virus "your computer is infected"

Question

Bonjour,
Mon ordinateur est infecté par le virus "your computer is infected", ca m'empeche d'envoyer des fichier de mon ordi par mail, ca maffiche des pub sans arret (meme des pages porno). Dernierement mon fond d'ecran est devenu tout bleu avec des message d'alerte en fond "your computer has a several fatals error due to spyware activity"... 
j'espere que ce qu'on va dit va changer tout ca.
J'envoie le premier rapport de smitfraudfix:
SmitFraudFix v2.381

Rapport fait à 14:56:51,48, 09/12/2008
Executé à partir de C:\Documents and Settings\Multiservices\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$QUADBASE\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
C:\Program Files\Companion Suite Pro LM2\MFServices.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\default.htm PRESENT !
C:\WINDOWS\karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\brastk.exe PRESENT !
C:\WINDOWS\system32\karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="karna.dat"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK

C:\WINDOWS\system32\drivers\beep.sys infecté !


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/1000 CT Network Connection
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



je vais poursuivre ce qui ai dit j'enverrai le second rapport...

Ben92 · Answer

L'idéal, à ce niveau, serait de formater ton disque et de réinstaller ton système. Sinon, télécharge MalwareBytes et Avira, mets à jour et lance l'analyse.

zorinho · Answer

Salut,

relance Smitfraudfix en mode sans échec et clique sur la fonction 2

A plus

Zor

miskizou · Answer

voici le second rapport, mais CA N'A RIEN CHANGE, j'ai toujours, les message qui s'affiche (your computer is infected) et le fond d'écran bleu avec tout le tralala ecrit (attetion, ordi infecté....)

SmitFraudFix v2.381

Rapport fait à 15:43:09,59, 09/12/2008
Executé à partir de C:\Documents and Settings\Multiservices\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$QUADBASE\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
C:\Program Files\Companion Suite Pro LM2\MFServices.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\default.htm PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\Delete_Me_Dummy_karna.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Multiservices\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MULTIS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/1000 CT Network Connection
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A13ABDDB-238F-4572-8424-EE5B6BBA2CFB}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



POURTANT J'AI SUIVI TOUT CE QUI éTAIT EXPLIQUE... que faire a ce niveau. Formater l'ordi, est ce vraiment une bonne idée, sioui, comment s'y prend t-on, faut-il sauvegarder toutes les données (genre les fichiers word)??

MERCI POUR VOS REPONSES

miskizou · Answer

quand je dis que j'ai envoyé le second rapport, c'est le rapport après ce que Zorhino à dit: j'ai redemarré en mode sans echec, fait l'option 2 il m'ont ecrit des truc j'ai dit oui puis redemarré en mode normal.
Rien a changé...

zorinho · Answer

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

et:

télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

A plus

Zor

miskizou · Answer

EN TOUT CAS MERCI ZOR POUR TA REPONSE, voici l'analyse de navilog1, je poursuis ce que tu ma dis et te dis quoi:


Search Navipromo version 3.6.9 commencé le 09/12/2008 à 16:36:23,84

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Multiservices" 

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Multiservices\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Multiservices\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Multiservices\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Multiservices\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Multiservices\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\WGjStBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 09/12/2008 à 16:44:07,62 ***

georges86400 · Answer

Bonjour
essaye avec malwaresbytes

miskizou · Answer

VOICI LE SECOND RAPPORT de lop 


   --------------------\  Lop S&D 4.2.4-9c   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : Version 5.00 R2.14.1561.01
   USER : Multiservices ( Administrator )
   BOOT : Normal boot
   Firewall  : ZoneAlarm Firewall 7.0.483.000 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total:37 Go (Free:22 Go)
   D:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
   Option : [1] ( 09/12/2008|16:50 )
 
   --------------------\  Listing des dossiers dans APPLIC~1


   [04/10/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
   [19/04/2005|15:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [04/10/2008|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [04/10/2008|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [06/11/2008|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
   [04/09/2008|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
   [09/12/2008|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
   [17/09/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [15/09/2008|11:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
   [09/11/2008|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
   [21/09/2008|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [30/11/2008|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [16/07/2004|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
   [15/07/2004|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
   [17/09/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

   [23/01/2004|10:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [23/01/2004|10:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

   [23/01/2004|10:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [15/09/2008|21:16] C:\DOCUME~1\MULTIS~1\APPLIC~1\Adobe
   [07/06/2004|09:29] C:\DOCUME~1\MULTIS~1\APPLIC~1\AdobeUM
   [01/02/2005|11:16] C:\DOCUME~1\MULTIS~1\APPLIC~1\Ahead
   [19/10/2008|16:59] C:\DOCUME~1\MULTIS~1\APPLIC~1\Apple Computer
   [02/11/2007|07:33] C:\DOCUME~1\MULTIS~1\APPLIC~1\ArcSoft
   [02/06/2004|10:02] C:\DOCUME~1\MULTIS~1\APPLIC~1\Copernic
   [23/01/2004|12:31] C:\DOCUME~1\MULTIS~1\APPLIC~1\Help
   [13/11/2008|12:15] C:\DOCUME~1\MULTIS~1\APPLIC~1\Icone
   [23/01/2004|10:59] C:\DOCUME~1\MULTIS~1\APPLIC~1\Identities
   [10/11/2008|10:41] C:\DOCUME~1\MULTIS~1\APPLIC~1\InstallShield
   [10/11/2008|10:45] C:\DOCUME~1\MULTIS~1\APPLIC~1\LG Electronics
   [08/12/2008|21:51] C:\DOCUME~1\MULTIS~1\APPLIC~1\LimeWire
   [01/02/2005|11:24] C:\DOCUME~1\MULTIS~1\APPLIC~1\Macromedia
   [18/09/2008|20:39] C:\DOCUME~1\MULTIS~1\APPLIC~1\Microsoft
   [06/11/2008|23:31] C:\DOCUME~1\MULTIS~1\APPLIC~1\ScanSoft
   [21/09/2008|09:58] C:\DOCUME~1\MULTIS~1\APPLIC~1\skypePM
   [23/01/2004|10:47] C:\DOCUME~1\MULTIS~1\APPLIC~1\Sun
   [06/02/2007|12:04] C:\DOCUME~1\MULTIS~1\APPLIC~1\U3

