ce que Zorhino à dit: j'ai redemarré en mode sans echec, fait l'option 2 il m'ont ecrit des truc j'ai dit oui puis redemarré en mode normal.
Rien a changé...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
zorinho Messages postés 829 Statut Membre 51
 
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

et:

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

A plus

Zor
0
Réponse 6 / 31
miskizou
 
EN TOUT CAS MERCI ZOR POUR TA REPONSE, voici l'analyse de navilog1, je poursuis ce que tu ma dis et te dis quoi:


Search Navipromo version 3.6.9 commencé le 09/12/2008 à 16:36:23,84

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Multiservices"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Multiservices\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Multiservices\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Multiservices\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Multiservices\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Multiservices\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\WGjStBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 09/12/2008 à 16:44:07,62 ***
0
Réponse 7 / 31
georges86400 Messages postés 1893 Statut Membre 143
 
Bonjour
essaye avec malwaresbytes
0
Réponse 8 / 31
miskizou
 
VOICI LE SECOND RAPPORT de lop


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Version 5.00 R2.14.1561.01
USER : Multiservices ( Administrator )
BOOT : Normal boot
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 09/12/2008|16:50 )

--------------------\\ Listing des dossiers dans APPLIC~1


[04/10/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[19/04/2005|15:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/10/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[04/10/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[06/11/2008|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/09/2008|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
[09/12/2008|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[17/09/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[15/09/2008|11:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
[09/11/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[21/09/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[30/11/2008|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[16/07/2004|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[15/07/2004|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[17/09/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[23/01/2004|10:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[23/01/2004|10:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[23/01/2004|10:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[15/09/2008|21:16] C:\DOCUME~1\MULTIS~1\APPLIC~1\Adobe
[07/06/2004|09:29] C:\DOCUME~1\MULTIS~1\APPLIC~1\AdobeUM
[01/02/2005|11:16] C:\DOCUME~1\MULTIS~1\APPLIC~1\Ahead
[19/10/2008|16:59] C:\DOCUME~1\MULTIS~1\APPLIC~1\Apple Computer
[02/11/2007|07:33] C:\DOCUME~1\MULTIS~1\APPLIC~1\ArcSoft
[02/06/2004|10:02] C:\DOCUME~1\MULTIS~1\APPLIC~1\Copernic
[23/01/2004|12:31] C:\DOCUME~1\MULTIS~1\APPLIC~1\Help
[13/11/2008|12:15] C:\DOCUME~1\MULTIS~1\APPLIC~1\Icone
[23/01/2004|10:59] C:\DOCUME~1\MULTIS~1\APPLIC~1\Identities
[10/11/2008|10:41] C:\DOCUME~1\MULTIS~1\APPLIC~1\InstallShield
[10/11/2008|10:45] C:\DOCUME~1\MULTIS~1\APPLIC~1\LG Electronics
[08/12/2008|21:51] C:\DOCUME~1\MULTIS~1\APPLIC~1\LimeWire
[01/02/2005|11:24] C:\DOCUME~1\MULTIS~1\APPLIC~1\Macromedia
[18/09/2008|20:39] C:\DOCUME~1\MULTIS~1\APPLIC~1\Microsoft
[06/11/2008|23:31] C:\DOCUME~1\MULTIS~1\APPLIC~1\ScanSoft
[21/09/2008|09:58] C:\DOCUME~1\MULTIS~1\APPLIC~1\skypePM
[23/01/2004|10:47] C:\DOCUME~1\MULTIS~1\APPLIC~1\Sun
[06/02/2007|12:04] C:\DOCUME~1\MULTIS~1\APPLIC~1\U3

[20/07/2004|12:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[09/12/2008 15:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/07/2005|14:45] C:\Program Files\Adobe
[01/02/2005|11:05] C:\Program Files\Ahead
[19/05/2006|13:21] C:\Program Files\Alwil Software
[23/01/2004|11:04] C:\Program Files\Analog Devices
[04/10/2008|21:40] C:\Program Files\Apple Software Update
[04/05/2008|21:18] C:\Program Files\Archive
[20/09/2008|10:59] C:\Program Files\ArcSoft
[04/10/2008|21:44] C:\Program Files\Bonjour
[26/11/2008|11:06] C:\Program Files\CCleaner
[23/01/2004|10:46] C:\Program Files\Common Files
[27/06/2008|10:32] C:\Program Files\Companion OneTouch
[06/11/2008|23:04] C:\Program Files\Companion Suite Pro LM
[06/11/2008|23:30] C:\Program Files\Companion Suite Pro LM2
[23/01/2004|10:41] C:\Program Files\ComPlus Applications
[01/02/2005|09:32] C:\Program Files\Copernic Agent
[23/10/2008|10:22] C:\Program Files\Fichiers communs
[23/01/2004|13:00] C:\Program Files\HighMAT CD Writing Wizard
[24/05/2004|07:41] C:\Program Files\i-Media
[10/11/2008|10:43] C:\Program Files\InstallShield Installation Information
[18/09/2008|09:06] C:\Program Files\Internet Explorer
[04/10/2008|21:45] C:\Program Files\iPod
[21/06/2004|07:55] C:\Program Files\i-Timtel
[04/10/2008|21:45] C:\Program Files\iTunes
[15/09/2008|21:29] C:\Program Files\Java
[04/09/2008|15:36] C:\Program Files\Kodak
[10/11/2008|10:43] C:\Program Files\LG Electronics
[10/11/2008|10:42] C:\Program Files\LG PC Suite 2
[15/09/2008|21:22] C:\Program Files\LimeWire
[16/09/2008|21:54] C:\Program Files\Messenger
[23/01/2004|10:49] C:\Program Files\microsoft frontpage
[27/11/2008|10:39] C:\Program Files\Microsoft Office
[01/06/2004|15:28] C:\Program Files\Microsoft SQL Server
[18/05/2004|17:26] C:\Program Files\Microsoft Visual Studio
[09/09/2004|16:44] C:\Program Files\Microsoft Works
[18/05/2004|17:25] C:\Program Files\Microsoft.NET
[01/02/2005|06:24] C:\Program Files\Movie Maker
[23/01/2004|10:41] C:\Program Files\MSN
[23/01/2004|10:41] C:\Program Files\MSN Gaming Zone
[17/09/2008|10:35] C:\Program Files\MSN Toolbar
[16/09/2008|21:52] C:\Program Files\MSXML 4.0
[09/12/2008|16:44] C:\Program Files\Navilog1
[01/02/2005|06:21] C:\Program Files\NetMeeting
[22/09/2004|14:37] C:\Program Files\Network Print Monitor
[01/02/2005|07:15] C:\Program Files\OfficeUpdate11
[15/09/2008|10:06] C:\Program Files\OrangeHSS
[01/02/2005|06:21] C:\Program Files\Outlook Express
[04/10/2008|21:43] C:\Program Files\QuickTime
[04/05/2008|21:24] C:\Program Files\sagem
[06/11/2008|23:22] C:\Program Files\ScanSoft
[11/09/2008|20:22] C:\Program Files\Securitoo
[23/01/2004|10:43] C:\Program Files\Services en ligne
[15/09/2008|11:34] C:\Program Files\Siber Systems
[30/11/2008|15:39] C:\Program Files\Spybot - Search & Destroy
[08/10/2004|12:13] C:\Program Files\TightVNC
[01/02/2005|04:36] C:\Program Files\UIU
[01/06/2004|15:28] C:\Program Files\Uninstall Information
[23/01/2004|13:04] C:\Program Files\Windows Journal Viewer
[17/09/2008|10:41] C:\Program Files\Windows Live
[20/09/2008|11:07] C:\Program Files\Windows Media Player
[01/02/2005|06:21] C:\Program Files\Windows NT
[15/09/2008|10:54] C:\Program Files\WindowsUpdate
[23/01/2004|10:49] C:\Program Files\xerox
[09/12/2008|14:33] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[17/05/2004|12:59] C:\Program Files\Fichiers communs\Adobe
[19/07/2004|11:53] C:\Program Files\Fichiers communs\Ahead
[04/10/2008|21:42] C:\Program Files\Fichiers communs\Apple
[24/05/2004|12:45] C:\Program Files\Fichiers communs\Copernic
[18/05/2004|17:26] C:\Program Files\Fichiers communs\DESIGNER
[11/09/2008|20:21] C:\Program Files\Fichiers communs\France Telecom
[06/11/2008|23:19] C:\Program Files\Fichiers communs\InstallShield
[23/01/2004|10:47] C:\Program Files\Fichiers communs\Java
[02/11/2005|12:14] C:\Program Files\Fichiers communs\KAV Shared Files
[04/09/2008|15:35] C:\Program Files\Fichiers communs\Kodak
[15/07/2004|10:29] C:\Program Files\Fichiers communs\L&H Shared
[17/09/2008|10:40] C:\Program Files\Fichiers communs\Microsoft Shared
[23/01/2004|10:42] C:\Program Files\Fichiers communs\MSSoap
[23/01/2004|10:15] C:\Program Files\Fichiers communs\ODBC
[06/11/2008|23:19] C:\Program Files\Fichiers communs\ScanSoft Shared
[23/01/2004|10:42] C:\Program Files\Fichiers communs\Services
[23/01/2004|10:15] C:\Program Files\Fichiers communs\SpeechEngines
[01/02/2005|06:21] C:\Program Files\Fichiers communs\System
[17/09/2008|10:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 50 Processes )

