Pc infecte

pegbau · Décembre 10, 2008, 9:05

OPERATIONS EFFECTUEES:
FINDYKILL
OTMOVEIT3
CCEANER
HITJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:31, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\administrateur 2\local settings\application data\oickqam.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
O3 - Toolbar: (no name) - {88F05591-0079-4c37-B138-5DA8BC1782EF} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\AntivirusFirewall\Common\FSM32.EXE” /splash
O4 - HKLM…\Run: [F-Secure TNB] “C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW
O4 - HKLM…\Run: [F-Secure Startup Wizard] “C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE” /reboot
O4 - HKLM…\Run: [News Service] “C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe”
O4 - HKLM…\Run: [Lexmark 5200 series] “C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe”
O4 - HKLM…\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM…\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM…\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [oickqam] “c:\documents and settings\administrateur 2\local settings\application data\oickqam.exe” oickqam
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra ‘Tools’ menuitem: Protection Internet Explorer… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com…
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - www.orderingmemory.com…
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - static.impots.gouv.fr…
O16 - DPF: {BFB5F154-9212-46F3-B547-AC6106030A54} - peggy0212.carrefourinternet.com…
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - jeuxmultijoueurs.orange.fr…
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - drmlicense.one.microsoft.com…
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - […](file:///C:/Documents%20and%20Settings/peggy/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab)
O20 - AppInit_DLLs: ocamcz.dll
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

–
End of file - 8409 bytes

guigui14100 · Décembre 10, 2008, 9:47

Salut

Dans hijackthis coche:

Puis clique sur fixed checked.

Tu as plusieurs antivirus, desinstale s’en un.

Fait un scan complet avec MBAM[/url], supprime les détection et post le rapport[url=http://guigui14100.web.officelive.com/tutorialmbam.aspx] (tutorial)

pegbau · Décembre 10, 2008, 10:38

JE NE TROUVE PAS:
C:\WINDOWS\system32\frmwrk32.exe
C:\documents and settings\administrateur 2\local settings\application data\oickqam.exe

Avec MBAM: impossible d'enregistrer la bibliothèque DLL/OCX:RegSvr32 a échoué et a retourné code erreur 0x5 Edité le 10/12/2008 à 22:44