   [20/07/2004|12:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [09/12/2008 15:38][--ah-----] C:\WINDOWS	asks\SA.DAT
   [24/04/2003 13:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [06/07/2005|14:45] C:\Program Files\Adobe
   [01/02/2005|11:05] C:\Program Files\Ahead
   [19/05/2006|13:21] C:\Program Files\Alwil Software
   [23/01/2004|11:04] C:\Program Files\Analog Devices
   [04/10/2008|21:40] C:\Program Files\Apple Software Update
   [04/05/2008|21:18] C:\Program Files\Archive
   [20/09/2008|10:59] C:\Program Files\ArcSoft
   [04/10/2008|21:44] C:\Program Files\Bonjour
   [26/11/2008|11:06] C:\Program Files\CCleaner
   [23/01/2004|10:46] C:\Program Files\Common Files
   [27/06/2008|10:32] C:\Program Files\Companion OneTouch
   [06/11/2008|23:04] C:\Program Files\Companion Suite Pro LM
   [06/11/2008|23:30] C:\Program Files\Companion Suite Pro LM2
   [23/01/2004|10:41] C:\Program Files\ComPlus Applications
   [01/02/2005|09:32] C:\Program Files\Copernic Agent
   [23/10/2008|10:22] C:\Program Files\Fichiers communs
   [23/01/2004|13:00] C:\Program Files\HighMAT CD Writing Wizard
   [24/05/2004|07:41] C:\Program Files\i-Media
   [10/11/2008|10:43] C:\Program Files\InstallShield Installation Information
   [18/09/2008|09:06] C:\Program Files\Internet Explorer
   [04/10/2008|21:45] C:\Program Files\iPod
   [21/06/2004|07:55] C:\Program Files\i-Timtel
   [04/10/2008|21:45] C:\Program Files\iTunes
   [15/09/2008|21:29] C:\Program Files\Java
   [04/09/2008|15:36] C:\Program Files\Kodak
   [10/11/2008|10:43] C:\Program Files\LG Electronics
   [10/11/2008|10:42] C:\Program Files\LG PC Suite 2
   [15/09/2008|21:22] C:\Program Files\LimeWire
   [16/09/2008|21:54] C:\Program Files\Messenger
   [23/01/2004|10:49] C:\Program Files\microsoft frontpage
   [27/11/2008|10:39] C:\Program Files\Microsoft Office
   [01/06/2004|15:28] C:\Program Files\Microsoft SQL Server
   [18/05/2004|17:26] C:\Program Files\Microsoft Visual Studio
   [09/09/2004|16:44] C:\Program Files\Microsoft Works
   [18/05/2004|17:25] C:\Program Files\Microsoft.NET
   [01/02/2005|06:24] C:\Program Files\Movie Maker
   [23/01/2004|10:41] C:\Program Files\MSN
   [23/01/2004|10:41] C:\Program Files\MSN Gaming Zone
   [17/09/2008|10:35] C:\Program Files\MSN Toolbar
   [16/09/2008|21:52] C:\Program Files\MSXML 4.0
   [09/12/2008|16:44] C:\Program Files\Navilog1
   [01/02/2005|06:21] C:\Program Files\NetMeeting
   [22/09/2004|14:37] C:\Program Files\Network Print Monitor
   [01/02/2005|07:15] C:\Program Files\OfficeUpdate11
   [15/09/2008|10:06] C:\Program Files\OrangeHSS
   [01/02/2005|06:21] C:\Program Files\Outlook Express
   [04/10/2008|21:43] C:\Program Files\QuickTime
   [04/05/2008|21:24] C:\Program Files\sagem
   [06/11/2008|23:22] C:\Program Files\ScanSoft
   [11/09/2008|20:22] C:\Program Files\Securitoo
   [23/01/2004|10:43] C:\Program Files\Services en ligne
   [15/09/2008|11:34] C:\Program Files\Siber Systems
   [30/11/2008|15:39] C:\Program Files\Spybot - Search & Destroy
   [08/10/2004|12:13] C:\Program Files\TightVNC
   [01/02/2005|04:36] C:\Program Files\UIU
   [01/06/2004|15:28] C:\Program Files\Uninstall Information
   [23/01/2004|13:04] C:\Program Files\Windows Journal Viewer
   [17/09/2008|10:41] C:\Program Files\Windows Live
   [20/09/2008|11:07] C:\Program Files\Windows Media Player
   [01/02/2005|06:21] C:\Program Files\Windows NT
   [15/09/2008|10:54] C:\Program Files\WindowsUpdate
   [23/01/2004|10:49] C:\Program Files\xerox
   [09/12/2008|14:33] C:\Program Files\Zone Labs

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [17/05/2004|12:59] C:\Program Files\Fichiers communs\Adobe
   [19/07/2004|11:53] C:\Program Files\Fichiers communs\Ahead
   [04/10/2008|21:42] C:\Program Files\Fichiers communs\Apple
   [24/05/2004|12:45] C:\Program Files\Fichiers communs\Copernic
   [18/05/2004|17:26] C:\Program Files\Fichiers communs\DESIGNER
   [11/09/2008|20:21] C:\Program Files\Fichiers communs\France Telecom
   [06/11/2008|23:19] C:\Program Files\Fichiers communs\InstallShield
   [23/01/2004|10:47] C:\Program Files\Fichiers communs\Java
   [02/11/2005|12:14] C:\Program Files\Fichiers communs\KAV Shared Files
   [04/09/2008|15:35] C:\Program Files\Fichiers communs\Kodak
   [15/07/2004|10:29] C:\Program Files\Fichiers communs\L&H Shared
   [17/09/2008|10:40] C:\Program Files\Fichiers communs\Microsoft Shared
   [23/01/2004|10:42] C:\Program Files\Fichiers communs\MSSoap
   [23/01/2004|10:15] C:\Program Files\Fichiers communs\ODBC
   [06/11/2008|23:19] C:\Program Files\Fichiers communs\ScanSoft Shared
   [23/01/2004|10:42] C:\Program Files\Fichiers communs\Services
   [23/01/2004|10:15] C:\Program Files\Fichiers communs\SpeechEngines
   [01/02/2005|06:21] C:\Program Files\Fichiers communs\System
   [17/09/2008|10:40] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 50 Processes )

   iexplore.exe ~ [PID:3828]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@adultfriendfinder[2].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@advertising[1].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@www.skyupadvertising[2].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@bigpoint[2].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@fr.thepimps.bigpoint[2].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@fr1.darkorbit.bigpoint[1].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@banner.cotedazurpalace[2].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@banner.cotedazurpalace[3].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@cotedazurpalace[2].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@www.cotedazurpalace[1].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@adopt.euroclick[2].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@2xmoinscher[1].txt
   C:\DOCUME~1\MULTIS~1\Cookies\multiservices@cc.2xmoinscher[1].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-12-09 16:55:15
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 2
 
   --------------------\  Recherche d'autres infections

   C:\WINDOWS\system32\WGjStBeg.ini
   C:\WINDOWS\system32\WGjStBeg.ini2
   C:\WINDOWS\system32\geBtSjGW.dll
   [b]==> VUNDO <==/b
 


   [F:57][D:16]-> C:\DOCUME~1\MULTIS~1\LOCALS~1\Temp
   [F:823][D:0]-> C:\DOCUME~1\MULTIS~1\Cookies
   [F:2286][D:21]-> C:\DOCUME~1\MULTIS~1\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 09/12/2008|16:58 - Option : [1]

   --------------------\  Fin du rapport a 16:58:17

zorinho · Answer

Salut

1) télécharge CCleaner https://www.malekal.com/tutoriel-ccleaner/

Comme indiqué dans le tutorial, applique les étapes
- installer (attention ne pas installer la barre yahoo toolbar)
- nettoyage
- recherche des erreurs


2) fais un scan avec Superantispyware
https://www.commentcamarche.net/telecharger/ 34055294 superantispyware

Fais les mises à jour..et en scan en mode sans échec examen complet 

Avant cela, tu auras éliminé les cookies en faisant un nettoyage avec CCleaner.

Le tuto de superantispyware: http://xp.net.free.fr/tutos/SAS2.php


Colle le rapport Superantiisyware (voir tuto) 


A plus

Zor

miskizou · Answer

il doit y avoir une erreur dans l'adresse de superantispyware car ca marche pas. J'ai essayer de le telecharger autrement mais c en anglais uniquement et on me dit que le telechargement ne peut pas aller jusqu'au bout (après je ne comprend pas tout jsuis pas bilingue).. J'avais deeja ccleaner donc ca pas de soucis, je l'ai fai, jen suis la (rien n'a changé)... C'est quoi un Tudo? je peux aller directement à cette étape?
MErci pour le temps que tu passe à m'aider..

zorinho · Answer

Il suffisait juste de copier le lien en entier

zorinho · Answer

https://www.malekal.com/?s=SUPERAntiSpyware

ou

http://www.commentcamarche.net/telecharger/telecharger 34055294 superantispyware

NB: tuto égale mode d'emploi

-----------------------------------------------------------------------------------------------------------------------------
Si cela ne marche toujours pas, utilise malwarebytes antimalware

http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware

pour t'aider à utiliser Malwarebyte Antimalware, Regarde ce tuto
https://forums.cnetfrance.fr

Réalise un scan complet en mode sans échec
Démarrage en mode sans échec

A la fin du scan, il indique Afficher les résultats, fais absolument "SUPPRIMER LA SELECTION"

Colle le rapport ici

A bon entendeur

Zor

miskizou · Answer

voici le rapport de superantispyware:



SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/10/2008 at 10:49 AM

Application Version : 4.23.1006

Core Rules Database Version : 3669
Trace Rules Database Version: 1648

Scan type       : Complete Scan
Total Scan Time : 00:30:18

Memory items scanned      : 432
Memory threats detected   : 4
Registry items scanned    : 5721
Registry threats detected : 171
File items scanned        : 38435
File threats detected     : 181

Trojan.Vundo-Variant/Small-GEN
	C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
	C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	C:\WINDOWS\SYSTEM32\FCCCBYVW.DLL

Adware.Vundo Variant/Resident
	C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL
	C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL

Trojan.Unclassified/Uesiuqcr
	C:\WINDOWS\SYSTEM32\UESIUQCR.EXE
	C:\WINDOWS\SYSTEM32\UESIUQCR.EXE

Trojan.Dropper/Gen-NV
	C:\WINDOWS\BRASTK.EXE
	C:\WINDOWS\BRASTK.EXE

Rogue.FakeAlert/Wallpaper
	[Wallpaper] C:\WINDOWS\DEFAULT.HTM
	C:\WINDOWS\DEFAULT.HTM