iexplore.exe ~ [PID:3828]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\MULTIS~1\Cookies\multiservices@adultfriendfinder[2].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@advertising[1].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@www.skyupadvertising[2].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@bigpoint[2].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@fr.thepimps.bigpoint[2].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@fr1.darkorbit.bigpoint[1].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@banner.cotedazurpalace[2].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@banner.cotedazurpalace[3].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@cotedazurpalace[2].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@www.cotedazurpalace[1].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@adopt.euroclick[2].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@2xmoinscher[1].txt
C:\DOCUME~1\MULTIS~1\Cookies\multiservices@cc.2xmoinscher[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 16:55:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\WGjStBeg.ini
C:\WINDOWS\system32\WGjStBeg.ini2
C:\WINDOWS\system32\geBtSjGW.dll
[b]==> VUNDO <==/b



[F:57][D:16]-> C:\DOCUME~1\MULTIS~1\LOCALS~1\Temp
[F:823][D:0]-> C:\DOCUME~1\MULTIS~1\Cookies
[F:2286][D:21]-> C:\DOCUME~1\MULTIS~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 09/12/2008|16:58 - Option : [1]

--------------------\\ Fin du rapport a 16:58:17
0
Réponse 9 / 31
zorinho Messages postés 829 Statut Membre 51
 
Salut

1) télécharge CCleaner https://www.malekal.com/tutoriel-ccleaner/

Comme indiqué dans le tutorial, applique les étapes
- installer (attention ne pas installer la barre yahoo toolbar)
- nettoyage
- recherche des erreurs


2) fais un scan avec Superantispyware
https://www.commentcamarche.net/telecharger/ 34055294 superantispyware

Fais les mises à jour..et en scan en mode sans échec examen complet

Avant cela, tu auras éliminé les cookies en faisant un nettoyage avec CCleaner.

Le tuto de superantispyware: http://xp.net.free.fr/tutos/SAS2.php


Colle le rapport Superantiisyware (voir tuto)


A plus

Zor
0
Réponse 10 / 31
miskizou
 
il doit y avoir une erreur dans l'adresse de superantispyware car ca marche pas. J'ai essayer de le telecharger autrement mais c en anglais uniquement et on me dit que le telechargement ne peut pas aller jusqu'au bout (après je ne comprend pas tout jsuis pas bilingue).. J'avais deeja ccleaner donc ca pas de soucis, je l'ai fai, jen suis la (rien n'a changé)... C'est quoi un Tudo? je peux aller directement à cette étape?
MErci pour le temps que tu passe à m'aider..
0
Réponse 11 / 31
zorinho Messages postés 829 Statut Membre 51
 
Il suffisait juste de copier le lien en entier
0
Réponse 12 / 31
zorinho Messages postés 829 Statut Membre 51
 
https://www.malekal.com/?s=SUPERAntiSpyware

ou

http://www.commentcamarche.net/telecharger/telecharger 34055294 superantispyware

NB: tuto égale mode d'emploi

-----------------------------------------------------------------------------------------------------------------------------
Si cela ne marche toujours pas, utilise malwarebytes antimalware

http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware

pour t'aider à utiliser Malwarebyte Antimalware, Regarde ce tuto
https://forums.cnetfrance.fr

Réalise un scan complet en mode sans échec
Démarrage en mode sans échec

A la fin du scan, il indique Afficher les résultats, fais absolument "SUPPRIMER LA SELECTION"

Colle le rapport ici

A bon entendeur

Zor
0
Réponse 13 / 31
miskizou
 
voici le rapport de superantispyware:



SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/10/2008 at 10:49 AM

Application Version : 4.23.1006

Core Rules Database Version : 3669
Trace Rules Database Version: 1648

Scan type : Complete Scan
Total Scan Time : 00:30:18

Memory items scanned : 432
Memory threats detected : 4
Registry items scanned : 5721
Registry threats detected : 171
File items scanned : 38435
File threats detected : 181