guigui14100 · Décembre 10, 2008, 10:49

Fait un scan complet avec dr cure it

pegbau · Décembre 12, 2008, 12:26

dr cure it:
awtqnfee.dll c:\windows\system32 Trojan.Virtumod.855 Supprimé.
mousehook.dll C:\Documents and Settings\peggy\Local Settings\Temp Trojan.DownLoad.23585 Supprimé.
installer-50928-845-ccleaner-french.exe C:\Documents and Settings\peggy\Mes documents\Peggy BAUDEN Trojan.Click.19011 Supprimé.
POSTOOBE.NEC C:\DRIVERS VBS.Generic.278 Supprimé.
PSKILL.EXE C:\OEMCUST\TOOLS\WIN32 Tool.Prockill Chemin invalide pour le fichier
Fashion Rush Crack (Multilanguage).0ar\adult_friend_finder_per_order.exe C:\Program Files\eMule\Incoming\JEUX\Fashion Rush Crack (Multilanguage).0ar Trojan.Click.17797
Fashion Rush Crack (Multilanguage).0ar\setup.exe C:\Program Files\eMule\Incoming\JEUX\Fashion Rush Crack (Multilanguage).0ar Win32.HLLW.Puce
Fashion Rush Crack (Multilanguage).0ar C:\Program Files\eMule\Incoming\JEUX L’archive contient des éléments infectés Quarantaine.
ShareAcceleratorMM_SSZ11_026.EXE\data016 C:\Program Files\eMule\Incoming\JEUX\Heroes of Hellas + key Share Accelerator.0ip\ShareAcceleratorMM_SSZ11_026.EXE Adware.Shopper
ShareAcceleratorMM_SSZ11_026.EXE C:\Program Files\eMule\Incoming\JEUX\Heroes of Hellas + key Share Accelerator.0ip L’archive contient des éléments infectés
Heroes of Hellas + key Share Accelerator.0ip C:\Program Files\eMule\Incoming\JEUX L’archive contient des éléments infectés Quarantaine.
116.part\juegos Java\Incadia\Incadia.exe C:\Program Files\eMule\Temp\116.part Probablement DLOADER.Trojan
116.part C:\Program Files\eMule\Temp L’archive contient des éléments infectés Quarantaine.
Kill.exe C:\Program Files\FindyKill\Tools Tool.ProcessKill.7 Chemin invalide pour le fichier
Process.exe C:\Program Files\FindyKill\Tools Tool.Prockill Chemin invalide pour le fichier
A0246029.EXE\soft.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP418\A0246029.EXE Trojan.DownLoad.4050
A0246029.EXE C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP418 L’archive contient des éléments infectés Quarantaine.
A0272223.dll C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP426 Trojan.Virtumod.854 Supprimé.
A0278235.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278236.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278239.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278240.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278241.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278244.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278247.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278256.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278259.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278260.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278261.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278263.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278270.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278278.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278279.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278280.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278281.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278283.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278284.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278290.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278291.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278293.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278296.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278297.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278298.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278303.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278304.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278305.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278308.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278310.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278322.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278333.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278347.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278348.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278351.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278352.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278359.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278360.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278361.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278362.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278365.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278366.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278367.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278371.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278375.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278376.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278377.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278382.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278383.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278384.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278391.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278393.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278395.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278396.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278402.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278404.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278406.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278407.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278416.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278437.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278447.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278448.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278449.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278451.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278459.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278460.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278464.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278468.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278472.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278477.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278478.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278486.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278487.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278489.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278490.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278495.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278496.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278497.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278498.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278499.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278501.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278502.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278503.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278511.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278512.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278514.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278515.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278519.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278520.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278521.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278524.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278525.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278532.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278534.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278539.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278542.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278544.