Adware.Vundo Variant
	HKLM\Software\Classes\CLSID\{033b938b-a721-40ed-b871-dff40b43ca44}
	HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}
	HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32
	HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\QDVMZF.DLL
	HKLM\Software\Classes\CLSID\{08127b7e-7f9b-4460-ac25-1c7012e51eca}
	HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
	HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32
	HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\ONBGOM.DLL
	HKLM\Software\Classes\CLSID\{102793fa-0118-4dfa-9138-d5787075ed51}
	HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}
	HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32
	HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\RFDUVS.DLL
	HKLM\Software\Classes\CLSID\{1b6fb7a8-fd65-48e6-8904-3233b5937894}
	HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}
	HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32
	HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\HLEZEW.DLL
	HKLM\Software\Classes\CLSID\{22ceab05-0629-4b56-9fcd-49d0eb1092c7}
	HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
	HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32
	HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\JZDYCB.DLL
	HKLM\Software\Classes\CLSID\{51c55845-ecae-4c41-bd8a-449b72067e61}
	HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}
	HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32
	HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\XIKSTK.DLL
	HKLM\Software\Classes\CLSID\{5a8bc752-22ff-401d-8846-bd9c2ff56600}
	HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}
	HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32
	HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\VFRCOS.DLL
	HKLM\Software\Classes\CLSID\{5c08aa60-c326-48bf-be4a-d13785f44de6}
	HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}
	HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32
	HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\AWZJBE.DLL
	HKLM\Software\Classes\CLSID\{5ca59776-f6b7-4193-b5e7-6c89bcd3b2dc}
	HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
	HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32
	HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\GTIVUF.DLL
	HKLM\Software\Classes\CLSID\{6e92fda0-29b9-4b33-a046-3ac3ed5856f5}
	HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}
	HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32
	HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\PCGKKR.DLL
	HKLM\Software\Classes\CLSID\{80202d95-bea6-4860-8046-8d7da38e9f90}
	HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
	HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32
	HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\ECEYQL.DLL
	HKLM\Software\Classes\CLSID\{8e593530-2271-4f1c-b32f-b185cc9e056c}
	HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}
	HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32
	HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\KFMZOL.DLL
	HKLM\Software\Classes\CLSID\{98e2262e-c618-4e21-bf91-987105697ab6}
	HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}
	HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32
	HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\YTKUNO.DLL
	HKLM\Software\Classes\CLSID\{98f179e0-f892-47e3-87bf-20bbf3a01cce}
	HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
	HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32
	HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\IPGRWU.DLL
	HKLM\Software\Classes\CLSID\{aa882f3d-a562-41ab-86aa-34e68371abac}
	HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
	HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32
	HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\NWNHSM.DLL
	HKLM\Software\Classes\CLSID\{b078695a-afa2-409b-a727-38595b45fbe5}
	HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}
	HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32
	HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\CACCCL.DLL
	HKLM\Software\Classes\CLSID\{b3b6b46d-8b8a-496e-acfe-aa720adbd5fe}
	HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
	HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32
	HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\VMPLSI.DLL
	HKLM\Software\Classes\CLSID\{c5284b6d-fce0-40b9-a2db-502ae109bdb0}
	HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
	HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32
	HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\QBZPHP.DLL
	HKLM\Software\Classes\CLSID\{c91882f4-ecfc-4c62-9049-a53e019bc79f}
	HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
	HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32
	HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\IBIMJD.DLL
	HKLM\Software\Classes\CLSID\{ca03bc21-9edc-4734-839c-201a45f68d2f}
	HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
	HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32
	HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\EQPZUS.DLL
	HKLM\Software\Classes\CLSID\{db0da7bf-c066-4841-b66f-5ce72ab252d8}
	HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
	HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32
	HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\YXFORD.DLL
	HKLM\Software\Classes\CLSID\{e275966c-713f-4a08-8c2b-64b580bcb680}
	HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}
	HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32
	HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\ZNHXRN.DLL
	HKLM\Software\Classes\CLSID\{f01ac8e7-d324-4499-8845-5a8708116afd}
	HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}
	HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32
	HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\YJJGFK.DLL
	HKLM\Software\Classes\CLSID\{f1d4d47f-ccaa-4430-adf8-764b68bd59e2}
	HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
	HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32
	HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\JLDDDT.DLL
	HKLM\Software\Classes\CLSID\{fa673c7c-eaf7-4f2b-ae22-cb6be6f5f90e}
	HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
	HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32
	HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\NJQNZK.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{033B938B-A721-40ED-B871-DFF40B43CA44}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{102793FA-0118-4DFA-9138-D5787075ED51}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51C55845-ECAE-4C41-BD8A-449B72067E61}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E593530-2271-4F1C-B32F-B185CC9E056C}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98E2262E-C618-4E21-BF91-987105697AB6}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B078695A-AFA2-409B-A727-38595B45FBE5}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E275966C-713F-4A08-8C2B-64B580BCB680}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F01AC8E7-D324-4499-8845-5A8708116AFD}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
	C:\WINDOWS\SYSTEM32\AJQSJR.DLL
	C:\WINDOWS\SYSTEM32\ATTNGPHT.DLL
	C:\WINDOWS\SYSTEM32\AXIZIQ.DLL
	C:\WINDOWS\SYSTEM32\CAFCXEMQ.DLL
	C:\WINDOWS\SYSTEM32\CANLRXDY.DLL
	C:\WINDOWS\SYSTEM32\DCHTDUYX.DLL
	C:\WINDOWS\SYSTEM32\DRAAGBRW.DLL
	C:\WINDOWS\SYSTEM32\EFGMHIHY.DLL
	C:\WINDOWS\SYSTEM32\ERGYMWDD.DLL
	C:\WINDOWS\SYSTEM32\FKXAHC.DLL
	C:\WINDOWS\SYSTEM32\IEJHYUKH.DLL
	C:\WINDOWS\SYSTEM32\IIEWWDBH.DLL
	C:\WINDOWS\SYSTEM32\JEEGMQIT.DLL
	C:\WINDOWS\SYSTEM32\KJBODWDB.DLL
	C:\WINDOWS\SYSTEM32\KLXMCB.DLL
	C:\WINDOWS\SYSTEM32\KMTTPSPM.DLL
	C:\WINDOWS\SYSTEM32\KUWDCHIK.DLL
	C:\WINDOWS\SYSTEM32\NGTYTC.DLL
	C:\WINDOWS\SYSTEM32\NHVMJBLO.DLL
	C:\WINDOWS\SYSTEM32\NJESDXFH.DLL
	C:\WINDOWS\SYSTEM32\ORCGVFTK.DLL
	C:\WINDOWS\SYSTEM32\PECVHRCM.DLL
	C:\WINDOWS\SYSTEM32\QOFSAIYD.DLL
	C:\WINDOWS\SYSTEM32\RMHOTXEK.DLL
	C:\WINDOWS\SYSTEM32\TGOICMEW.DLL
	C:\WINDOWS\SYSTEM32\UXQQWVLK.DLL
	C:\WINDOWS\SYSTEM32\WDNHMTMW.DLL
	C:\WINDOWS\SYSTEM32\WSTECIIL.DLL
	C:\WINDOWS\SYSTEM32\XLHYRPFD.DLL
	C:\WINDOWS\SYSTEM32\YHCPTMIO.DLL

Trojan.Unclassified
	HKLM\Software\Classes\CLSID\{33c34b7c-9301-4c0b-9fce-a15e0b62fdbf}
	HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
	HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32
	HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\WTAECF.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
	C:\WINDOWS\SYSTEM32\OBTDTBLN.DLL

Trojan.Vundo-Variant/NextGen
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
	HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
	HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32
	HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32#ThreadingModel
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32
	HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32#ThreadingModel
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkIYOfC