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
C:\WINDOWS\SYSTEM32\FCCCBYVW.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL
C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL

Trojan.Unclassified/Uesiuqcr
C:\WINDOWS\SYSTEM32\UESIUQCR.EXE
C:\WINDOWS\SYSTEM32\UESIUQCR.EXE

Trojan.Dropper/Gen-NV
C:\WINDOWS\BRASTK.EXE
C:\WINDOWS\BRASTK.EXE

Rogue.FakeAlert/Wallpaper
[Wallpaper] C:\WINDOWS\DEFAULT.HTM
C:\WINDOWS\DEFAULT.HTM

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{033b938b-a721-40ed-b871-dff40b43ca44}
HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}
HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32
HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QDVMZF.DLL
HKLM\Software\Classes\CLSID\{08127b7e-7f9b-4460-ac25-1c7012e51eca}
HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32
HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ONBGOM.DLL
HKLM\Software\Classes\CLSID\{102793fa-0118-4dfa-9138-d5787075ed51}
HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}
HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32
HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RFDUVS.DLL
HKLM\Software\Classes\CLSID\{1b6fb7a8-fd65-48e6-8904-3233b5937894}
HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}
HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32
HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\HLEZEW.DLL
HKLM\Software\Classes\CLSID\{22ceab05-0629-4b56-9fcd-49d0eb1092c7}
HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32
HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JZDYCB.DLL
HKLM\Software\Classes\CLSID\{51c55845-ecae-4c41-bd8a-449b72067e61}
HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}
HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32
HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\XIKSTK.DLL
HKLM\Software\Classes\CLSID\{5a8bc752-22ff-401d-8846-bd9c2ff56600}
HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}
HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32
HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VFRCOS.DLL
HKLM\Software\Classes\CLSID\{5c08aa60-c326-48bf-be4a-d13785f44de6}
HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}
HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32
HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWZJBE.DLL
HKLM\Software\Classes\CLSID\{5ca59776-f6b7-4193-b5e7-6c89bcd3b2dc}
HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32
HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GTIVUF.DLL
HKLM\Software\Classes\CLSID\{6e92fda0-29b9-4b33-a046-3ac3ed5856f5}
HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}
HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32
HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PCGKKR.DLL
HKLM\Software\Classes\CLSID\{80202d95-bea6-4860-8046-8d7da38e9f90}
HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32
HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ECEYQL.DLL
HKLM\Software\Classes\CLSID\{8e593530-2271-4f1c-b32f-b185cc9e056c}
HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}
HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32
HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\KFMZOL.DLL
HKLM\Software\Classes\CLSID\{98e2262e-c618-4e21-bf91-987105697ab6}
HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}
HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32
HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YTKUNO.DLL
HKLM\Software\Classes\CLSID\{98f179e0-f892-47e3-87bf-20bbf3a01cce}
HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32
HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IPGRWU.DLL
HKLM\Software\Classes\CLSID\{aa882f3d-a562-41ab-86aa-34e68371abac}
HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32
HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NWNHSM.DLL
HKLM\Software\Classes\CLSID\{b078695a-afa2-409b-a727-38595b45fbe5}
HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}
HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32
HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\CACCCL.DLL
HKLM\Software\Classes\CLSID\{b3b6b46d-8b8a-496e-acfe-aa720adbd5fe}
HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32
HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VMPLSI.DLL
HKLM\Software\Classes\CLSID\{c5284b6d-fce0-40b9-a2db-502ae109bdb0}
HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32
HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QBZPHP.DLL
HKLM\Software\Classes\CLSID\{c91882f4-ecfc-4c62-9049-a53e019bc79f}
HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32
HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IBIMJD.DLL
HKLM\Software\Classes\CLSID\{ca03bc21-9edc-4734-839c-201a45f68d2f}
HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32
HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EQPZUS.DLL
HKLM\Software\Classes\CLSID\{db0da7bf-c066-4841-b66f-5ce72ab252d8}
HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32
HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YXFORD.DLL
HKLM\Software\Classes\CLSID\{e275966c-713f-4a08-8c2b-64b580bcb680}
HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}
HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32
HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ZNHXRN.DLL
HKLM\Software\Classes\CLSID\{f01ac8e7-d324-4499-8845-5a8708116afd}
HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}
HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32
HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YJJGFK.DLL
HKLM\Software\Classes\CLSID\{f1d4d47f-ccaa-4430-adf8-764b68bd59e2}
HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32
HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JLDDDT.DLL
HKLM\Software\Classes\CLSID\{fa673c7c-eaf7-4f2b-ae22-cb6be6f5f90e}
HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32
HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NJQNZK.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{033B938B-A721-40ED-B871-DFF40B43CA44}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{102793FA-0118-4DFA-9138-D5787075ED51}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51C55845-ECAE-4C41-BD8A-449B72067E61}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E593530-2271-4F1C-B32F-B185CC9E056C}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98E2262E-C618-4E21-BF91-987105697AB6}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B078695A-AFA2-409B-A727-38595B45FBE5}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E275966C-713F-4A08-8C2B-64B580BCB680}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F01AC8E7-D324-4499-8845-5A8708116AFD}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
C:\WINDOWS\SYSTEM32\AJQSJR.DLL
C:\WINDOWS\SYSTEM32\ATTNGPHT.DLL
C:\WINDOWS\SYSTEM32\AXIZIQ.DLL
C:\WINDOWS\SYSTEM32\CAFCXEMQ.DLL
C:\WINDOWS\SYSTEM32\CANLRXDY.DLL
C:\WINDOWS\SYSTEM32\DCHTDUYX.DLL
C:\WINDOWS\SYSTEM32\DRAAGBRW.DLL
C:\WINDOWS\SYSTEM32\EFGMHIHY.DLL
C:\WINDOWS\SYSTEM32\ERGYMWDD.DLL
C:\WINDOWS\SYSTEM32\FKXAHC.DLL
C:\WINDOWS\SYSTEM32\IEJHYUKH.DLL
C:\WINDOWS\SYSTEM32\IIEWWDBH.DLL
C:\WINDOWS\SYSTEM32\JEEGMQIT.DLL
C:\WINDOWS\SYSTEM32\KJBODWDB.DLL
C:\WINDOWS\SYSTEM32\KLXMCB.DLL
C:\WINDOWS\SYSTEM32\KMTTPSPM.DLL
C:\WINDOWS\SYSTEM32\KUWDCHIK.DLL
C:\WINDOWS\SYSTEM32\NGTYTC.DLL
C:\WINDOWS\SYSTEM32\NHVMJBLO.DLL
C:\WINDOWS\SYSTEM32\NJESDXFH.DLL
C:\WINDOWS\SYSTEM32\ORCGVFTK.DLL
C:\WINDOWS\SYSTEM32\PECVHRCM.DLL
C:\WINDOWS\SYSTEM32\QOFSAIYD.DLL
C:\WINDOWS\SYSTEM32\RMHOTXEK.DLL
C:\WINDOWS\SYSTEM32\TGOICMEW.DLL
C:\WINDOWS\SYSTEM32\UXQQWVLK.DLL
C:\WINDOWS\SYSTEM32\WDNHMTMW.DLL
C:\WINDOWS\SYSTEM32\WSTECIIL.DLL
C:\WINDOWS\SYSTEM32\XLHYRPFD.DLL
C:\WINDOWS\SYSTEM32\YHCPTMIO.DLL

