Analyse hijathis svp
lion72
Messages postés
260
Statut
Membre
-
verni29 Messages postés 6805 Statut Contributeur sécurité -
verni29 Messages postés 6805 Statut Contributeur sécurité -
Bonjour,
une analyse svp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:17, on 2008-12-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\winsvc.exe
C:\Program Files\Fichiers communs\System\ragebot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\winssvc.exe
C:\WINDOWS\lsass32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D4FFA7F-8147-417D-AB2E-9DD49E468FC6} - (no file)
O2 - BHO: (no name) - {3E3E10E9-5C6D-468C-BA65-5EE14B37E462} - (no file)
O2 - BHO: (no name) - {56AA628E-3134-4ACF-A9EF-0E83385504F4} - C:\WINDOWS\system32\xxyaxVnL.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {809B39A0-729E-41F7-9EE5-5C765D1BA7D9} - (no file)
O2 - BHO: {97bbc39e-000e-bcc8-b8c4-9e17a0d74668} - {86647d0a-71e9-4c8b-8ccb-e000e93cbb79} - C:\WINDOWS\system32\kvvkio.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b44e165f-547c-447a-b41a-b25da7f6e4ab} - (no file)
O2 - BHO: (no name) - {b844cbf9-8ffa-47b6-b0af-a3a96ddd6764} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {eeff6aca-65fd-4a74-861a-11132ee77f47} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GOlive] C:\PROGRA~1\GOlive\GOlive.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winsvc] winsvc.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Fichiers communs\System\ragebot.exe
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [winssvc32] winssvc.exe
O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [53207238708684754635881324200410] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kvvkio.dll
O20 - Winlogon Notify: pmnlLcdB - C:\WINDOWS\
O20 - Winlogon Notify: zdawxd - zdawxd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
une analyse svp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:17, on 2008-12-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\winsvc.exe
C:\Program Files\Fichiers communs\System\ragebot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\winssvc.exe
C:\WINDOWS\lsass32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D4FFA7F-8147-417D-AB2E-9DD49E468FC6} - (no file)
O2 - BHO: (no name) - {3E3E10E9-5C6D-468C-BA65-5EE14B37E462} - (no file)
O2 - BHO: (no name) - {56AA628E-3134-4ACF-A9EF-0E83385504F4} - C:\WINDOWS\system32\xxyaxVnL.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {809B39A0-729E-41F7-9EE5-5C765D1BA7D9} - (no file)
O2 - BHO: {97bbc39e-000e-bcc8-b8c4-9e17a0d74668} - {86647d0a-71e9-4c8b-8ccb-e000e93cbb79} - C:\WINDOWS\system32\kvvkio.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b44e165f-547c-447a-b41a-b25da7f6e4ab} - (no file)
O2 - BHO: (no name) - {b844cbf9-8ffa-47b6-b0af-a3a96ddd6764} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {eeff6aca-65fd-4a74-861a-11132ee77f47} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GOlive] C:\PROGRA~1\GOlive\GOlive.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winsvc] winsvc.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Fichiers communs\System\ragebot.exe
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [winssvc32] winssvc.exe
O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [53207238708684754635881324200410] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kvvkio.dll
O20 - Winlogon Notify: pmnlLcdB - C:\WINDOWS\
O20 - Winlogon Notify: zdawxd - zdawxd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
A voir également:
- Analyse hijathis svp
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
- Analyse et réparation disque dur externe - Guide
11 réponses
bonjour, tu es bien infecté pour moi tu as 3 infections différentes donc dans un premier temps on va s'occuper de Antivirus 2009 qui est un rogue tu passeras smitfraudfix et tu posteras le rapport , Merci
Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
le mieux serait que tu désactives tes protections résidente "antivirus et anti-spyware"
le temps d'installer smitfraudfix et de faire l'analyse.
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1
il va générer un rapport
Copie/colle le sur le poste stp.