Adware.Vundo/Variant
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
	HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
	HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32
	HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\JYVYDC.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
	HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
	HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32
	HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\VWACNT.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
	HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
	HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32
	HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\DQNQBI.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
	HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
	HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32
	HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\DTNSQT.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
	HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
	HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32
	HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\QOJAQH.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
	HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
	HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32
	HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\WXIJRK.DLL
	C:\WINDOWS\SYSTEM32\AHTDYRXN.DLL
	C:\WINDOWS\SYSTEM32\AMEGAQTQ.DLL
	C:\WINDOWS\SYSTEM32\ANZEBD.DLL
	C:\WINDOWS\SYSTEM32\BHXFRDFS.DLL
	C:\WINDOWS\SYSTEM32\BTLNDHDC.DLL
	C:\WINDOWS\SYSTEM32\BXQWJISI.DLL
	C:\WINDOWS\SYSTEM32\CBKLOPMN.DLL
	C:\WINDOWS\SYSTEM32\DTQXCVFF.DLL
	C:\WINDOWS\SYSTEM32\ERWCFL.DLL
	C:\WINDOWS\SYSTEM32\FCXPIPOS.DLL
	C:\WINDOWS\SYSTEM32\GKOMHEYK.DLL
	C:\WINDOWS\SYSTEM32\HQDTJHGY.DLL
	C:\WINDOWS\SYSTEM32\HRUUCJPD.DLL
	C:\WINDOWS\SYSTEM32\ICSELNLG.DLL
	C:\WINDOWS\SYSTEM32\JKXSMAVC.DLL
	C:\WINDOWS\SYSTEM32\JUHMUBFP.DLL
	C:\WINDOWS\SYSTEM32\NZNBYI.DLL
	C:\WINDOWS\SYSTEM32\OBOAAESC.DLL
	C:\WINDOWS\SYSTEM32\PEHPJBBE.DLL
	C:\WINDOWS\SYSTEM32\RHWHMALU.DLL
	C:\WINDOWS\SYSTEM32\SHPGQJBV.DLL
	C:\WINDOWS\SYSTEM32\SHPUGVSS.DLL
	C:\WINDOWS\SYSTEM32\SUFEHBLA.DLL
	C:\WINDOWS\SYSTEM32\TRCQJKBP.DLL
	C:\WINDOWS\SYSTEM32\TRSALVMP.DLL
	C:\WINDOWS\SYSTEM32\VDDSUDDI.DLL

Adware.Tracking Cookie
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.sorpresor[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@media6degrees[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@date.ventivmedia[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@tradedoubler[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@adrevolver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.yieldmanager[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.loudsocial[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@dynamic.media.adrevolver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.zanox[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@doubleclick[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@bewebmedia[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@smartadserver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@yourmedia[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@media.adrevolver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@weborama[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@atdmt[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@bluestreak[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@adsby.aim4media[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@xiti[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@statcounter[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@mediaplex[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@apmebf[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@bs.serving-sys[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@advertising[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@serving-sys[2].txt

Adware.Vundo Variant/Rel
	HKLM\SOFTWARE\Microsoft\aoprndtws
	HKLM\SOFTWARE\Microsoft\FCOVM
	HKLM\SOFTWARE\Microsoft\RemoveRP
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\rdfa

Rogue.XP AntiSpyware 2009
	HKLM\Software\XP_Antispyware
	HKLM\Software\XP_Antispyware#email3
	HKLM\Software\XP_Antispyware#info

Trojan.Downloader-Gen
	HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ brastk.exe ]

Rootkit.Karna/Beep-Fake
	C:\WINDOWS\DRIVERS\BEEP.SYS
	C:\WINDOWS\SYSTEM32\DLLCACHE\BEEP.SYS

Adware.Vundo/Variant-Trace
	C:\WINDOWS\SYSTEM32\ACCVFWLB.INI
	C:\WINDOWS\SYSTEM32\BBMBOMKI.INI
	C:\WINDOWS\SYSTEM32\CKGOSAYK.INI
	C:\WINDOWS\SYSTEM32\DNAYGBVO.INI
	C:\WINDOWS\SYSTEM32\FGEMETXS.INI
	C:\WINDOWS\SYSTEM32\FOAJCNPE.INI
	C:\WINDOWS\SYSTEM32\GMBUKQTX.INI
	C:\WINDOWS\SYSTEM32\GRUFQSRV.INI
	C:\WINDOWS\SYSTEM32\GTPUNMXE.INI
	C:\WINDOWS\SYSTEM32\HITTATYM.INI
	C:\WINDOWS\SYSTEM32\IAKAGNJA.INI
	C:\WINDOWS\SYSTEM32\IFJMPEVO.INI
	C:\WINDOWS\SYSTEM32\KLVWQQXU.INI
	C:\WINDOWS\SYSTEM32\KSQJRFWD.INI
	C:\WINDOWS\SYSTEM32\KVDQYXVN.INI
	C:\WINDOWS\SYSTEM32\LRAEOXFR.INI
	C:\WINDOWS\SYSTEM32\MPSPTTMK.INI
	C:\WINDOWS\SYSTEM32\MSTGNVTX.INI
	C:\WINDOWS\SYSTEM32\MYVJRNJG.INI
	C:\WINDOWS\SYSTEM32\NLBTDTBO.INI
	C:\WINDOWS\SYSTEM32\NXYGFXCA.INI
	C:\WINDOWS\SYSTEM32\OGFNQKXT.INI
	C:\WINDOWS\SYSTEM32\PATYEPRQ.INI
	C:\WINDOWS\SYSTEM32\PBYKRVEP.INI
	C:\WINDOWS\SYSTEM32\PNDXJIVH.INI
	C:\WINDOWS\SYSTEM32\QPELUTNE.INI
	C:\WINDOWS\SYSTEM32\QRHFYXNT.INI
	C:\WINDOWS\SYSTEM32\SCPSHGGI.INI
	C:\WINDOWS\SYSTEM32\SXRLFKOJ.INI
	C:\WINDOWS\SYSTEM32\THPGNTTA.INI
	C:\WINDOWS\SYSTEM32\TIQMGEEJ.INI
	C:\WINDOWS\SYSTEM32\TQXKBMNO.INI
	C:\WINDOWS\SYSTEM32\UCJPOYMI.INI
	C:\WINDOWS\SYSTEM32\URFSEPHQ.INI
	C:\WINDOWS\SYSTEM32\VIDLJISF.INI
	C:\WINDOWS\SYSTEM32\WBRFPRGQ.INI
	C:\WINDOWS\SYSTEM32\WHNQPIOT.INI
	C:\WINDOWS\SYSTEM32\WNXCHQGL.INI
	C:\WINDOWS\SYSTEM32\WYWRGSTA.INI
	C:\WINDOWS\SYSTEM32\XCWKOIYE.INI
	C:\WINDOWS\SYSTEM32\YDXRLNAC.INI
	C:\WINDOWS\SYSTEM32\YFBLIJQB.INI

Trojan.Unknown Origin
	C:\WINDOWS\SYSTEM32\ESKKQGDR.EXE
	C:\WINDOWS\SYSTEM32\FJSCJGXK.EXE
	C:\WINDOWS\SYSTEM32\GBWDGMJM.EXE
	C:\WINDOWS\SYSTEM32\GIENGDOU.EXE
	C:\WINDOWS\SYSTEM32\GXUQPQNR.EXE
	C:\WINDOWS\SYSTEM32\OAGMMNEI.EXE
	C:\WINDOWS\SYSTEM32\PSFOPIFW.EXE
	C:\WINDOWS\SYSTEM32\RFTCFYDR.EXE
	C:\WINDOWS\SYSTEM32\RSLUCYRI.EXE
	C:\WINDOWS\SYSTEM32\SSBPMFXI.EXE
	C:\WINDOWS\SYSTEM32\UOTRPOGO.EXE
	C:\WINDOWS\SYSTEM32\WOILBLSI.EXE
	C:\WINDOWS\SYSTEM32\YDDXKMCH.EXE
	C:\WINDOWS\SYSTEM32\YDWDXKDQ.EXE

Rogue.Multi-Dropper/Installer
	C:\WINDOWS\SYSTEM32\WERTYU.DLL

Trojan.Dropper/Gen
	C:\WINDOWS\SYSTEM32\WINI10791.EXE

miskizou · Answer

Ca a marché, MERCI MERCI MERCI!!!!
il n'y a plus le fond d'écran bleu avec ecrit "attention....", je n'ai plus le message "your computer is infected" qui s'affiche, il n'y a meme plus la croix rouge et le point d'exclamation jaune en bas a droite.  super!!!
Dois je conserver tous les logiciels que j'ai téléchargé : navilog, smitfrandfix, ccleaner, superantispyware et zonealarm??
encore merci

zorinho · Answer

Salut,

ce n'est pas fini

1) j'aurais souhaité le rapport Superantispyware sous une autre forme

vas dans "preference" , "logs/statistics"

et tu cliques sur le dernier rapport

fais copier/coller ici

PS: j'espère que tu as pu faire un scan "en mode sans échec"

2) Apparemment, tu ne maîtrises pas encore CCleaner

- utilise le pinceau pour lancer le nettoyage (efface les cookies, les fichiers temporaires, etc)
- utilise la fonction "Registre / chercher les erreurs / corriger les erreurs) pour nettoyer ta base de registre