Trojan.Unclassified
HKLM\Software\Classes\CLSID\{33c34b7c-9301-4c0b-9fce-a15e0b62fdbf}
HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32
HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WTAECF.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
C:\WINDOWS\SYSTEM32\OBTDTBLN.DLL

Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32
HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32
HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkIYOfC

Adware.Vundo/Variant
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32
HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JYVYDC.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32
HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VWACNT.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32
HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DQNQBI.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32
HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DTNSQT.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32
HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QOJAQH.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32
HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WXIJRK.DLL
C:\WINDOWS\SYSTEM32\AHTDYRXN.DLL
C:\WINDOWS\SYSTEM32\AMEGAQTQ.DLL
C:\WINDOWS\SYSTEM32\ANZEBD.DLL
C:\WINDOWS\SYSTEM32\BHXFRDFS.DLL
C:\WINDOWS\SYSTEM32\BTLNDHDC.DLL
C:\WINDOWS\SYSTEM32\BXQWJISI.DLL
C:\WINDOWS\SYSTEM32\CBKLOPMN.DLL
C:\WINDOWS\SYSTEM32\DTQXCVFF.DLL
C:\WINDOWS\SYSTEM32\ERWCFL.DLL
C:\WINDOWS\SYSTEM32\FCXPIPOS.DLL
C:\WINDOWS\SYSTEM32\GKOMHEYK.DLL
C:\WINDOWS\SYSTEM32\HQDTJHGY.DLL
C:\WINDOWS\SYSTEM32\HRUUCJPD.DLL
C:\WINDOWS\SYSTEM32\ICSELNLG.DLL
C:\WINDOWS\SYSTEM32\JKXSMAVC.DLL
C:\WINDOWS\SYSTEM32\JUHMUBFP.DLL
C:\WINDOWS\SYSTEM32\NZNBYI.DLL
C:\WINDOWS\SYSTEM32\OBOAAESC.DLL
C:\WINDOWS\SYSTEM32\PEHPJBBE.DLL
C:\WINDOWS\SYSTEM32\RHWHMALU.DLL
C:\WINDOWS\SYSTEM32\SHPGQJBV.DLL
C:\WINDOWS\SYSTEM32\SHPUGVSS.DLL
C:\WINDOWS\SYSTEM32\SUFEHBLA.DLL
C:\WINDOWS\SYSTEM32\TRCQJKBP.DLL
C:\WINDOWS\SYSTEM32\TRSALVMP.DLL
C:\WINDOWS\SYSTEM32\VDDSUDDI.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.sorpresor[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@media6degrees[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@date.ventivmedia[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@tradedoubler[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@adrevolver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.yieldmanager[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.loudsocial[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.zanox[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@doubleclick[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@bewebmedia[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@smartadserver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@yourmedia[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@media.adrevolver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@weborama[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@atdmt[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@bluestreak[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@adsby.aim4media[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@xiti[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@statcounter[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@mediaplex[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@apmebf[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@bs.serving-sys[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@advertising[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@serving-sys[2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\rdfa

Rogue.XP AntiSpyware 2009
HKLM\Software\XP_Antispyware
HKLM\Software\XP_Antispyware#email3
HKLM\Software\XP_Antispyware#info

Trojan.Downloader-Gen
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ brastk.exe ]

Rootkit.Karna/Beep-Fake
C:\WINDOWS\DRIVERS\BEEP.SYS
C:\WINDOWS\SYSTEM32\DLLCACHE\BEEP.SYS

Adware.Vundo/Variant-Trace
C:\WINDOWS\SYSTEM32\ACCVFWLB.INI
C:\WINDOWS\SYSTEM32\BBMBOMKI.INI
C:\WINDOWS\SYSTEM32\CKGOSAYK.INI
C:\WINDOWS\SYSTEM32\DNAYGBVO.INI
C:\WINDOWS\SYSTEM32\FGEMETXS.INI
C:\WINDOWS\SYSTEM32\FOAJCNPE.INI
C:\WINDOWS\SYSTEM32\GMBUKQTX.INI
C:\WINDOWS\SYSTEM32\GRUFQSRV.INI
C:\WINDOWS\SYSTEM32\GTPUNMXE.INI
C:\WINDOWS\SYSTEM32\HITTATYM.INI
C:\WINDOWS\SYSTEM32\IAKAGNJA.INI
C:\WINDOWS\SYSTEM32\IFJMPEVO.INI
C:\WINDOWS\SYSTEM32\KLVWQQXU.INI
C:\WINDOWS\SYSTEM32\KSQJRFWD.INI
C:\WINDOWS\SYSTEM32\KVDQYXVN.INI
C:\WINDOWS\SYSTEM32\LRAEOXFR.INI
C:\WINDOWS\SYSTEM32\MPSPTTMK.INI
C:\WINDOWS\SYSTEM32\MSTGNVTX.INI
C:\WINDOWS\SYSTEM32\MYVJRNJG.INI
C:\WINDOWS\SYSTEM32\NLBTDTBO.INI
C:\WINDOWS\SYSTEM32\NXYGFXCA.INI
C:\WINDOWS\SYSTEM32\OGFNQKXT.INI
C:\WINDOWS\SYSTEM32\PATYEPRQ.INI
C:\WINDOWS\SYSTEM32\PBYKRVEP.INI
C:\WINDOWS\SYSTEM32\PNDXJIVH.INI
C:\WINDOWS\SYSTEM32\QPELUTNE.INI
C:\WINDOWS\SYSTEM32\QRHFYXNT.INI
C:\WINDOWS\SYSTEM32\SCPSHGGI.INI
C:\WINDOWS\SYSTEM32\SXRLFKOJ.INI
C:\WINDOWS\SYSTEM32\THPGNTTA.INI
C:\WINDOWS\SYSTEM32\TIQMGEEJ.INI
C:\WINDOWS\SYSTEM32\TQXKBMNO.INI
C:\WINDOWS\SYSTEM32\UCJPOYMI.INI
C:\WINDOWS\SYSTEM32\URFSEPHQ.INI
C:\WINDOWS\SYSTEM32\VIDLJISF.INI
C:\WINDOWS\SYSTEM32\WBRFPRGQ.INI
C:\WINDOWS\SYSTEM32\WHNQPIOT.INI
C:\WINDOWS\SYSTEM32\WNXCHQGL.INI
C:\WINDOWS\SYSTEM32\WYWRGSTA.INI
C:\WINDOWS\SYSTEM32\XCWKOIYE.INI
C:\WINDOWS\SYSTEM32\YDXRLNAC.INI
C:\WINDOWS\SYSTEM32\YFBLIJQB.INI