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278547.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278548.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278551.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278554.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278555.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278556.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278560.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278563.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278566.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278569.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278570.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278571.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278573.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278574.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278576.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278577.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278578.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278581.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278585.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278587.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278591.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278593.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278595.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278596.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278597.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278598.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278606.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278607.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278609.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278610.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278621.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278635.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278638.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278639.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278643.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278652.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278659.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278663.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278665.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278667.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278670.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278675.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278676.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278684.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278687.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278690.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278691.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278698.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278709.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278711.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278713.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278717.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278721.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278724.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278732.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278733.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278743.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278744.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278750.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278758.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278760.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278773.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278781.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278785.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278790.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278791.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278795.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278797.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278800.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278802.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278803.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278829.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278834.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278839.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278841.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278848.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278856.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278857.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278858.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278869.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278871.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Packed.650 Supprimé.
A0278878.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278879.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278884.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278891.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278892.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Win32.HLLM.Beagle Supprimé.
A0278895.inf C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 VBS.Generic.548 Supprimé.
A0279014.EXE C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Tool.Prockill Irréparable.Supprimé.
VGSetup.exe\data003 C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe\VGSetup.exe Trojan.DownLoad.23677
VGSetup.exe\data005 C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe\VGSetup.exe Trojan.DownLoad.23677
VGSetup.exe\data006 C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe\VGSetup.exe Trojan.DownLoad.23677
VGSetup.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe L’archive contient des éléments infectés
WR-1-2~1.EXE\WR-1-2~1.EXE C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe\loader.exe\WR-1-2~1. Trojan.DownLoad.9874
WR-1-2~1.EXE\is169898.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe\loader.exe\WR-1-2~1. Trojan.Siggen.628
WR-1-2~1.EXE C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe\loader.exe L’archive contient des éléments infectés
loader.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe\VGSetup.exe L’archive contient des éléments infectés
VGSetup.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427\A0279199.exe L’archive contient des éléments infectés
A0279199.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 L’archive contient des éléments infectés Quarantaine.
A0280242.dll C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP427 Trojan.Virtumod.855 Supprimé.
A0280284.EXE C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP428 Tool.Prockill Irréparable.Supprimé.
A0280300.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP428 Tool.ProcessKill.7 Irréparable.Supprimé.
A0280301.exe C:\System Volume Information_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP428 Tool.Prockill Irréparable.Supprimé.
RESTORE.INS\C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE C:\WINDOWS\RESTORE.INS Tool.Prockill
RESTORE.INS C:\WINDOWS L’archive contient des éléments infectés Quarantaine.
RESTORE.INS\C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE C:\WINDOWS\system\RESTORE.INS Tool.Prockill
RESTORE.INS C:\WINDOWS\system L’archive contient des éléments infectés Quarantaine.
bcdvpxdx.dll C:\WINDOWS\system32 Trojan.Virtumod.854 Supprimé.
bjboac.dll C:\WINDOWS\system32 Trojan.Juan.60 Supprimé.
fjbqkt.dll C:\WINDOWS\system32 Trojan.Juan.60 Supprimé.
ngljudtn.dll C:\WINDOWS\system32 Trojan.Juan.60 Supprimé.
SpywareRemover.exe C:\WINDOWS\system32 Trojan.DownLoad.23677 Irréparable.Quarantaine.
surakqrt.dll C:\WINDOWS\system32 Trojan.Juan.60 Supprimé.
ygbcndhp.dll C:\WINDOWS\system32 Trojan.Virtumod.854 Supprimé.