3) Utilise par sécurité malwarebytes

https://www.commentcamarche.net/telecharger/ 34055379 malwarebytes anti malware 

pour t'aider à utiliser Malwarebyte Antimalware, Regarde ce tuto 
https://forums.cnetfrance.fr 

Réalise un scan complet en mode sans échec 
Démarrage en mode sans échec 

A la fin du scan, il indique Afficher les résultats, fais absolument "SUPPRIMER LA SELECTION" 

Colle le rapport ici 

4) lance un examen avec Hijackthis (on aurait dû commencer par cela)

https://www.malekal.com/tutoriel-hijackthis/

Fais "scan et save a logfile"
Ne t'avise pas de fixer des lignes


A plus

Zor

PS: pour le nettoyage, on verra après

miskizou · Answer

Non je n'ai pas fai le scan superantispyware en mode sans echec. ce n'était pas spécifié dans la notice. Le rapport que j'avais posté je l'ai eu dans préférence puis statistique, donc si je le reposte ca sera le meme.?
Lol, c'est vrai que je ne maitrise pas trop ccleaner (comme tous ces logiciels...) mais ce que tu me dis de faire , je l'avai deja fait (je l'ai refait du coup)

Je t'envoie le rapport de malwarebyte, j'ai bien fait cette fois le scan en mode sans echec


Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1482
Windows 5.1.2600 Service Pack 2

10/12/2008 13:09:42
mbam-log-2008-12-10 (13-09-42).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 91815
Temps écoulé: 50 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 45
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 224

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{cd796033-04ae-4b69-8cb2-92bd6c2aaa27} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{be2ce3a1-0e47-4f12-a243-8fccced94209} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7759abc-b7d8-437c-adc4-b35f2e1692cc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a67b8fe1-8e6d-44d6-8d74-9c28e7bff35c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f92cb680-e0d5-4b9a-803c-8200a5c65a2a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61a4c96b-365b-49c0-80c5-0324d6b544ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61a4c96b-365b-49c0-80c5-0324d6b544ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b6a5068-d99f-432f-afe1-76abc1d69dcb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b6a5068-d99f-432f-afe1-76abc1d69dcb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fad5b5f-9a50-41f0-b8fe-4171d62ecb70} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9fad5b5f-9a50-41f0-b8fe-4171d62ecb70} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{079c3b15-d4a2-4c8f-8f9b-bec856764ab5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{079c3b15-d4a2-4c8f-8f9b-bec856764ab5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a762cc3-d071-4019-9ad1-b8a072ea8f1f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a762cc3-d071-4019-9ad1-b8a072ea8f1f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3873c472-7bfa-4279-9430-4cf72b561003} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3873c472-7bfa-4279-9430-4cf72b561003} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12d6a055-5922-44bd-9d32-c651741c14ae} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12d6a055-5922-44bd-9d32-c651741c14ae} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f5d4192-2621-4510-a44a-fe9de45e9cc6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5f5d4192-2621-4510-a44a-fe9de45e9cc6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72f66ad-73a0-4f54-997b-c49cbb29bf03} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72f66ad-73a0-4f54-997b-c49cbb29bf03} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f7961abe-d137-4b7b-8d7b-d6a7b0b70f8d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f7961abe-d137-4b7b-8d7b-d6a7b0b70f8d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fddfd658-3c9a-4539-9158-343ece21e40e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fddfd658-3c9a-4539-9158-343ece21e40e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae731fef-f5e8-4be5-a771-7da00636a4c6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae731fef-f5e8-4be5-a771-7da00636a4c6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6ff2241-a11b-4de2-992d-a88773e349f0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5938cf21-228c-4c45-8958-f7191ac9154a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{17b78773-c950-4efa-8553-f1be6c607a49} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17b78773-c950-4efa-8553-f1be6c607a49} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{055d80c1-a63e-4efd-9efd-377d20a945e3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72b41eff-d0d8-4ad5-8890-33174dde6b82} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{deb3a92b-d7c9-40a7-bb0f-7a408c271c1d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deb3a92b-d7c9-40a7-bb0f-7a408c271c1d} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf71b678e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf71b678e (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\cugxsvxd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxvsxguc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlsosqjb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjqsosld.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfwtyqog.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\goqytwfg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glrojslx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlsjorlg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfrwmkxf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxkmwrfl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrawshcg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gchswarm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrcjshcf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fchsjcrm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
prxqerf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\freqxrpn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
twulvyj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyvluwtn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qvmeiyqm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mqyiemvq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sorgygmt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	mgygros.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqcyogxu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxgoycqv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fglrcicr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001215.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001228.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001291.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001292.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001293.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001294.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001295.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001296.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001297.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001298.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001299.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001300.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001301.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001302.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001303.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A543A4F-1682-4940-B60A-B29418E86E97}\RP3\A0001304.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\gvo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\wcq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqqhfvwy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfjlnbem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bopare.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cagbwm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cblnwmqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ceocxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\chbyetwl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cupgbq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxdifd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxyuynfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddzije.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djurnhdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnqsxfdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnkcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwjdbbut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzicpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dzwcqn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emfageym.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\entulepq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eokejz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqypqefx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exmnuptg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\feeaau.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fmkbtceu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsijldiv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsxeugig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\givucofv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gpprht.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hjsssxkd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hldzhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlwbdw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hpoijvga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hrwvlukx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifpgcm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifwrbfck.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iljpmkxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imyopjcu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isnkhjnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmmxnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lketfisx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ltjalteg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxermjef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mghbwrok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgnmpgpa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhsscrph.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
dhiqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ekols.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
vxnfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ochyncvk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oheeem.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohvolm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ondrza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oobdhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovbgyand.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owichgxi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\owxjponm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxtdchiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pibeavvk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkgglhuq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlyoet.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlzzaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32gqywc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32hjpyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32lnocbiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sprlht.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssyoum.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sunoye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	cuqwcsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hqewn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	mvrxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	nwsumxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	qeknkbq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	rjoai.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	xkqnfgo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uowmcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbstzw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkmundbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vmcsqfup.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvqtgcpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxvoahkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xgxgclga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xkriuhje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmmjevac.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yehtmfca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhnhrx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymdqhxmp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymubhoyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yrhghvgy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxtgct.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zceuxk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zgxytb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zjtmpd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zsqurx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zyswci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getwn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf71b678e.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf71b678e.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

miskizou · Answer

C'est re moi,
Je n'arrive pas a décompresser hijachthis, comment on fait??? merci

zorinho · Answer

Re-salut,

1) relis le point 9

je t'avais demandé de réaliser le scan Superantispyware en mode sans échec

Pourrais-tu faire les mises à jour du logiciel et faire un scan en mode sans échec.

Envoie-moi le rapport d'analyse

2) télécharge Hijackthis ici, tu auras peut-être plus de chance

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

A plus

Zor

miskizou · Answer

Voici le rapprt de scan de superantispyware cette fois en mode sans echec:


SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 12/10/2008 at 10:49 AM

Application Version : 4.23.1006

Core Rules Database Version : 3669
Trace Rules Database Version: 1648

Scan type       : Complete Scan
Total Scan Time : 00:30:18

Memory items scanned      : 432
Memory threats detected   : 4
Registry items scanned    : 5721
Registry threats detected : 171
File items scanned        : 38435
File threats detected     : 181

Trojan.Vundo-Variant/Small-GEN
	C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
	C:\WINDOWS\SYSTEM32\JKKIYOFC.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	C:\WINDOWS\SYSTEM32\FCCCBYVW.DLL

Adware.Vundo Variant/Resident
	C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL
	C:\WINDOWS\SYSTEM32\GEBTSJGW.DLL

Trojan.Unclassified/Uesiuqcr
	C:\WINDOWS\SYSTEM32\UESIUQCR.EXE
	C:\WINDOWS\SYSTEM32\UESIUQCR.EXE

Trojan.Dropper/Gen-NV
	C:\WINDOWS\BRASTK.EXE
	C:\WINDOWS\BRASTK.EXE

Rogue.FakeAlert/Wallpaper
	[Wallpaper] C:\WINDOWS\DEFAULT.HTM
	C:\WINDOWS\DEFAULT.HTM