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\ESKKQGDR.EXE
C:\WINDOWS\SYSTEM32\FJSCJGXK.EXE
C:\WINDOWS\SYSTEM32\GBWDGMJM.EXE
C:\WINDOWS\SYSTEM32\GIENGDOU.EXE
C:\WINDOWS\SYSTEM32\GXUQPQNR.EXE
C:\WINDOWS\SYSTEM32\OAGMMNEI.EXE
C:\WINDOWS\SYSTEM32\PSFOPIFW.EXE
C:\WINDOWS\SYSTEM32\RFTCFYDR.EXE
C:\WINDOWS\SYSTEM32\RSLUCYRI.EXE
C:\WINDOWS\SYSTEM32\SSBPMFXI.EXE
C:\WINDOWS\SYSTEM32\UOTRPOGO.EXE
C:\WINDOWS\SYSTEM32\WOILBLSI.EXE
C:\WINDOWS\SYSTEM32\YDDXKMCH.EXE
C:\WINDOWS\SYSTEM32\YDWDXKDQ.EXE

Rogue.Multi-Dropper/Installer
C:\WINDOWS\SYSTEM32\WERTYU.DLL

Trojan.Dropper/Gen
C:\WINDOWS\SYSTEM32\WINI10791.EXE
0
Réponse 14 / 31
miskizou
 
Ca a marché, MERCI MERCI MERCI!!!!
il n'y a plus le fond d'écran bleu avec ecrit "attention....", je n'ai plus le message "your computer is infected" qui s'affiche, il n'y a meme plus la croix rouge et le point d'exclamation jaune en bas a droite. super!!!
Dois je conserver tous les logiciels que j'ai téléchargé : navilog, smitfrandfix, ccleaner, superantispyware et zonealarm??
encore merci
0
Réponse 15 / 31
zorinho Messages postés 829 Statut Membre 51
 
Salut,

ce n'est pas fini

1) j'aurais souhaité le rapport Superantispyware sous une autre forme

vas dans "preference" , "logs/statistics"

et tu cliques sur le dernier rapport

fais copier/coller ici

PS: j'espère que tu as pu faire un scan "en mode sans échec"

2) Apparemment, tu ne maîtrises pas encore CCleaner

- utilise le pinceau pour lancer le nettoyage (efface les cookies, les fichiers temporaires, etc)
- utilise la fonction "Registre / chercher les erreurs / corriger les erreurs) pour nettoyer ta base de registre

3) Utilise par sécurité malwarebytes

https://www.commentcamarche.net/telecharger/ 34055379 malwarebytes anti malware

pour t'aider à utiliser Malwarebyte Antimalware, Regarde ce tuto
https://forums.cnetfrance.fr

Réalise un scan complet en mode sans échec
Démarrage en mode sans échec

A la fin du scan, il indique Afficher les résultats, fais absolument "SUPPRIMER LA SELECTION"

Colle le rapport ici

4) lance un examen avec Hijackthis (on aurait dû commencer par cela)

https://www.malekal.com/tutoriel-hijackthis/

Fais "scan et save a logfile"
Ne t'avise pas de fixer des lignes


A plus

Zor

PS: pour le nettoyage, on verra après
0
Réponse 16 / 31
miskizou
 
Non je n'ai pas fai le scan superantispyware en mode sans echec. ce n'était pas spécifié dans la notice. Le rapport que j'avais posté je l'ai eu dans préférence puis statistique, donc si je le reposte ca sera le meme.?
Lol, c'est vrai que je ne maitrise pas trop ccleaner (comme tous ces logiciels...) mais ce que tu me dis de faire , je l'avai deja fait (je l'ai refait du coup)

Je t'envoie le rapport de malwarebyte, j'ai bien fait cette fois le scan en mode sans echec


Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1482
Windows 5.1.2600 Service Pack 2

10/12/2008 13:09:42
mbam-log-2008-12-10 (13-09-42).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 91815
Temps écoulé: 50 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 45
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 224