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus, est...) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
une petites démo en vidéo :http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
le mieux serait que tu désactives tes protections résidente "antivirus et anti-spyware"
le temps d'installer smitfraudfix et de faire l'analyse.
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1
il va générer un rapport
Copie/colle le sur le poste stp.
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus, est...) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
une petites démo en vidéo :http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
Redémarre en mode sans échec :
Pour cela, tu tapotes la touche F8 à l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir. Choisis démarrer en mode sans échec puis tape entrée.
Choisis ton compte.
Relance le programme Smitfraud,
Pour cela, tu vas dans le dossier SmitFraudFix crée sur ton bureau et tu doubles-cliques sur SmitFraudFix.cmd.
Cette fois choisis l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport sauvegardé sur le forum.
Et poste un nouveau rapport Hijackthis.
A+
Pour cela, tu tapotes la touche F8 à l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir. Choisis démarrer en mode sans échec puis tape entrée.
Choisis ton compte.
Relance le programme Smitfraud,
Pour cela, tu vas dans le dossier SmitFraudFix crée sur ton bureau et tu doubles-cliques sur SmitFraudFix.cmd.
Cette fois choisis l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport sauvegardé sur le forum.
Et poste un nouveau rapport Hijackthis.
A+
Bonjour, lion72,
Malwarebytes a fait du bon boulot.
Pour ton ami, tu lui diras de continuer sur la discussion actuelle.
1) Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Déconnecte toi et ferme toutes tes applications en cours.
Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.
Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...
Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
2) Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
On va installer la console de récupération pour pouvoir utiliser ComBoFix.
Tu as le SP3 d'installer sur ton PC.
Mais est-ce une édition familiale ou professionnelle ?
Choisis le lien suivant ta version de XP ( familiale ou professionnelle ) :
Windows XP Édition familiale
http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=fr
Windows XP Professionnel
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr
Télécharges la console sur ton bureau ( Important ).
déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.
Glisse/Dépose ce fichier sur l'icone de ComBoFix.
Regarde le lien suivant si tu ne sais pas ce qu'est un Glisser/Déposer
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Ceci va lancer combofix et installer la console de récupération.
Accepte le contrat de licence.
Tu devrais avoir un message de confirmation de la bonne installation de la console.
Clique sur Oui pour continuer le scan.
Poste le rapport que tu auras obtenu.
A+
Malwarebytes a fait du bon boulot.
Pour ton ami, tu lui diras de continuer sur la discussion actuelle.
1) Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Déconnecte toi et ferme toutes tes applications en cours.
Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...
Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.
Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.
Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...
Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.
2) Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
On va installer la console de récupération pour pouvoir utiliser ComBoFix.
Tu as le SP3 d'installer sur ton PC.
Mais est-ce une édition familiale ou professionnelle ?
Choisis le lien suivant ta version de XP ( familiale ou professionnelle ) :
Windows XP Édition familiale
http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=fr
Windows XP Professionnel
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr
Télécharges la console sur ton bureau ( Important ).
déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.
Glisse/Dépose ce fichier sur l'icone de ComBoFix.
Regarde le lien suivant si tu ne sais pas ce qu'est un Glisser/Déposer
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Ceci va lancer combofix et installer la console de récupération.
Accepte le contrat de licence.
Tu devrais avoir un message de confirmation de la bonne installation de la console.
Clique sur Oui pour continuer le scan.
Poste le rapport que tu auras obtenu.
A+
Bonsoir.
Plusieurs infections sur ton PC.
Commence par ceci.
tu télécharges smitfraudfix de S!Ri sur ton bureau
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Double clique sur l’exécutable. Il va crée un un dossier SmitFraudFix et lancer l’outil.
tu choisis l' option 1 .
Un rapport sera crée.
Copie/colle le rapport dans ton prochain message.
A+
Plusieurs infections sur ton PC.
Commence par ceci.
tu télécharges smitfraudfix de S!Ri sur ton bureau
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Double clique sur l’exécutable. Il va crée un un dossier SmitFraudFix et lancer l’outil.
tu choisis l' option 1 .