Adware.Vundo Variant
	HKLM\Software\Classes\CLSID\{033b938b-a721-40ed-b871-dff40b43ca44}
	HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}
	HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32
	HKCR\CLSID\{033B938B-A721-40ED-B871-DFF40B43CA44}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\QDVMZF.DLL
	HKLM\Software\Classes\CLSID\{08127b7e-7f9b-4460-ac25-1c7012e51eca}
	HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
	HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32
	HKCR\CLSID\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\ONBGOM.DLL
	HKLM\Software\Classes\CLSID\{102793fa-0118-4dfa-9138-d5787075ed51}
	HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}
	HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32
	HKCR\CLSID\{102793FA-0118-4DFA-9138-D5787075ED51}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\RFDUVS.DLL
	HKLM\Software\Classes\CLSID\{1b6fb7a8-fd65-48e6-8904-3233b5937894}
	HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}
	HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32
	HKCR\CLSID\{1B6FB7A8-FD65-48E6-8904-3233B5937894}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\HLEZEW.DLL
	HKLM\Software\Classes\CLSID\{22ceab05-0629-4b56-9fcd-49d0eb1092c7}
	HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
	HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32
	HKCR\CLSID\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\JZDYCB.DLL
	HKLM\Software\Classes\CLSID\{51c55845-ecae-4c41-bd8a-449b72067e61}
	HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}
	HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32
	HKCR\CLSID\{51C55845-ECAE-4C41-BD8A-449B72067E61}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\XIKSTK.DLL
	HKLM\Software\Classes\CLSID\{5a8bc752-22ff-401d-8846-bd9c2ff56600}
	HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}
	HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32
	HKCR\CLSID\{5A8BC752-22FF-401D-8846-BD9C2FF56600}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\VFRCOS.DLL
	HKLM\Software\Classes\CLSID\{5c08aa60-c326-48bf-be4a-d13785f44de6}
	HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}
	HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32
	HKCR\CLSID\{5C08AA60-C326-48BF-BE4A-D13785F44DE6}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\AWZJBE.DLL
	HKLM\Software\Classes\CLSID\{5ca59776-f6b7-4193-b5e7-6c89bcd3b2dc}
	HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
	HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32
	HKCR\CLSID\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\GTIVUF.DLL
	HKLM\Software\Classes\CLSID\{6e92fda0-29b9-4b33-a046-3ac3ed5856f5}
	HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}
	HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32
	HKCR\CLSID\{6E92FDA0-29B9-4B33-A046-3AC3ED5856F5}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\PCGKKR.DLL
	HKLM\Software\Classes\CLSID\{80202d95-bea6-4860-8046-8d7da38e9f90}
	HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
	HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32
	HKCR\CLSID\{80202D95-BEA6-4860-8046-8D7DA38E9F90}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\ECEYQL.DLL
	HKLM\Software\Classes\CLSID\{8e593530-2271-4f1c-b32f-b185cc9e056c}
	HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}
	HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32
	HKCR\CLSID\{8E593530-2271-4F1C-B32F-B185CC9E056C}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\KFMZOL.DLL
	HKLM\Software\Classes\CLSID\{98e2262e-c618-4e21-bf91-987105697ab6}
	HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}
	HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32
	HKCR\CLSID\{98E2262E-C618-4E21-BF91-987105697AB6}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\YTKUNO.DLL
	HKLM\Software\Classes\CLSID\{98f179e0-f892-47e3-87bf-20bbf3a01cce}
	HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
	HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32
	HKCR\CLSID\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\IPGRWU.DLL
	HKLM\Software\Classes\CLSID\{aa882f3d-a562-41ab-86aa-34e68371abac}
	HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
	HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32
	HKCR\CLSID\{AA882F3D-A562-41AB-86AA-34E68371ABAC}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\NWNHSM.DLL
	HKLM\Software\Classes\CLSID\{b078695a-afa2-409b-a727-38595b45fbe5}
	HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}
	HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32
	HKCR\CLSID\{B078695A-AFA2-409B-A727-38595B45FBE5}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\CACCCL.DLL
	HKLM\Software\Classes\CLSID\{b3b6b46d-8b8a-496e-acfe-aa720adbd5fe}
	HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
	HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32
	HKCR\CLSID\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\VMPLSI.DLL
	HKLM\Software\Classes\CLSID\{c5284b6d-fce0-40b9-a2db-502ae109bdb0}
	HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
	HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32
	HKCR\CLSID\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\QBZPHP.DLL
	HKLM\Software\Classes\CLSID\{c91882f4-ecfc-4c62-9049-a53e019bc79f}
	HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
	HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32
	HKCR\CLSID\{C91882F4-ECFC-4C62-9049-A53E019BC79F}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\IBIMJD.DLL
	HKLM\Software\Classes\CLSID\{ca03bc21-9edc-4734-839c-201a45f68d2f}
	HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
	HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32
	HKCR\CLSID\{CA03BC21-9EDC-4734-839C-201A45F68D2F}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\EQPZUS.DLL
	HKLM\Software\Classes\CLSID\{db0da7bf-c066-4841-b66f-5ce72ab252d8}
	HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
	HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32
	HKCR\CLSID\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\YXFORD.DLL
	HKLM\Software\Classes\CLSID\{e275966c-713f-4a08-8c2b-64b580bcb680}
	HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}
	HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32
	HKCR\CLSID\{E275966C-713F-4A08-8C2B-64B580BCB680}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\ZNHXRN.DLL
	HKLM\Software\Classes\CLSID\{f01ac8e7-d324-4499-8845-5a8708116afd}
	HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}
	HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32
	HKCR\CLSID\{F01AC8E7-D324-4499-8845-5A8708116AFD}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\YJJGFK.DLL
	HKLM\Software\Classes\CLSID\{f1d4d47f-ccaa-4430-adf8-764b68bd59e2}
	HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
	HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32
	HKCR\CLSID\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\JLDDDT.DLL
	HKLM\Software\Classes\CLSID\{fa673c7c-eaf7-4f2b-ae22-cb6be6f5f90e}
	HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
	HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32
	HKCR\CLSID\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\NJQNZK.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{033B938B-A721-40ED-B871-DFF40B43CA44}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08127B7E-7F9B-4460-AC25-1C7012E51ECA}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{102793FA-0118-4DFA-9138-D5787075ED51}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22CEAB05-0629-4B56-9FCD-49D0EB1092C7}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51C55845-ECAE-4C41-BD8A-449B72067E61}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CA59776-F6B7-4193-B5E7-6C89BCD3B2DC}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80202D95-BEA6-4860-8046-8D7DA38E9F90}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E593530-2271-4F1C-B32F-B185CC9E056C}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98E2262E-C618-4E21-BF91-987105697AB6}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98F179E0-F892-47E3-87BF-20BBF3A01CCE}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA882F3D-A562-41AB-86AA-34E68371ABAC}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B078695A-AFA2-409B-A727-38595B45FBE5}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B3B6B46D-8B8A-496E-ACFE-AA720ADBD5FE}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5284B6D-FCE0-40B9-A2DB-502AE109BDB0}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C91882F4-ECFC-4C62-9049-A53E019BC79F}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA03BC21-9EDC-4734-839C-201A45F68D2F}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB0DA7BF-C066-4841-B66F-5CE72AB252D8}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E275966C-713F-4A08-8C2B-64B580BCB680}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F01AC8E7-D324-4499-8845-5A8708116AFD}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1D4D47F-CCAA-4430-ADF8-764B68BD59E2}
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA673C7C-EAF7-4F2B-AE22-CB6BE6F5F90E}
	C:\WINDOWS\SYSTEM32\AJQSJR.DLL
	C:\WINDOWS\SYSTEM32\ATTNGPHT.DLL
	C:\WINDOWS\SYSTEM32\AXIZIQ.DLL
	C:\WINDOWS\SYSTEM32\CAFCXEMQ.DLL
	C:\WINDOWS\SYSTEM32\CANLRXDY.DLL
	C:\WINDOWS\SYSTEM32\DCHTDUYX.DLL
	C:\WINDOWS\SYSTEM32\DRAAGBRW.DLL
	C:\WINDOWS\SYSTEM32\EFGMHIHY.DLL
	C:\WINDOWS\SYSTEM32\ERGYMWDD.DLL
	C:\WINDOWS\SYSTEM32\FKXAHC.DLL
	C:\WINDOWS\SYSTEM32\IEJHYUKH.DLL
	C:\WINDOWS\SYSTEM32\IIEWWDBH.DLL
	C:\WINDOWS\SYSTEM32\JEEGMQIT.DLL
	C:\WINDOWS\SYSTEM32\KJBODWDB.DLL
	C:\WINDOWS\SYSTEM32\KLXMCB.DLL
	C:\WINDOWS\SYSTEM32\KMTTPSPM.DLL
	C:\WINDOWS\SYSTEM32\KUWDCHIK.DLL
	C:\WINDOWS\SYSTEM32\NGTYTC.DLL
	C:\WINDOWS\SYSTEM32\NHVMJBLO.DLL
	C:\WINDOWS\SYSTEM32\NJESDXFH.DLL
	C:\WINDOWS\SYSTEM32\ORCGVFTK.DLL
	C:\WINDOWS\SYSTEM32\PECVHRCM.DLL
	C:\WINDOWS\SYSTEM32\QOFSAIYD.DLL
	C:\WINDOWS\SYSTEM32\RMHOTXEK.DLL
	C:\WINDOWS\SYSTEM32\TGOICMEW.DLL
	C:\WINDOWS\SYSTEM32\UXQQWVLK.DLL
	C:\WINDOWS\SYSTEM32\WDNHMTMW.DLL
	C:\WINDOWS\SYSTEM32\WSTECIIL.DLL
	C:\WINDOWS\SYSTEM32\XLHYRPFD.DLL
	C:\WINDOWS\SYSTEM32\YHCPTMIO.DLL