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f92cb680-e0d5-4b9a-803c-8200a5c65a2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61a4c96b-365b-49c0-80c5-0324d6b544ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61a4c96b-365b-49c0-80c5-0324d6b544ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b6a5068-d99f-432f-afe1-76abc1d69dcb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b6a5068-d99f-432f-afe1-76abc1d69dcb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fad5b5f-9a50-41f0-b8fe-4171d62ecb70} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9fad5b5f-9a50-41f0-b8fe-4171d62ecb70} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{079c3b15-d4a2-4c8f-8f9b-bec856764ab5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{079c3b15-d4a2-4c8f-8f9b-bec856764ab5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a762cc3-d071-4019-9ad1-b8a072ea8f1f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a762cc3-d071-4019-9ad1-b8a072ea8f1f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3873c472-7bfa-4279-9430-4cf72b561003} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3873c472-7bfa-4279-9430-4cf72b561003} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12d6a055-5922-44bd-9d32-c651741c14ae} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12d6a055-5922-44bd-9d32-c651741c14ae} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f5d4192-2621-4510-a44a-fe9de45e9cc6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5f5d4192-2621-4510-a44a-fe9de45e9cc6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72f66ad-73a0-4f54-997b-c49cbb29bf03} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72f66ad-73a0-4f54-997b-c49cbb29bf03} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7961abe-d137-4b7b-8d7b-d6a7b0b70f8d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f7961abe-d137-4b7b-8d7b-d6a7b0b70f8d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fddfd658-3c9a-4539-9158-343ece21e40e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fddfd658-3c9a-4539-9158-343ece21e40e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae731fef-f5e8-4be5-a771-7da00636a4c6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae731fef-f5e8-4be5-a771-7da00636a4c6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6ff2241-a11b-4de2-992d-a88773e349f0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5938cf21-228c-4c45-8958-f7191ac9154a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17b78773-c950-4efa-8553-f1be6c607a49} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17b78773-c950-4efa-8553-f1be6c607a49} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{055d80c1-a63e-4efd-9efd-377d20a945e3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72b41eff-d0d8-4ad5-8890-33174dde6b82} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{deb3a92b-d7c9-40a7-bb0f-7a408c271c1d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deb3a92b-d7c9-40a7-bb0f-7a408c271c1d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf71b678e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf71b678e (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\cugxsvxd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxvsxguc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlsosqjb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjqsosld.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfwtyqog.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goqytwfg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glrojslx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlsjorlg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfrwmkxf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxkmwrfl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrawshcg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gchswarm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrcjshcf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fchsjcrm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nprxqerf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\freqxrpn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntwulvyj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyvluwtn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvmeiyqm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mqyiemvq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sorgygmt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tmgygros.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqcyogxu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxgoycqv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fglrcicr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001215.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001228.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001291.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001292.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001293.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001294.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001295.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001296.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001297.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001298.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001299.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001300.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001301.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001302.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001303.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001304.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\gvo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\wcq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqqhfvwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfjlnbem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bopare.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cagbwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cblnwmqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ceocxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\chbyetwl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cupgbq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxdifd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxyuynfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddzije.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djurnhdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnqsxfdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnkcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwjdbbut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzicpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzwcqn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emfageym.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\entulepq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eokejz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqypqefx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exmnuptg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\feeaau.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fmkbtceu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsijldiv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsxeugig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\givucofv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gpprht.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjsssxkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hldzhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlwbdw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpoijvga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hrwvlukx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifpgcm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifwrbfck.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iljpmkxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imyopjcu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isnkhjnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmmxnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lketfisx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ltjalteg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxermjef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mghbwrok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgnmpgpa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhsscrph.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndhiqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nekols.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvxnfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ochyncvk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oheeem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohvolm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ondrza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oobdhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovbgyand.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owichgxi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owxjponm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxtdchiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pibeavvk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkgglhuq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlyoet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlzzaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rgqywc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhjpyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlnocbiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sprlht.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssyoum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sunoye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcuqwcsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thqewn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tmvrxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tnwsumxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqeknkbq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trjoai.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\txkqnfgo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uowmcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbstzw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkmundbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vmcsqfup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvqtgcpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxvoahkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xgxgclga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xkriuhje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmmjevac.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yehtmfca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhnhrx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymdqhxmp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymubhoyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrhghvgy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxtgct.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zceuxk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zgxytb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zjtmpd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zsqurx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zyswci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getwn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf71b678e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf71b678e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 17 / 31
miskizou
 
C'est re moi,
Je n'arrive pas a décompresser hijachthis, comment on fait??? merci
0
Réponse 18 / 31
zorinho Messages postés 829 Statut Membre 51
 
Re-salut,

1) relis le point 9

je t'avais demandé de réaliser le scan Superantispyware en mode sans échec

Pourrais-tu faire les mises à jour du logiciel et faire un scan en mode sans échec.

Envoie-moi le rapport d'analyse

2) télécharge Hijackthis ici, tu auras peut-être plus de chance

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

A plus

Zor
0
Réponse 19 / 31
miskizou
 
Voici le rapprt de scan de superantispyware cette fois en mode sans echec:


SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/10/2008 at 10:49 AM

Application Version : 4.23.1006

Core Rules Database Version : 3669
Trace Rules Database Version: 1648

Scan type : Complete Scan
Total Scan Time : 00:30:18

Memory items scanned : 432
Memory threats detected : 4
Registry items scanned : 5721
Registry threats detected : 171
File items scanned : 38435
File threats detected : 181

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
C:\WINDOWS\SYSTEM32\FCCCBYVW.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL
C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL

Trojan.Unclassified/Uesiuqcr
C:\WINDOWS\SYSTEM32\UESIUQCR.EXE
C:\WINDOWS\SYSTEM32\UESIUQCR.EXE

Trojan.Dropper/Gen-NV
C:\WINDOWS\BRASTK.EXE
C:\WINDOWS\BRASTK.EXE

Rogue.FakeAlert/Wallpaper
[Wallpaper] C:\WINDOWS\DEFAULT.HTM
C:\WINDOWS\DEFAULT.HTM