guigui14100 · Décembre 12, 2008, 1:23

Fait un nettoyage temp et registre avec Ccleaner

Ton problème est toujours présent?

Passe un petit coup de [vundofix](http://vundofix.atribune.org/) aussi

pegbau · Décembre 12, 2008, 9:20

Vundofix ne trouve rien de suspect g fait un nettoyage ccleanear. pourtant je ne peux toujours pas remettre le thème de mon bureau et pas possible de remettre mes mises à jour automatiques en routes donc problème…

cricri58 · Décembre 12, 2008, 9:53

Salut
fais ceci
www.libellules.ch…

puis

Télécharges CCleaner sur le bureau:
Ne le télécharge pas si tu l’as déjà !
www.ccleaner.com…
Une fois sur le bureau, clic sur l’install de CCleaner.

Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.
Ensuite, clique sur “Options”, “Avancé” et décoche la case—
“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
-> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,( jusqu’à qu’il ne trouve plus d’erreurs.)
redemarres ton PC

en Mode Classique rends toi ici
Bitdefender online scanner avec Explorer
www.bitdefender.com…
et
ESET online scanner avec Explorer
www.eset.eu…

coches__remove founds threats et scan unwanted applications

Pendant les analyses ,fermes tes autres applications et desactives tes protections ( antivirus et antispyware),que tu n oublieras pas de reactiver

tu diras si il y a eu suppression(s)

Alexis51 · Décembre 12, 2008, 11:33

Bonsoir,

Il me semble qu’il faille faire un Fix It sur la ligne R3 et O3 également et je m’intéresserais aussi à " O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} " (confirmé par cricri58 ?)

guigui14100 · Décembre 13, 2008, 12:02

Repost un nouveaulog hijackthis

pegbau · Décembre 13, 2008, 12:14

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:20, on 13/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {88F05591-0079-4c37-B138-5DA8BC1782EF} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM…\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM…\Run: [News Service] “C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe”
O4 - HKLM…\Run: [Lexmark 5200 series] “C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe”
O4 - HKLM…\Run: [F-Secure TNB] “C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW
O4 - HKLM…\Run: [F-Secure Startup Wizard] “C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE” /reboot
O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\AntivirusFirewall\Common\FSM32.EXE” /splash
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - [C:\Program…](file://C:\Program) Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra ‘Tools’ menuitem: Protection Internet Explorer… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: iGraal - {88F05591-0079-4c37-B138-5DA8BC1782EF} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com…
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - www.orderingmemory.com…
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - static.impots.gouv.fr…
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - jeuxmultijoueurs.orange.fr…
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - drmlicense.one.microsoft.com…
O20 - AppInit_DLLs: ocamcz.dll jipyfu.dll
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