Un rapport sera crée.
Copie/colle le rapport dans ton prochain message.
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
SmitFraudFix v2.387
Rapport fait à 17:28:38,28, 2008-12-18
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\winsvc.exe
C:\Program Files\Fichiers communs\System\ragebot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\winssvc.exe
C:\WINDOWS\lsass32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ieupdates.exe PRESENT !
C:\WINDOWS\system32\winsrc.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="kvvkio.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 17:28:38,28, 2008-12-18
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\winsvc.exe
C:\Program Files\Fichiers communs\System\ragebot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\winssvc.exe
C:\WINDOWS\lsass32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ieupdates.exe PRESENT !
C:\WINDOWS\system32\winsrc.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="kvvkio.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
le rapport Smitfraud
SmitFraudFix v2.387
Rapport fait à 17:47:25,89, 2008-12-18
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
...
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\ieupdates.exe supprimé
C:\WINDOWS\system32\winsrc.dll supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.387
Rapport fait à 17:47:25,89, 2008-12-18
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
...
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\ieupdates.exe supprimé
C:\WINDOWS\system32\winsrc.dll supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{373AB6D3-9D4E-4C3D-8387-11C76F37875A}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:52, on 2008-12-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\System\ragebot.exe
C:\WINDOWS\winsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\lsass32.exe
C:\WINDOWS\winssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D4FFA7F-8147-417D-AB2E-9DD49E468FC6} - (no file)
O2 - BHO: (no name) - {2F3FD7C9-C92C-45E6-9036-52B0F8D902D6} - C:\WINDOWS\system32\xxyaxVnL.dll
O2 - BHO: (no name) - {3E3E10E9-5C6D-468C-BA65-5EE14B37E462} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {809B39A0-729E-41F7-9EE5-5C765D1BA7D9} - (no file)
O2 - BHO: {97bbc39e-000e-bcc8-b8c4-9e17a0d74668} - {86647d0a-71e9-4c8b-8ccb-e000e93cbb79} - C:\WINDOWS\system32\kvvkio.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b44e165f-547c-447a-b41a-b25da7f6e4ab} - (no file)
O2 - BHO: (no name) - {b844cbf9-8ffa-47b6-b0af-a3a96ddd6764} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {eeff6aca-65fd-4a74-861a-11132ee77f47} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GOlive] C:\PROGRA~1\GOlive\GOlive.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winsvc] winsvc.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Fichiers communs\System\ragebot.exe
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [winssvc32] winssvc.exe
O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [53207238708684754635881324200410] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kvvkio.dll
O20 - Winlogon Notify: pmnlLcdB - C:\WINDOWS\
O20 - Winlogon Notify: zdawxd - zdawxd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:52, on 2008-12-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\System\ragebot.exe
C:\WINDOWS\winsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\lsass32.exe
C:\WINDOWS\winssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D4FFA7F-8147-417D-AB2E-9DD49E468FC6} - (no file)
O2 - BHO: (no name) - {2F3FD7C9-C92C-45E6-9036-52B0F8D902D6} - C:\WINDOWS\system32\xxyaxVnL.dll
O2 - BHO: (no name) - {3E3E10E9-5C6D-468C-BA65-5EE14B37E462} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {809B39A0-729E-41F7-9EE5-5C765D1BA7D9} - (no file)
O2 - BHO: {97bbc39e-000e-bcc8-b8c4-9e17a0d74668} - {86647d0a-71e9-4c8b-8ccb-e000e93cbb79} - C:\WINDOWS\system32\kvvkio.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b44e165f-547c-447a-b41a-b25da7f6e4ab} - (no file)
O2 - BHO: (no name) - {b844cbf9-8ffa-47b6-b0af-a3a96ddd6764} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {eeff6aca-65fd-4a74-861a-11132ee77f47} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GOlive] C:\PROGRA~1\GOlive\GOlive.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winsvc] winsvc.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Fichiers communs\System\ragebot.exe
O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\Run: [winssvc32] winssvc.exe
O4 - HKLM\..\RunServices: [mmsass] mldmm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [53207238708684754635881324200410] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kvvkio.dll
O20 - Winlogon Notify: pmnlLcdB - C:\WINDOWS\
O20 - Winlogon Notify: zdawxd - zdawxd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
1) Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre l’ordinateur .