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{033b938b-a721-40ed-b871-dff40b43ca44}
HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}
HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32
HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QDVMZF.DLL
HKLM\Software\Classes\CLSID\{08127b7e-7f9b-4460-ac25-1c7012e51eca}
HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32
HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ONBGOM.DLL
HKLM\Software\Classes\CLSID\{102793fa-0118-4dfa-9138-d5787075ed51}
HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}
HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32
HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\RFDUVS.DLL
HKLM\Software\Classes\CLSID\{1b6fb7a8-fd65-48e6-8904-3233b5937894}
HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}
HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32
HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\HLEZEW.DLL
HKLM\Software\Classes\CLSID\{22ceab05-0629-4b56-9fcd-49d0eb1092c7}
HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32
HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JZDYCB.DLL
HKLM\Software\Classes\CLSID\{51c55845-ecae-4c41-bd8a-449b72067e61}
HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}
HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32
HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\XIKSTK.DLL
HKLM\Software\Classes\CLSID\{5a8bc752-22ff-401d-8846-bd9c2ff56600}
HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}
HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32
HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VFRCOS.DLL
HKLM\Software\Classes\CLSID\{5c08aa60-c326-48bf-be4a-d13785f44de6}
HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}
HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32
HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWZJBE.DLL
HKLM\Software\Classes\CLSID\{5ca59776-f6b7-4193-b5e7-6c89bcd3b2dc}
HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32
HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GTIVUF.DLL
HKLM\Software\Classes\CLSID\{6e92fda0-29b9-4b33-a046-3ac3ed5856f5}
HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}
HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32
HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PCGKKR.DLL
HKLM\Software\Classes\CLSID\{80202d95-bea6-4860-8046-8d7da38e9f90}
HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32
HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ECEYQL.DLL
HKLM\Software\Classes\CLSID\{8e593530-2271-4f1c-b32f-b185cc9e056c}
HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}
HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32
HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\KFMZOL.DLL
HKLM\Software\Classes\CLSID\{98e2262e-c618-4e21-bf91-987105697ab6}
HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}
HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32
HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YTKUNO.DLL
HKLM\Software\Classes\CLSID\{98f179e0-f892-47e3-87bf-20bbf3a01cce}
HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32
HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IPGRWU.DLL
HKLM\Software\Classes\CLSID\{aa882f3d-a562-41ab-86aa-34e68371abac}
HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32
HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NWNHSM.DLL
HKLM\Software\Classes\CLSID\{b078695a-afa2-409b-a727-38595b45fbe5}
HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}
HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32
HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\CACCCL.DLL
HKLM\Software\Classes\CLSID\{b3b6b46d-8b8a-496e-acfe-aa720adbd5fe}
HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32
HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VMPLSI.DLL
HKLM\Software\Classes\CLSID\{c5284b6d-fce0-40b9-a2db-502ae109bdb0}
HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32
HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QBZPHP.DLL
HKLM\Software\Classes\CLSID\{c91882f4-ecfc-4c62-9049-a53e019bc79f}
HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32
HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IBIMJD.DLL
HKLM\Software\Classes\CLSID\{ca03bc21-9edc-4734-839c-201a45f68d2f}
HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32
HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\EQPZUS.DLL
HKLM\Software\Classes\CLSID\{db0da7bf-c066-4841-b66f-5ce72ab252d8}
HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32
HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YXFORD.DLL
HKLM\Software\Classes\CLSID\{e275966c-713f-4a08-8c2b-64b580bcb680}
HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}
HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32
HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ZNHXRN.DLL
HKLM\Software\Classes\CLSID\{f01ac8e7-d324-4499-8845-5a8708116afd}
HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}
HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32
HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YJJGFK.DLL
HKLM\Software\Classes\CLSID\{f1d4d47f-ccaa-4430-adf8-764b68bd59e2}
HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32
HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JLDDDT.DLL
HKLM\Software\Classes\CLSID\{fa673c7c-eaf7-4f2b-ae22-cb6be6f5f90e}
HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32
HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NJQNZK.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{033B938B-A721-40ED-B871-DFF40B43CA44}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{102793FA-0118-4DFA-9138-D5787075ED51}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51C55845-ECAE-4C41-BD8A-449B72067E61}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E593530-2271-4F1C-B32F-B185CC9E056C}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98E2262E-C618-4E21-BF91-987105697AB6}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B078695A-AFA2-409B-A727-38595B45FBE5}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E275966C-713F-4A08-8C2B-64B580BCB680}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F01AC8E7-D324-4499-8845-5A8708116AFD}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
C:\WINDOWS\SYSTEM32\AJQSJR.DLL
C:\WINDOWS\SYSTEM32\ATTNGPHT.DLL
C:\WINDOWS\SYSTEM32\AXIZIQ.DLL
C:\WINDOWS\SYSTEM32\CAFCXEMQ.DLL
C:\WINDOWS\SYSTEM32\CANLRXDY.DLL
C:\WINDOWS\SYSTEM32\DCHTDUYX.DLL
C:\WINDOWS\SYSTEM32\DRAAGBRW.DLL
C:\WINDOWS\SYSTEM32\EFGMHIHY.DLL
C:\WINDOWS\SYSTEM32\ERGYMWDD.DLL
C:\WINDOWS\SYSTEM32\FKXAHC.DLL
C:\WINDOWS\SYSTEM32\IEJHYUKH.DLL
C:\WINDOWS\SYSTEM32\IIEWWDBH.DLL
C:\WINDOWS\SYSTEM32\JEEGMQIT.DLL
C:\WINDOWS\SYSTEM32\KJBODWDB.DLL
C:\WINDOWS\SYSTEM32\KLXMCB.DLL
C:\WINDOWS\SYSTEM32\KMTTPSPM.DLL
C:\WINDOWS\SYSTEM32\KUWDCHIK.DLL
C:\WINDOWS\SYSTEM32\NGTYTC.DLL
C:\WINDOWS\SYSTEM32\NHVMJBLO.DLL
C:\WINDOWS\SYSTEM32\NJESDXFH.DLL
C:\WINDOWS\SYSTEM32\ORCGVFTK.DLL
C:\WINDOWS\SYSTEM32\PECVHRCM.DLL
C:\WINDOWS\SYSTEM32\QOFSAIYD.DLL
C:\WINDOWS\SYSTEM32\RMHOTXEK.DLL
C:\WINDOWS\SYSTEM32\TGOICMEW.DLL
C:\WINDOWS\SYSTEM32\UXQQWVLK.DLL
C:\WINDOWS\SYSTEM32\WDNHMTMW.DLL
C:\WINDOWS\SYSTEM32\WSTECIIL.DLL
C:\WINDOWS\SYSTEM32\XLHYRPFD.DLL
C:\WINDOWS\SYSTEM32\YHCPTMIO.DLL

Trojan.Unclassified
HKLM\Software\Classes\CLSID\{33c34b7c-9301-4c0b-9fce-a15e0b62fdbf}
HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32
HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WTAECF.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
C:\WINDOWS\SYSTEM32\OBTDTBLN.DLL

Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32
HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32
HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkIYOfC

Adware.Vundo/Variant
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32
HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JYVYDC.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32
HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VWACNT.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32
HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DQNQBI.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32
HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DTNSQT.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32
HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QOJAQH.DLL
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32
HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WXIJRK.DLL
C:\WINDOWS\SYSTEM32\AHTDYRXN.DLL
C:\WINDOWS\SYSTEM32\AMEGAQTQ.DLL
C:\WINDOWS\SYSTEM32\ANZEBD.DLL
C:\WINDOWS\SYSTEM32\BHXFRDFS.DLL
C:\WINDOWS\SYSTEM32\BTLNDHDC.DLL
C:\WINDOWS\SYSTEM32\BXQWJISI.DLL
C:\WINDOWS\SYSTEM32\CBKLOPMN.DLL
C:\WINDOWS\SYSTEM32\DTQXCVFF.DLL
C:\WINDOWS\SYSTEM32\ERWCFL.DLL
C:\WINDOWS\SYSTEM32\FCXPIPOS.DLL
C:\WINDOWS\SYSTEM32\GKOMHEYK.DLL
C:\WINDOWS\SYSTEM32\HQDTJHGY.DLL
C:\WINDOWS\SYSTEM32\HRUUCJPD.DLL
C:\WINDOWS\SYSTEM32\ICSELNLG.DLL
C:\WINDOWS\SYSTEM32\JKXSMAVC.DLL
C:\WINDOWS\SYSTEM32\JUHMUBFP.DLL
C:\WINDOWS\SYSTEM32\NZNBYI.DLL
C:\WINDOWS\SYSTEM32\OBOAAESC.DLL
C:\WINDOWS\SYSTEM32\PEHPJBBE.DLL
C:\WINDOWS\SYSTEM32\RHWHMALU.DLL
C:\WINDOWS\SYSTEM32\SHPGQJBV.DLL
C:\WINDOWS\SYSTEM32\SHPUGVSS.DLL
C:\WINDOWS\SYSTEM32\SUFEHBLA.DLL
C:\WINDOWS\SYSTEM32\TRCQJKBP.DLL
C:\WINDOWS\SYSTEM32\TRSALVMP.DLL
C:\WINDOWS\SYSTEM32\VDDSUDDI.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.sorpresor[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@media6degrees[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@date.ventivmedia[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@tradedoubler[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@adrevolver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.yieldmanager[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.loudsocial[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.zanox[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@doubleclick[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@bewebmedia[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@smartadserver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@yourmedia[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@media.adrevolver[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@weborama[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@atdmt[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@bluestreak[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@adsby.aim4media[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@xiti[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@statcounter[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@mediaplex[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@apmebf[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@bs.serving-sys[1].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@advertising[2].txt
C:\Documents and Settings\Multiservices\Cookies\multiservices@serving-sys[2].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\rdfa