–
End of file - 7660 bytes

guigui14100 · Décembre 14, 2008, 10:54

Salut

Désolé j’était pas la hier :jap:

Lance combofix, laisse travailler et post le rapport

jarbin · Décembre 14, 2008, 11:25

O4 - HKLM…\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
tu es infecté par MS32DLL.dll.vbs "script visualbasic’

pegbau · Décembre 17, 2008, 7:16

ComboFix 08-12-16.03 - administrateur 2 2008-12-17 18:14:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.255.76 [GMT 1:00]
Lancé depuis: c:\documents and settings\administrateur 2\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\administrateur 2\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\administrateur 2\Application Data\gadcom
c:\documents and settings\administrateur 2\Application Data\SpeedRunner
c:\documents and settings\administrateur 2\Application Data\SpeedRunner\config.cfg
c:\documents and settings\administrateur 2\Local Settings\Application Data\oickqam.dat
c:\documents and settings\administrateur 2\Local Settings\Application Data\oickqam.exe
c:\documents and settings\administrateur 2\Local Settings\Application Data\oickqam_nav.dat
c:\documents and settings\administrateur 2\Local Settings\Application Data\oickqam_navps.dat
c:\documents and settings\All Users\Application Data\Starware354
c:\documents and settings\All Users\Application Data\Starware354\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware354\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware354\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware354\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware354\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware354\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware354\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware354\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware354\buttons\recipes.bmp
c:\documents and settings\All Users\Application Data\Starware354\buttons\recipes.png
c:\documents and settings\All Users\Application Data\Starware354\buttons\recipes_foreign_feed.bmp
c:\documents and settings\All Users\Application Data\Starware354\buttons\recipes_foreign_feed.png
c:\documents and settings\All Users\Application Data\Starware354\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware354\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware354\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware354\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware354\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware354\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware354\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354
c:\documents and settings\LocalService\Application Data\Starware354\BrowserSearch\BrowserSearch.xml
c:\documents and settings\LocalService\Application Data\Starware354\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\Configurator\Configurator.xml
c:\documents and settings\LocalService\Application Data\Starware354\Configurator\Configurator.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\Games\GamesOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\Games\GamesOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\Games\images\active\Games0.bmp
c:\documents and settings\LocalService\Application Data\Starware354\Layouts\ToolbarLayout.xml
c:\documents and settings\LocalService\Application Data\Starware354\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\Manager\ManagerOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\Manager\ManagerOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\Movies\images\active\Movies0.bmp
c:\documents and settings\LocalService\Application Data\Starware354\Movies\MoviesOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\Movies\MoviesOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\LocalService\Application Data\Starware354\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\Toolbar\TBProductsOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\LocalService\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\LocalService\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354
c:\documents and settings\peggy\Application Data\Starware354\BrowserSearch\BrowserSearch.xml
c:\documents and settings\peggy\Application Data\Starware354\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\Configurator\Configurator.xml
c:\documents and settings\peggy\Application Data\Starware354\Configurator\Configurator.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\Games\GamesOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\Games\GamesOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\Games\images\active\Games0.bmp
c:\documents and settings\peggy\Application Data\Starware354\Layouts\ToolbarLayout.xml
c:\documents and settings\peggy\Application Data\Starware354\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\Manager\ManagerOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\Manager\ManagerOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\Movies\images\active\Movies0.bmp
c:\documents and settings\peggy\Application Data\Starware354\Movies\MoviesOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\Movies\MoviesOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\Recipes_Foreign\Recipes_ForeignOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\RecipeSearch_Foreign\RecipeSearch_ForeignOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\peggy\Application Data\Starware354\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\Toolbar\TBProductsOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\peggy\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\peggy\Application Data\Starware354\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents
c:\program files\Mjcore
c:\windows\system32\ahtn.htm
c:\windows\system32\cgyddsex.dll
c:\windows\system32\coagrpdd.dll
c:\windows\system32\dqditwcx.dll
c:\windows\system32\eaqtosyr.dll
c:\windows\system32\eefNqtwa.ini
c:\windows\system32\eefNqtwa.ini2
c:\windows\system32\esrfxbsi.dll
c:\windows\system32\fccdcCUM.dll
c:\windows\system32\fnrtwe.dll
c:\windows\system32\frmwrk32.exe
c:\windows\system32\geBtRlml.dll
c:\windows\system32\ilgutwet.dll
c:\windows\system32\jipyfu.dll
c:\windows\system32\krjfys.dll
c:\windows\system32\lepaiaep.dll
c:\windows\system32\Llnqqqru.ini
c:\windows\system32\Llnqqqru.ini2
c:\windows\system32\lvehia.dll
c:\windows\system32\nntoxhcy.dll
c:\windows\system32\ntdll64.exe
c:\windows\system32\ocamcz.dll
c:\windows\system32\qtpzrd.dll
c:\windows\system32\siqfnfms.dll
c:\windows\system32\test.ttt
c:\windows\system32\ulzgxe.dll
c:\windows\system32\uniq.tll
c:\windows\system32\urqqqnlL.dll
c:\windows\system32\vfgqgqvh.dll
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wwyfgksd.dll
c:\windows\system32\xyhdgm.dll
c:\windows\Tasks\bbrsspcr.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-17 au 2008-12-17 ))))))))))))))))))))))))))))))))))))
.