Trojan.Unclassified
	HKLM\Software\Classes\CLSID\{33c34b7c-9301-4c0b-9fce-a15e0b62fdbf}
	HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
	HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32
	HKCR\CLSID\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\WTAECF.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33C34B7C-9301-4C0B-9FCE-A15E0B62FDBF}
	C:\WINDOWS\SYSTEM32\OBTDTBLN.DLL

Trojan.Vundo-Variant/NextGen
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
	HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}
	HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32
	HKCR\CLSID\{9787EE59-AC26-44F2-9959-F058C2DCC51E}\InprocServer32#ThreadingModel
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32
	HKCR\CLSID\{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}\InprocServer32#ThreadingModel
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{F92CB680-E0D5-4B9A-803C-8200A5C65A2A}
	Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkIYOfC

Adware.Vundo/Variant
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
	HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}
	HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32
	HKCR\CLSID\{0DA284D5-928C-4AD4-A079-100C1A4DF6BF}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\JYVYDC.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
	HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}
	HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32
	HKCR\CLSID\{1A989D79-3F19-4082-941D-C01FF6F7F9E4}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\VWACNT.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
	HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}
	HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32
	HKCR\CLSID\{2A48EBB7-753C-4F19-BB06-7FC01149EDAF}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\DQNQBI.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
	HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}
	HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32
	HKCR\CLSID\{39D2525A-B84A-4BE6-8ADC-3EDEED945A04}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\DTNSQT.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
	HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}
	HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32
	HKCR\CLSID\{3FEC08DC-094F-460C-A17B-0D0ABAB0E4CD}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\QOJAQH.DLL
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
	HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}
	HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32
	HKCR\CLSID\{5E99DBF2-37E2-411E-9298-9E1CF9A5998E}\InprocServer32#ThreadingModel
	C:\WINDOWS\SYSTEM32\WXIJRK.DLL
	C:\WINDOWS\SYSTEM32\AHTDYRXN.DLL
	C:\WINDOWS\SYSTEM32\AMEGAQTQ.DLL
	C:\WINDOWS\SYSTEM32\ANZEBD.DLL
	C:\WINDOWS\SYSTEM32\BHXFRDFS.DLL
	C:\WINDOWS\SYSTEM32\BTLNDHDC.DLL
	C:\WINDOWS\SYSTEM32\BXQWJISI.DLL
	C:\WINDOWS\SYSTEM32\CBKLOPMN.DLL
	C:\WINDOWS\SYSTEM32\DTQXCVFF.DLL
	C:\WINDOWS\SYSTEM32\ERWCFL.DLL
	C:\WINDOWS\SYSTEM32\FCXPIPOS.DLL
	C:\WINDOWS\SYSTEM32\GKOMHEYK.DLL
	C:\WINDOWS\SYSTEM32\HQDTJHGY.DLL
	C:\WINDOWS\SYSTEM32\HRUUCJPD.DLL
	C:\WINDOWS\SYSTEM32\ICSELNLG.DLL
	C:\WINDOWS\SYSTEM32\JKXSMAVC.DLL
	C:\WINDOWS\SYSTEM32\JUHMUBFP.DLL
	C:\WINDOWS\SYSTEM32\NZNBYI.DLL
	C:\WINDOWS\SYSTEM32\OBOAAESC.DLL
	C:\WINDOWS\SYSTEM32\PEHPJBBE.DLL
	C:\WINDOWS\SYSTEM32\RHWHMALU.DLL
	C:\WINDOWS\SYSTEM32\SHPGQJBV.DLL
	C:\WINDOWS\SYSTEM32\SHPUGVSS.DLL
	C:\WINDOWS\SYSTEM32\SUFEHBLA.DLL
	C:\WINDOWS\SYSTEM32\TRCQJKBP.DLL
	C:\WINDOWS\SYSTEM32\TRSALVMP.DLL
	C:\WINDOWS\SYSTEM32\VDDSUDDI.DLL

Adware.Tracking Cookie
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.sorpresor[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@media6degrees[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@date.ventivmedia[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@tradedoubler[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@adrevolver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.yieldmanager[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ads.loudsocial[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@cetelem.solution.weborama[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@dynamic.media.adrevolver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@ad.zanox[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@doubleclick[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@bewebmedia[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@smartadserver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@yourmedia[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@media.adrevolver[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@weborama[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@atdmt[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@bluestreak[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@adsby.aim4media[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@xiti[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@statcounter[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@mediaplex[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@apmebf[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@bs.serving-sys[1].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@advertising[2].txt
	C:\Documents and Settings\Multiservices\Cookies\multiservices@serving-sys[2].txt

Adware.Vundo Variant/Rel
	HKLM\SOFTWARE\Microsoft\aoprndtws
	HKLM\SOFTWARE\Microsoft\FCOVM
	HKLM\SOFTWARE\Microsoft\RemoveRP
	HKU\S-1-5-21-527237240-1454471165-839522115-1004\Software\Microsoft\rdfa

Rogue.XP AntiSpyware 2009
	HKLM\Software\XP_Antispyware
	HKLM\Software\XP_Antispyware#email3
	HKLM\Software\XP_Antispyware#info

Trojan.Downloader-Gen
	HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ brastk.exe ]

Rootkit.Karna/Beep-Fake
	C:\WINDOWS\DRIVERS\BEEP.SYS
	C:\WINDOWS\SYSTEM32\DLLCACHE\BEEP.SYS

Adware.Vundo/Variant-Trace
	C:\WINDOWS\SYSTEM32\ACCVFWLB.INI
	C:\WINDOWS\SYSTEM32\BBMBOMKI.INI
	C:\WINDOWS\SYSTEM32\CKGOSAYK.INI
	C:\WINDOWS\SYSTEM32\DNAYGBVO.INI
	C:\WINDOWS\SYSTEM32\FGEMETXS.INI
	C:\WINDOWS\SYSTEM32\FOAJCNPE.INI
	C:\WINDOWS\SYSTEM32\GMBUKQTX.INI
	C:\WINDOWS\SYSTEM32\GRUFQSRV.INI
	C:\WINDOWS\SYSTEM32\GTPUNMXE.INI
	C:\WINDOWS\SYSTEM32\HITTATYM.INI
	C:\WINDOWS\SYSTEM32\IAKAGNJA.INI
	C:\WINDOWS\SYSTEM32\IFJMPEVO.INI
	C:\WINDOWS\SYSTEM32\KLVWQQXU.INI
	C:\WINDOWS\SYSTEM32\KSQJRFWD.INI
	C:\WINDOWS\SYSTEM32\KVDQYXVN.INI
	C:\WINDOWS\SYSTEM32\LRAEOXFR.INI
	C:\WINDOWS\SYSTEM32\MPSPTTMK.INI
	C:\WINDOWS\SYSTEM32\MSTGNVTX.INI
	C:\WINDOWS\SYSTEM32\MYVJRNJG.INI
	C:\WINDOWS\SYSTEM32\NLBTDTBO.INI
	C:\WINDOWS\SYSTEM32\NXYGFXCA.INI
	C:\WINDOWS\SYSTEM32\OGFNQKXT.INI
	C:\WINDOWS\SYSTEM32\PATYEPRQ.INI
	C:\WINDOWS\SYSTEM32\PBYKRVEP.INI
	C:\WINDOWS\SYSTEM32\PNDXJIVH.INI
	C:\WINDOWS\SYSTEM32\QPELUTNE.INI
	C:\WINDOWS\SYSTEM32\QRHFYXNT.INI
	C:\WINDOWS\SYSTEM32\SCPSHGGI.INI
	C:\WINDOWS\SYSTEM32\SXRLFKOJ.INI
	C:\WINDOWS\SYSTEM32\THPGNTTA.INI
	C:\WINDOWS\SYSTEM32\TIQMGEEJ.INI
	C:\WINDOWS\SYSTEM32\TQXKBMNO.INI
	C:\WINDOWS\SYSTEM32\UCJPOYMI.INI
	C:\WINDOWS\SYSTEM32\URFSEPHQ.INI
	C:\WINDOWS\SYSTEM32\VIDLJISF.INI
	C:\WINDOWS\SYSTEM32\WBRFPRGQ.INI
	C:\WINDOWS\SYSTEM32\WHNQPIOT.INI
	C:\WINDOWS\SYSTEM32\WNXCHQGL.INI
	C:\WINDOWS\SYSTEM32\WYWRGSTA.INI
	C:\WINDOWS\SYSTEM32\XCWKOIYE.INI
	C:\WINDOWS\SYSTEM32\YDXRLNAC.INI
	C:\WINDOWS\SYSTEM32\YFBLIJQB.INI