Copie/colle le contenu du rapport VBG.TXT créé sur le bureau.
2) Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
Accepte. Après la, mise à jour, le logiciel va s’ouvrir.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.
Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.
Le scan dure en moyenne 50 mn.
A+
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre l’ordinateur .
Copie/colle le contenu du rapport VBG.TXT créé sur le bureau.
2) Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
Accepte. Après la, mise à jour, le logiciel va s’ouvrir.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.
Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.
Le scan dure en moyenne 50 mn.
A+
analyse VirtumundoBegone
[12/18/2008, 19:21:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[12/18/2008, 19:21:40] - Detected System Information:
[12/18/2008, 19:21:40] - Windows Version: 5.1.2600, Service Pack 3
[12/18/2008, 19:21:40] - Current Username: Administrateur (Admin)
[12/18/2008, 19:21:40] - Windows is in NORMAL mode.
[12/18/2008, 19:21:40] - Searching for Browser Helper Objects:
[12/18/2008, 19:21:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/18/2008, 19:21:41] - BHO 2: {1D4FFA7F-8147-417D-AB2E-9DD49E468FC6} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 3: {2F3FD7C9-C92C-45E6-9036-52B0F8D902D6} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - Checking for HKLM\...\Winlogon\Notify\xxyaxVnL
[12/18/2008, 19:21:41] - Key not found: HKLM\...\Winlogon\Notify\xxyaxVnL, continuing.
[12/18/2008, 19:21:41] - BHO 4: {3E3E10E9-5C6D-468C-BA65-5EE14B37E462} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 5: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
[12/18/2008, 19:21:41] - BHO 7: {809B39A0-729E-41F7-9EE5-5C765D1BA7D9} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 8: {86647d0a-71e9-4c8b-8ccb-e000e93cbb79} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - Checking for HKLM\...\Winlogon\Notify\kvvkio
[12/18/2008, 19:21:41] - Key not found: HKLM\...\Winlogon\Notify\kvvkio, continuing.
[12/18/2008, 19:21:41] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[12/18/2008, 19:21:41] - BHO 10: {b44e165f-547c-447a-b41a-b25da7f6e4ab} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 11: {b844cbf9-8ffa-47b6-b0af-a3a96ddd6764} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 12: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
[12/18/2008, 19:21:41] - BHO 13: {eeff6aca-65fd-4a74-861a-11132ee77f47} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - Finished Searching Browser Helper Objects
[12/18/2008, 19:21:41] - Finishing up...
[12/18/2008, 19:21:42] - Nothing found! Exiting...
[12/18/2008, 19:21:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[12/18/2008, 19:21:40] - Detected System Information:
[12/18/2008, 19:21:40] - Windows Version: 5.1.2600, Service Pack 3
[12/18/2008, 19:21:40] - Current Username: Administrateur (Admin)
[12/18/2008, 19:21:40] - Windows is in NORMAL mode.
[12/18/2008, 19:21:40] - Searching for Browser Helper Objects:
[12/18/2008, 19:21:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[12/18/2008, 19:21:41] - BHO 2: {1D4FFA7F-8147-417D-AB2E-9DD49E468FC6} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 3: {2F3FD7C9-C92C-45E6-9036-52B0F8D902D6} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - Checking for HKLM\...\Winlogon\Notify\xxyaxVnL
[12/18/2008, 19:21:41] - Key not found: HKLM\...\Winlogon\Notify\xxyaxVnL, continuing.