2008-12-16 20:55 . 2008-12-16 20:56 1,650,409 —hs---- c:\windows\system32\isbxfrse.ini
2008-12-13 12:19 . 2008-12-16 20:53 1,650,409 —hs---- c:\windows\system32\flgxlenn.ini
2008-12-12 20:40 . 2008-12-12 20:40 d-------- C:\VundoFix Backups
2008-12-12 12:19 . 2008-12-12 12:19 1,625,452 —hs---- c:\windows\system32\xesddygc.ini
2008-12-12 00:25 . 2008-12-12 00:26 1,630,702 —hs---- c:\windows\system32\dskgfyww.ini
2008-12-11 21:38 . 2008-12-11 21:38 1,627,952 —hs---- c:\windows\system32\eaeujbao.ini
2008-12-10 23:09 . 2008-12-11 19:18 d-------- c:\documents and settings\administrateur 2\DoctorWeb
2008-12-10 21:36 . 2008-12-11 21:37 1,627,952 —hs---- c:\windows\system32\ashnbnpg.ini
2008-12-10 20:18 . 2008-12-10 20:18 d-------- c:\program files\Trend Micro
2008-12-10 19:56 . 2008-12-10 19:57 d-------- c:\program files\CCleaner
2008-12-10 19:54 . 2008-12-10 19:54 d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-10 19:51 . 2008-12-10 19:51 d-------- c:\program files\Yahoo!
2008-12-10 16:57 . 2008-12-10 18:11 d-------- c:\program files\FindyKill
2008-12-09 21:32 . 2008-12-09 21:32 1,550,037 —hs---- c:\windows\system32\phdncbgy.ini
2008-12-08 21:29 . 2008-12-09 21:30 1,550,037 —hs---- c:\windows\system32\cqtdpnfs.ini
2008-12-07 21:36 . 2008-12-08 14:56 1,482,268 —hs---- c:\windows\system32\xdxpvdcb.ini
2008-12-07 21:31 . 2008-12-13 12:41 d-------- c:\windows\BDOSCAN8
2008-12-07 09:59 . 2008-12-07 09:59 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-06 22:08 . 2008-12-06 22:08 d-------- c:\windows\system32\Kaspersky Lab
2008-12-06 17:08 . 2008-12-06 17:09 d-------- c:\program files\The Cleaner Demo
2008-12-06 16:41 . 2008-12-06 16:41 d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-06 16:09 . 2008-12-08 19:54 d-------- c:\documents and settings\administrateur 2\Application Data\Twain
2008-12-06 16:04 . 2008-12-10 00:32 d-------- c:\program files\Webtools
2008-12-05 20:44 . 2008-12-05 20:44 d-------- c:\program files\Alwil Software
2008-12-05 20:44 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-05 20:44 . 2003-03-18 20:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2008-12-05 20:44 . 2003-02-21 04:42 348,160 --a------ c:\windows\system32\MSVCR71.dll
2008-12-05 19:40 . 2008-12-07 21:32 1,482,262 —hs---- c:\windows\system32\bgkytolq.ini
2008-12-05 12:37 . 2008-12-05 12:37 d-------- c:\program files\vghd
2008-12-05 12:37 . 2008-12-05 12:37 d-------- c:\documents and settings\administrateur 2\Application Data\vghd
2008-12-05 12:37 . 2008-12-05 12:37 152,904 --a------ c:\windows\system32\vghd.scr
2008-12-02 12:33 . 2008-12-02 12:34 d-------- c:\program files\Pastry Passion
2008-12-02 12:31 . 2008-12-02 12:35 d-------- c:\program files\Hidden Wonders
2008-12-02 12:30 . 2008-12-04 20:05 d-------- c:\program files\Delicious winter edition Deluxe English
2008-11-29 14:46 . 2008-11-29 14:46 d-------- c:\documents and settings\administrateur 2\Application Data\Jane s Hotel Family Hero
2008-11-29 14:43 . 2008-12-08 13:13 d-------- c:\program files\Jane’s Hotel 2 - Family Hero
2008-11-28 20:30 . 2008-11-28 20:30 1,409 --a------ c:\windows\system32\tmpF631D.FOT
2008-11-28 20:30 . 2008-11-28 20:30 1,409 --a------ c:\windows\system32\tmpE011D.FOT
2008-11-28 20:30 . 2008-11-28 20:30 1,409 --a------ c:\windows\system32\tmpD590D.FOT
2008-11-28 20:30 . 2008-11-28 20:30 1,409 --a------ c:\windows\system32\tmpCCE0D.FOT
2008-11-28 20:30 . 2008-11-28 20:30 1,409 --a------ c:\windows\system32\tmpB4C0D.FOT
2008-11-28 20:30 . 2008-11-28 20:30 1,409 --a------ c:\windows\system32\tmp1231D.FOT
2008-11-26 20:34 . 2008-11-26 20:34 d-------- c:\documents and settings\All Users\Application Data\Gogii
2008-11-25 20:35 . 2008-11-25 20:47 d-------- c:\documents and settings\administrateur 2\Application Data\Pirateville
2008-11-25 13:07 . 2008-12-08 08:01 d-------- c:\program files\Delicious - Emily’s Tea Garden
2008-11-25 13:00 . 2008-11-25 13:00 d-------- c:\windows\The Hidden Object Show
2008-11-25 12:58 . 2008-11-25 12:59 d-------- c:\program files\Pirateville
2008-11-23 20:45 . 2008-11-23 20:45 d-------- c:\documents and settings\All Users\Application Data\Meridian93
2008-11-23 20:31 . 2008-11-23 20:31 d-------- c:\program files\LeeGTs Games
