Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

petite infection

jeanphy

Par jeanphy
dans Analyses et éradication malwares

 Partager

Messages recommandés

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Figaro ira chanter ailleurs, il a été éliminé :

C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> Quarantined and deleted successfully.

 

Antivir semble encore là. Tu peux le réactiver.

 

Il reste quelques bricoles. Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. :P

jeanphy Member

jeanphy

Posté(e)
  • Auteur
Posté(e) (modifié)

le fichier log:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by _ at 2009-08-04 16:00:53

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 30 GB (77%) free of 39 GB

Total RAM: 2047 MB (80% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:01:03, on 04/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\hp32_nword.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\hp32_nword.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\WinMessenger\WinMesgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\NICOLAS _\Bureau\RSIT.exe

C:\WINDOWS\system32\wscntfy.exe

Q:\log\_.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [hp32_nword] C:\WINDOWS\system32\hp32_nword.exe

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [hp32_nword] C:\Documents and Settings\NICOLAS _\hp32_nword.exe

O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: ikowin32.exe

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: WinMessenger StartUp.lnk = C:\Program Files\WinMessenger\WinMesgr.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CP_

O17 - HKLM\Software\..\Telephony: DomainName = CP_

O17 - HKLM\System\CCS\Services\Tcpip\..\{E0CD094C-C97D-499F-8FB3-87C4C0FB0BAE}: NameServer = 192.168.1._

O17 - HKLM\System\CCS\Services\Tcpip\..\{E92561B5-E14E-4608-ABA3-FDE3649EF27E}: NameServer = 192.168.1._

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CP_

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CP_

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5591 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

"hp32_nword"=C:\WINDOWS\system32\hp32_nword.exe [2009-08-04 27526]

"Regedit32"=C:\WINDOWS\system32\regedit.exe []

"braviax"=C:\WINDOWS\system32\braviax.exe []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]

"hp32_nword"=C:\Documents and Settings\NICOLAS _E\hp32_nword.exe [2009-08-04 27526]

"braviax"=C:\WINDOWS\system32\braviax.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010]

C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe /hide []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Accélérateur de démarrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

WinMessenger StartUp.lnk - C:\Program Files\WinMessenger\WinMesgr.exe

 

C:\Documents and Settings\NICOLAS _\Menu Démarrer\Programmes\Démarrage

ikowin32.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoWelcomeScreen"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home"

 

======File associations======

 

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"

.scr - install -

.scr - config -

 

======List of files/folders created in the last 1 months======

 

2009-08-04 16:00:53 ----D---- C:\rsit

2009-08-04 12:14:18 ----A---- C:\WINDOWS\system32\hp32_nword.exe

2009-08-04 12:06:30 ----A---- C:\ComboFix.txt

2009-08-04 12:00:40 ----D---- C:\WINDOWS\temp

2009-08-04 11:59:12 ----A---- C:\WINDOWS\zip.exe

2009-08-04 11:59:12 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-08-04 11:59:12 ----A---- C:\WINDOWS\SWSC.exe

2009-08-04 11:59:12 ----A---- C:\WINDOWS\SWREG.exe

2009-08-04 11:59:12 ----A---- C:\WINDOWS\sed.exe

2009-08-04 11:59:12 ----A---- C:\WINDOWS\PEV.exe

2009-08-04 11:59:12 ----A---- C:\WINDOWS\NIRCMD.exe

2009-08-04 11:59:12 ----A---- C:\WINDOWS\grep.exe

2009-08-04 11:59:09 ----SD---- C:\ComboFix

2009-08-04 11:59:09 ----D---- C:\WINDOWS\ERDNT

2009-08-04 11:58:54 ----D---- C:\Qoobox

2009-08-04 11:24:42 ----A---- C:\WINDOWS\ntbtlog.txt

2009-08-04 11:08:44 ----D---- C:\WINDOWS\pss

2009-08-04 11:03:44 ----A---- C:\WINDOWS\xazuvily.dll

2009-08-04 11:03:44 ----A---- C:\WINDOWS\system32\gifowola.vbs

2009-08-04 11:03:44 ----A---- C:\WINDOWS\system32\dazevibyb.exe

2009-08-04 11:03:44 ----A---- C:\Documents and Settings\All Users\Application Data\osyxaver.exe