[12/18/2008, 19:21:41] - BHO 4: {3E3E10E9-5C6D-468C-BA65-5EE14B37E462} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 5: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
[12/18/2008, 19:21:41] - BHO 7: {809B39A0-729E-41F7-9EE5-5C765D1BA7D9} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 8: {86647d0a-71e9-4c8b-8ccb-e000e93cbb79} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - Checking for HKLM\...\Winlogon\Notify\kvvkio
[12/18/2008, 19:21:41] - Key not found: HKLM\...\Winlogon\Notify\kvvkio, continuing.
[12/18/2008, 19:21:41] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[12/18/2008, 19:21:41] - BHO 10: {b44e165f-547c-447a-b41a-b25da7f6e4ab} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 11: {b844cbf9-8ffa-47b6-b0af-a3a96ddd6764} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - BHO 12: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
[12/18/2008, 19:21:41] - BHO 13: {eeff6aca-65fd-4a74-861a-11132ee77f47} ()
[12/18/2008, 19:21:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/18/2008, 19:21:41] - No filename found. Continuing.
[12/18/2008, 19:21:41] - Finished Searching Browser Helper Objects
[12/18/2008, 19:21:41] - Finishing up...
[12/18/2008, 19:21:42] - Nothing found! Exiting...
et voila le rapport malwarebyte's
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1517
Windows 5.1.2600 Service Pack 3
2008-12-18 20:20:10
mbam-log-2008-12-18 (20-20-10).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 88411
Temps écoulé: 49 minute(s), 55 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 125
Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\System\ragebot.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\winsvc.exe (Backdoor.Bot) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxyaxVnL.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kvvkio.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f3fd7c9-c92c-45e6-9036-52b0f8d902d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2f3fd7c9-c92c-45e6-9036-52b0f8d902d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86647d0a-71e9-4c8b-8ccb-e000e93cbb79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86647d0a-71e9-4c8b-8ccb-e000e93cbb79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86647d0a-71e9-4c8b-8ccb-e000e93cbb79} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyaxvnl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyaxvnl -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyaxVnL.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LnVxayxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LnVxayxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvvkio.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bcijloyp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pyoljicb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eykrmswq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qwsmrkye.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjbhjdso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osdjhbjx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\System\ragebot.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winsvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\img.MSNFix (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\msnpwstlr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MSNFix\backup\img.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A2C446-9AC2-46D5-AB1F-78F516A9AA7F}\RP322\A0048460.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{33A2C446-9AC2-46D5-AB1F-78F516A9AA7F}\RP322\A0048461.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{33A2C446-9AC2-46D5-AB1F-78F516A9AA7F}\RP322\A0048518.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajawls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNhFWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXoOiFu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXPfcBS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXQGVpO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXNFxuv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXNGyWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXOFusS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXPhhhE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRLbCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dabfsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcAqPge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcDuRIa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcyvSlM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\djmpmhsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcccyXNG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fcccyYsR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccddDvV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnlLCVl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnnlmMg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lJAtRIYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJATmND.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJCspnN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnMcYop.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnMDUMd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmjiGA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmkKAR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmnlKe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnnLcCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnonMgg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pkjmowjy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnKeBTn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnKeeBT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnmNHYR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnNGaxu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnnNheF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnoPFXp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqOICVl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqRjiJd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqRLcAq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvTjIba.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvtqRii.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvtRKdA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUlJCVp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBrpoLF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBsqQJc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBsrstT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBtRLcY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBtTkhE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBUooOI.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBuSJyX.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtrPijI.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtsQJYp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtsTjIb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awttrqpm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awttsRIa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtuuTkK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtuvSki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efcyvuUL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gqwxyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGawXoO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGayvwx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGvwtqR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGxWpPj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGyyvuS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\loqqbbyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBTlKa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mlJCSjkl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mlJYpnOG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\prdbsaef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNEVom.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urqQjHaA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urqRjIaB.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkJyArQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkKawus.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkLBtsq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kHaabyXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdbBQj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifFUNFY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifFvVMg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifgDwXP.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iiuytk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kHayXQkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkHbxY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvULFWNE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUMcYPh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUnLEwV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxyWpQGW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxywWQgf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxyYoPge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yaywwVol.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfCvSJy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfeecCU.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfEVPfg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfFwVpq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfGxWQj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qoMCSlIx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qoMfgGVo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRHxuVo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRjkHXn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqrOfdeb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nauieexo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ofx22.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe.vir (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer32.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1517