2008-11-23 19:17 . 2008-11-23 19:29 d-------- c:\program files\eToro
2008-11-23 18:12 . 2008-11-23 18:12 d-------- c:\program files\GamesBar
2008-11-23 18:11 . 2008-12-05 12:17 d-------- c:\program files\Oberon Media
2008-11-22 20:27 . 2008-11-22 20:30 d-------- c:\program files\Jane’s Hotel
2008-11-22 16:50 . 2008-11-22 16:50 d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-22 15:59 . 2008-11-22 15:57 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-22 15:03 . 2008-11-22 15:03 d-------- c:\program files\Fichiers communs\Adobe AIR
2008-11-19 16:55 . 2008-11-25 13:02 d-------- c:\program files\Delicious 2 Deluxe
2008-11-18 21:07 . 2008-11-18 21:07 d-------- c:\windows\Farm Frenzy 2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 16:46 --------- d-----w c:\program files\Lx_cats
2008-12-06 15:02 --------- d-----w c:\program files\eMule
2008-11-29 13:10 --------- d-----w c:\program files\Zylom Games
2008-11-29 13:06 --------- d-----w c:\documents and settings\administrateur 2\Application Data\Zylom
2008-11-22 17:33 --------- d–h--w c:\program files\InstallShield Installation Information
2008-11-22 17:00 --------- d-----w c:\program files\Java
2008-11-22 13:58 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-19 14:59 --------- d-----w c:\program files\Windows Live
2008-11-19 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\WindowsLiveInstaller
2008-11-18 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2008-11-13 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-12 15:10 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2008-11-12 14:18 --------- d-----w c:\documents and settings\administrateur 2\Application Data\F-Secure
2008-11-10 20:16 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-10 20:16 --------- d-----w c:\documents and settings\administrateur 2\Application Data\PlayFirst
2008-11-10 19:12 --------- d-----w c:\documents and settings\administrateur 2\Application Data\KC Softwares
2008-11-10 18:07 --------- d-----w c:\program files\KC Softwares
2008-11-07 19:39 --------- d-----w c:\program files\Cooking Dash
2008-10-31 21:35 --------- d—a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-31 20:24 --------- d-----w c:\documents and settings\All Users\Application Data\EscapeTheMuseum
2008-10-31 19:31 --------- d-----w c:\documents and settings\administrateur 2\Application Data\Home Sweet Home 2
2008-10-25 21:17 --------- d-----w c:\documents and settings\administrateur 2\Application Data\cerasus.media
2008-10-25 19:25 --------- d-----w c:\documents and settings\administrateur 2\Application Data\PetShowCraze
2008-10-25 16:44 --------- d-----w c:\documents and settings\administrateur 2\Application Data\Friday’s games
2008-10-24 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2008-11-22 136600]
“phc700”=“c:\windows\vphc700.exe” [2005-07-20 339968]
“News Service”=“c:\program files\AntivirusFirewall\FSGUI\ispnews.exe” [2008-12-10 356352]
“Lexmark 5200 series”=“c:\program files\Lexmark 5200 series\lxbtbmgr.exe” [2004-06-04 57344]
“F-Secure TNB”=“c:\program files\AntivirusFirewall\TNB\TNBUtil.exe” [2008-12-10 700416]
“F-Secure Startup Wizard”=“c:\program files\AntivirusFirewall\FSGUI\FSSW.EXE” [2008-12-10 372736]
“F-Secure Manager”=“c:\program files\AntivirusFirewall\Common\FSM32.EXE” [2008-12-10 122929]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 34672]
“LXBTCATS”=“c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll” [2004-03-17 65536]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-20 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\webhits32]
2004-10-16 11:15 7680 c:\windows\system32\webhits32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=ocamcz.dll jipyfu.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe”= c:\Program Files\AntivirusFirewall\backweb\6588780\program\fspex.exe
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\eMule\emule.exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“58808:TCP”= 58808:TCP:emule:tcp entrant
“64202:UDP”= 64202:UDP:emule:udp entrant
“1700:TCP”= 1700:TCP:MioNet Remote Drive Access
“1641:TCP”= 1641:TCP:MioNet Remote Drive Verification
“4462:TCP”= 4462:TCP:127.0.0.1
“4672:UDP”= 4672:UDP:127.0.0.1
“1661:TCP”= 1661:TCP:messenger