Trojan.Unknown Origin
	C:\WINDOWS\SYSTEM32\ESKKQGDR.EXE
	C:\WINDOWS\SYSTEM32\FJSCJGXK.EXE
	C:\WINDOWS\SYSTEM32\GBWDGMJM.EXE
	C:\WINDOWS\SYSTEM32\GIENGDOU.EXE
	C:\WINDOWS\SYSTEM32\GXUQPQNR.EXE
	C:\WINDOWS\SYSTEM32\OAGMMNEI.EXE
	C:\WINDOWS\SYSTEM32\PSFOPIFW.EXE
	C:\WINDOWS\SYSTEM32\RFTCFYDR.EXE
	C:\WINDOWS\SYSTEM32\RSLUCYRI.EXE
	C:\WINDOWS\SYSTEM32\SSBPMFXI.EXE
	C:\WINDOWS\SYSTEM32\UOTRPOGO.EXE
	C:\WINDOWS\SYSTEM32\WOILBLSI.EXE
	C:\WINDOWS\SYSTEM32\YDDXKMCH.EXE
	C:\WINDOWS\SYSTEM32\YDWDXKDQ.EXE

Rogue.Multi-Dropper/Installer
	C:\WINDOWS\SYSTEM32\WERTYU.DLL

Trojan.Dropper/Gen
	C:\WINDOWS\SYSTEM32\WINI10791.EXE






VOICI LE RAPPORT DE HIJACKTHIS:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:32, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$QUADBASE\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe
C:\Program Files\Companion Suite Pro LM2\MFServices.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MFPrintServer_Pro_LM] "C:\Program Files\Companion Suite Pro LM2\MFPrintServer.exe"
O4 - HKLM\..\Run: [MFServices_Pro_LM] "C:\Program Files\Companion Suite Pro LM2\MFServices.exe" -n
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [OpwareSE3] "C:\Program Files\ScanSoft\OmniPageSE3.0\OpwareSE3.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094743966812
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Quadrige LDAP Server - Unknown owner - C:\Program Files\sagem\openldap\slapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

zorinho · Answer

quoiqu'il en soit , tu as une infection Vundo.

Applique ceci

* Télécharger ComboFix (par sUBs) sur le Bureau.
* Double-cliquer combofix.exe.
* Il est vivement recommandé d'installer la Console de récupération !.
* Appuyer sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt.
* Refaire un rapport HijackThis, et fixer les lignes correspondantes comme indiqué plus haut.



Le tutoriel officiel et le lieu de téléchargement se trouvent à cette adresse : 
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
A plus

Zor

miskizou · Answer

Je ne peux pas installer la console de récupération parce que je n'ai pas le CD d'installation, je peux quand meme faire le scan avec combofix??

miskizou · Answer

non rien, jviens de voir qu'on peut le faire sans, je vais essayer

miskizou · Answer

j'ai telechargé support.microsoft.com/kb/310994, a un moment il dise qu'il faut faire glisser ce fichier sur l'icone de combofix, ca ne marche pas, ca me met "l'editeur n'a pu etre verifié. voulez vous vraiment executer ce logiciel et en fait quand je di oui ca me démarre combofix sans avoir mis le fichier console de recupération dedans.

zorinho · Answer

Je ne comprends pas ton problème...

Je vais essayer de répondre si je peux.

miskizou · Answer

Je vais essayer d'etre plus clair. Dans la notice de combofix, on dit qu'il vaut mieux  installer la console de recupération windows (c'est également ce que tu m'a dit). Il donne 2 possibilités soit par le CD Windows (que je n'ai pas) soit en téléchargement d'un fichier depuis microsoft (ce que j'ai fait). L'icone est apparu sous mon bureau (icone WinXP_FR_PRO_BF.EXE). Dans la notice, on nous dit de faire glisser cette icone  sur l'icone de Combofix. Mais moi elle ne veu pas glisser dedans, lorsque je fais cette manipulation, il y a directement combofix qui s'affiche comme si j'avais cliqué 2 fois pour démarrer le fichier.  Que faire? Désinstaller le fichier microsft pour le réinstaller pour que ca marche??
merci

zorinho · Answer

Je ne suis pas expert en combofix.

Tu peux peut-être lancer un nouveau post pour expliquer ton souci avec combofix et revenir ici une fois que tu as pu réaliser l'analyse avec combofix.

A plus

Zor

miskizou · Answer

J'ai posté 2 fois un message pour le pb mais personne n'a répondu y'a pas un autre logiciel à la place de combofix que je pourrais faire. La il marche bien mon PC, j'ai encore des virus??? faut quand meme encore faire des manip? Suis-je protéger avec tous les logiciels telechargé? Faut-il de temps en temps refaire des scans et suprimé les virus? tous les combien?
Merci

zorinho · Answer

Salut,

ton ordi est infecté et je crains qu'il faille combo por en venir à bout

1) quoiqu'il en soit, vas dans CCleaner,outils 
 
lance la désinstallation de java update et adobe reader

installe les nouvelles versons:
https://get2.adobe.com/fr/reader/otherversions/
https://www.java.com/fr/download/manual.jsp

2) installe internet explorer 7 (au lieu de la version 6)
http://www.commentcamarche.net/telecharger/telecharger 220 internet explorer

puis installe Mozilla que tu utliseras comme navigateur 
http://www.commentcamarche.net/telecharger/telecharger 111 firefox

3) installe un antivirus

tu verras tout ici https://www.malekal.com/avira-free-security-antivirus-gratuit/

Colle un rapport d'analyse


J'attends ta réponse

A plus

Zor

miskizou · Answer

bonsoir,
J'ai tout fait comme tu as dit. J'ai l'impression que le téléchargement d'adobe reader n'a pas fonctionné. J'iame pas trop la nouvelle version de explorer. J'ai un phrase en haut (en jaune pale la ou y'a des pop up d'hab) en permanence ecrit: "internet explorer s'execute actuellement avec les composants additionnels désactivés". Quand je veux démarrer internet (par l'icone internet explorer) ya une fenetre qui s'affiche "ce composant additionnel a été bloqué. Il doit etre mis à jour pour pouvoir être utilisé avec internet, 2 possibilités: recherche de mlise à jour ou ne pas vérifier (programme msn toolbar). Du coup a chaque fois je dois cliquer sur recherche de mise a jour. 
J'ai téléchargé l'antivirus et fait le scan en mode sans echec mais je ne trouve pas le rapport. 
Merci
Bonne soirée

miskizou · Answer

Impossible de télécharger adobe reader, j'ai reessayé, y'a toujours un pb pendant le téléchargement. Et du coup plus rien ne marche en page internet (car yen a plein qui utilise ca); de plus j'avai roboform dans la barre en haut maintenant avec la nouvelle version d'internet, impossible de le mettre. Comment retélécharger l'ancienne version? c'est quoi le nom de l'ancienne version?
Merci

miskizou · Answer

c'est très embetant de ne pas avoir adobe reader, ca me bloque plein de page internet du coup!! Alors quand je télécharge adobe a la fin ya un message qui me dit: "Impossible d'ouvrir la clé HKEY_LOCAL_MACHINE..... Verifiez que vous disposze des droits suffisants pour cette clé ou contactez votre service de support technique. J'aurais vraiment pas du desinstaller le précédent adobe!!! si j'avais su. Je suis bien embétée maintenant.

Virus "your computer is infected"

31 réponses

Votre réponse

Discussions similaires

Newsletters