Windows 5.1.2600 Service Pack 3
2008-12-18 20:20:10
mbam-log-2008-12-18 (20-20-10).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 88411
Temps écoulé: 49 minute(s), 55 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 125
Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\System\ragebot.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\winsvc.exe (Backdoor.Bot) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxyaxVnL.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kvvkio.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f3fd7c9-c92c-45e6-9036-52b0f8d902d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2f3fd7c9-c92c-45e6-9036-52b0f8d902d6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86647d0a-71e9-4c8b-8ccb-e000e93cbb79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86647d0a-71e9-4c8b-8ccb-e000e93cbb79} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86647d0a-71e9-4c8b-8ccb-e000e93cbb79} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\mmsass (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxyaxvnl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyaxvnl -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyaxVnL.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LnVxayxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LnVxayxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kvvkio.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bcijloyp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pyoljicb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eykrmswq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qwsmrkye.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjbhjdso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osdjhbjx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\System\ragebot.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\winsvc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\img.MSNFix (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\msnpwstlr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MSNFix\backup\img.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{33A2C446-9AC2-46D5-AB1F-78F516A9AA7F}\RP322\A0048460.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{33A2C446-9AC2-46D5-AB1F-78F516A9AA7F}\RP322\A0048461.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{33A2C446-9AC2-46D5-AB1F-78F516A9AA7F}\RP322\A0048518.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajawls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNhFWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXoOiFu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXPfcBS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXQGVpO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXNFxuv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXNGyWm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXOFusS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXPhhhE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\cbXRLbCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dabfsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcAqPge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcDuRIa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddcyvSlM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\djmpmhsn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fcccyXNG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fcccyYsR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccddDvV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnlLCVl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnnlmMg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lJAtRIYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJATmND.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJCspnN.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnMcYop.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnMDUMd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmjiGA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmkKAR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnmnlKe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnnLcCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnonMgg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pkjmowjy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnKeBTn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnKeeBT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnmNHYR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnNGaxu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnnNheF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnoPFXp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqOICVl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqRjiJd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqRLcAq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvTjIba.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvtqRii.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tuvtRKdA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUlJCVp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBrpoLF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBsqQJc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBsrstT.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBtRLcY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBtTkhE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBUooOI.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\geBuSJyX.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtrPijI.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtsQJYp.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtsTjIb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awttrqpm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awttsRIa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtuuTkK.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\awtuvSki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efcyvuUL.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gqwxyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGawXoO.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGayvwx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGvwtqR.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGxWpPj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGyyvuS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\loqqbbyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBTlKa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mlJCSjkl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mlJYpnOG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\prdbsaef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNEVom.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urqQjHaA.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\urqRjIaB.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkJyArQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkKawus.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jkkLBtsq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kHaabyXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdbBQj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifFUNFY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifFvVMg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iifgDwXP.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\iiuytk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kHayXQkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkHbxY.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvULFWNE.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUMcYPh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUnLEwV.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxyWpQGW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxywWQgf.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xxyYoPge.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yaywwVol.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfCvSJy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfeecCU.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfEVPfg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfFwVpq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\khfGxWQj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qoMCSlIx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qoMfgGVo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRHxuVo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqRjkHXn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rqrOfdeb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nauieexo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ofx22.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2009\av2009.exe.vir (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ieupdates.exe.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Explorer32.exe (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