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
“AllowInboundEchoRequest”= 1 (0x1)
“AllowInboundTimestampRequest”= 1 (0x1)
“AllowInboundMaskRequest”= 1 (0x1)
“AllowInboundRouterRequest”= 1 (0x1)
“AllowOutboundDestinationUnreachable”= 1 (0x1)
“AllowOutboundSourceQuench”= 1 (0x1)
“AllowOutboundParameterProblem”= 1 (0x1)
“AllowOutboundTimeExceeded”= 1 (0x1)
“AllowRedirect”= 1 (0x1)
“AllowOutboundPacketTooBig”= 1 (0x1)

.
Contenu du dossier ‘Tâches planifiées’

2008-12-11 c:\windows\Tasks\Scheduled scanning task.job

c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe [2008-12-10 10:25]

2008-12-17 c:\windows\Tasks\User_Feed_Synchronization-{553AC877-6901-4CE7-9D74-50FF0C863196}.job

c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]

2008-12-17 c:\windows\Tasks\User_Feed_Synchronization-{6C444134-CF94-4657-8984-B004A74D0414}.job

c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - ORPHELINS SUPPRIMES - - - -

BHO-{1A7CD708-11C5-480A-A4AF-5F28EFE69C02} - c:\windows\system32\urqqqnlL.dll
BHO-{7c0cd5d8-c308-4555-b0f9-877479848362} - c:\windows\system32\ocamcz.dll
BHO-{9c131af3-2705-4bc3-82e6-bab34c51733d} - c:\windows\system32\ulzgxe.dll
BHO-{C81BAB98-02D9-4CCD-BC3B-9A0C4609706F} - c:\windows\system32\fccdcCUM.dll
ShellExecuteHooks-{C81BAB98-02D9-4CCD-BC3B-9A0C4609706F} - c:\windows\system32\fccdcCUM.dll

.
------- Examen supplémentaire -------
.
uStart Page = google.fr…
IE: &Bloquer cette fenêtre publicitaire - c:\program files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - [c:\program…](file://c:\program) files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - [c:\program…](file://c:\program) files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - [c:\program…](file://c:\program) files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - [c:\program…](file://c:\program) files\Free Download Manager\dlfvideo.htm

O16 -: DirectAnimation Java Classes - [c:\windows\Java\classes\dajava.cab…](file://c:\windows\Java\classes\dajava.cab)
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - [c:\windows\Java\classes\xmldso.cab…](file://c:\windows\Java\classes\xmldso.cab)
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\program files\Wanadoo\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
static.impots.gouv.fr…
c:\windows\Downloaded Program Files\AdSignerADP.inf

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
jeuxmultijoueurs.orange.fr…
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
.

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-12-17 18:29:06
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - ‘winlogon.exe’(620)
        c:\windows\system32\webhits32.dll
        .
        ------------------------ Autres processus actifs ------------------------
        .
        c:\program files\Java\jre6\bin\jqs.exe
        c:\windows\system32\slserv.exe
        c:\windows\system32\searchindexer.exe
        c:\windows\system32\searchprotocolhost.exe
        c:\program files\Lexmark 5200 Series\lxbtbmon.exe
        c:\program files\Windows Desktop Search\WindowsSearch.exe
        c:\windows\system32\searchfilterhost.exe
        .

.
Heure de fin: 2008-12-17 18:46:09 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-17 17:45:55

Avant-CF: 6ÿ213ÿ169ÿ152 octets libres
AprÞs-CF: 6,272,204,800 octets libres

356 — E O F — 2008-11-13 13:07:16

guigui14100 · Décembre 18, 2008, 12:39

Fait un [navilog[/url] en mode 1 url=http://guigui14100.web.officelive.com/tutorialnavilog.aspx](http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe)

Comment va ton pc?

Fait un [toolbar SD ](http://eric.71.mespages.googlepages.com/ToolBarSD.exe)en mode 1 aussi et post le rapport