Rogue.XP AntiSpyware 2009
HKLM\Software\XP_Antispyware
HKLM\Software\XP_Antispyware#email3
HKLM\Software\XP_Antispyware#info

Trojan.Downloader-Gen
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ brastk.exe ]

Rootkit.Karna/Beep-Fake
C:\WINDOWS\DRIVERS\BEEP.SYS
C:\WINDOWS\SYSTEM32\DLLCACHE\BEEP.SYS

Adware.Vundo/Variant-Trace
C:\WINDOWS\SYSTEM32\ACCVFWLB.INI
C:\WINDOWS\SYSTEM32\BBMBOMKI.INI
C:\WINDOWS\SYSTEM32\CKGOSAYK.INI
C:\WINDOWS\SYSTEM32\DNAYGBVO.INI
C:\WINDOWS\SYSTEM32\FGEMETXS.INI
C:\WINDOWS\SYSTEM32\FOAJCNPE.INI
C:\WINDOWS\SYSTEM32\GMBUKQTX.INI
C:\WINDOWS\SYSTEM32\GRUFQSRV.INI
C:\WINDOWS\SYSTEM32\GTPUNMXE.INI
C:\WINDOWS\SYSTEM32\HITTATYM.INI
C:\WINDOWS\SYSTEM32\IAKAGNJA.INI
C:\WINDOWS\SYSTEM32\IFJMPEVO.INI
C:\WINDOWS\SYSTEM32\KLVWQQXU.INI
C:\WINDOWS\SYSTEM32\KSQJRFWD.INI
C:\WINDOWS\SYSTEM32\KVDQYXVN.INI
C:\WINDOWS\SYSTEM32\LRAEOXFR.INI
C:\WINDOWS\SYSTEM32\MPSPTTMK.INI
C:\WINDOWS\SYSTEM32\MSTGNVTX.INI
C:\WINDOWS\SYSTEM32\MYVJRNJG.INI
C:\WINDOWS\SYSTEM32\NLBTDTBO.INI
C:\WINDOWS\SYSTEM32\NXYGFXCA.INI
C:\WINDOWS\SYSTEM32\OGFNQKXT.INI
C:\WINDOWS\SYSTEM32\PATYEPRQ.INI
C:\WINDOWS\SYSTEM32\PBYKRVEP.INI
C:\WINDOWS\SYSTEM32\PNDXJIVH.INI
C:\WINDOWS\SYSTEM32\QPELUTNE.INI
C:\WINDOWS\SYSTEM32\QRHFYXNT.INI
C:\WINDOWS\SYSTEM32\SCPSHGGI.INI
C:\WINDOWS\SYSTEM32\SXRLFKOJ.INI
C:\WINDOWS\SYSTEM32\THPGNTTA.INI
C:\WINDOWS\SYSTEM32\TIQMGEEJ.INI
C:\WINDOWS\SYSTEM32\TQXKBMNO.INI
C:\WINDOWS\SYSTEM32\UCJPOYMI.INI
C:\WINDOWS\SYSTEM32\URFSEPHQ.INI
C:\WINDOWS\SYSTEM32\VIDLJISF.INI
C:\WINDOWS\SYSTEM32\WBRFPRGQ.INI
C:\WINDOWS\SYSTEM32\WHNQPIOT.INI
C:\WINDOWS\SYSTEM32\WNXCHQGL.INI
C:\WINDOWS\SYSTEM32\WYWRGSTA.INI
C:\WINDOWS\SYSTEM32\XCWKOIYE.INI
C:\WINDOWS\SYSTEM32\YDXRLNAC.INI
C:\WINDOWS\SYSTEM32\YFBLIJQB.INI

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\ESKKQGDR.EXE
C:\WINDOWS\SYSTEM32\FJSCJGXK.EXE
C:\WINDOWS\SYSTEM32\GBWDGMJM.EXE
C:\WINDOWS\SYSTEM32\GIENGDOU.EXE
C:\WINDOWS\SYSTEM32\GXUQPQNR.EXE
C:\WINDOWS\SYSTEM32\OAGMMNEI.EXE
C:\WINDOWS\SYSTEM32\PSFOPIFW.EXE
C:\WINDOWS\SYSTEM32\RFTCFYDR.EXE
C:\WINDOWS\SYSTEM32\RSLUCYRI.EXE
C:\WINDOWS\SYSTEM32\SSBPMFXI.EXE
C:\WINDOWS\SYSTEM32\UOTRPOGO.EXE
C:\WINDOWS\SYSTEM32\WOILBLSI.EXE
C:\WINDOWS\SYSTEM32\YDDXKMCH.EXE
C:\WINDOWS\SYSTEM32\YDWDXKDQ.EXE

Rogue.Multi-Dropper/Installer
C:\WINDOWS\SYSTEM32\WERTYU.DLL

Trojan.Dropper/Gen
C:\WINDOWS\SYSTEM32\WINI10791.EXE






VOICI LE RAPPORT DE HIJACKTHIS:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:32, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$QUADBASE\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
C:\Program Files\Companion Suite Pro LM2\MFServices.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MFPrintServer_Pro_LM] "C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe"
O4 - HKLM\..\Run: [MFServices_Pro_LM] "C:\Program Files\Companion Suite Pro LM2\MFServices.exe" -n
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [OpwareSE3] "C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094743966812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Quadrige LDAP Server - Unknown owner - C:\Program Files\sagem\openldap\slapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 20 / 31
zorinho Messages postés 829 Statut Membre 51
 
quoiqu'il en soit , tu as une infection Vundo.

Applique ceci

* Télécharger ComboFix (par sUBs) sur le Bureau.
* Double-cliquer combofix.exe.
* Il est vivement recommandé d'installer la Console de récupération !.
* Appuyer sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt.
* Refaire un rapport HijackThis, et fixer les lignes correspondantes comme indiqué plus haut.



Le tutoriel officiel et le lieu de téléchargement se trouvent à cette adresse :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
A plus

Zor
0

Discussions similaires

Spam SMS : your messenger vérification code is ***
Metheor -
Radinoz -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Page bleue : your PC ran into a problem and needs to restart
pitchalou -
Malekal_morte- -

2 réponses
Comment résoudre "The requested URL was rejected"
Cguya -
jeannets -

3 réponses
Sms étranges "... is your instagram code"
Anon_4067 -
lablg23 -

5 réponses