2009-08-04 09:36:14 ----D---- C:\Documents and Settings\NICOLAS _\Application Data\Malwarebytes

2009-08-04 09:36:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-04 09:36:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

 

======List of files/folders modified in the last 1 months======

 

2009-08-04 16:00:57 ----D---- C:\WINDOWS\Prefetch

2009-08-04 16:00:09 ----D---- C:\WINDOWS\system32\CatRoot2

2009-08-04 15:56:10 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-04 15:56:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-08-04 15:56:04 ----D---- C:\WINDOWS\system32\drivers

2009-08-04 15:56:03 ----D---- C:\WINDOWS\system32

2009-08-04 15:51:18 ----D---- C:\WINDOWS

2009-08-04 14:07:06 ----RD---- C:\Program Files

2009-08-04 12:05:47 ----A---- C:\WINDOWS\system.ini

2009-08-04 12:00:15 ----D---- C:\WINDOWS\AppPatch

2009-08-04 12:00:14 ----D---- C:\Program Files\Fichiers communs

2009-08-04 11:09:14 ----SH---- C:\boot.ini

2009-08-04 11:09:14 ----A---- C:\WINDOWS\win.ini

2009-08-04 08:50:24 ----D---- C:\WINDOWS\security

2009-08-03 11:24:51 ----A---- C:\WINDOWS\ccolwiz.ini

2009-07-30 08:57:09 ----A---- C:\WINDOWS\NeroDigital.ini

2009-07-17 10:46:26 ----D---- C:\ImageLT

2009-07-08 15:34:20 ----A---- C:\WINDOWS\PhotoSnapViewer.INI

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-15 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]

R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]

R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-12-09 296448]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-15 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-15 185089]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2009-04-03 77944]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

 

-----------------EOF-----------------

Modifié par jeanphy
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Les économiseurs d'écrans (fichiers .scr), ça ouvre le bloc notes là côté associations, je peux réparer ça, sauf si tu as exprès mis ça en place.

 

Télécharge OTMoveIt (OTM) par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :processes
explorer.exe
:files
C:\Documents and Settings\NICOLAS _\Menu Démarrer\Programmes\Démarrage\ikowin32.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"NeroFilterCheck"=-
"braviax"=-
"Regedit32"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010]

:services
catchme

:commands
[start explorer]
[emptytemp]


  • Retourne dans la fenêtre de OTM, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

 

-----------

 

On va vérifier ces fichiers aussi :

 

C:\WINDOWS\system32\dazevibyb.exe

C:\WINDOWS\xazuvily.dll

C:\WINDOWS\system32\gifowola.vbs

C:\Documents and Settings\All Users\Application Data\osyxaver.exe

 

 

Rends toi sur ce lien : Virus Total

  • Clique sur le bouton Parcourir...
  • Copie colle ce chemin dans la boite de dialogue qui s'ouvre, ou parcours tes dossiers jusque à ce fichier, si tu le trouves :

  • C:\windows\system32\dazevibyb.exe

  • Clique sur Envoyer le fichier, et si VirusTotal dit que le fichier a déjà été analysé, clique sur le bouton Reanalyse le fichier maintenant.
  • Laisse le site travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. Dans ce cas, il te faudra patienter sans réactualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté (en haut à gauche)
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : txtvt.jpg
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    NB : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.

Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, auquel cas il faudra leur faire ignorer les alertes.

 

Tu peux avoir besoin d'afficher les fichiers cachés et masqués du système, temporairement.

 

Refais pour les trois autres listés.

jeanphy Member

jeanphy

Posté(e)
  • Auteur
Posté(e) (modifié)

info.txt logfile of random's system information tool 1.06 2009-08-04 16:01:04

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-aware 6 Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

AutoCAD LT 2007 - Français-->MsiExec.exe /I{5783F2D7-5009-040C-0002-0060B0CE6BBA}

Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"Q:\log\HijackThis.exe" /uninstall

Language Pack for Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Lang\LANGUA~1\INSTALL.LOG

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1036}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}

NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

WinMessenger 2.0-->%ProgramFiles%\WinMessenger\Setup\Setup.exe /UNINSTALL

 

======Security center information======

 

AV: AntiVir Desktop

 

======System event log======

 

Computer Name: NICOLAS

Event Code: 7036

Message: Le service Service d'administration du Gestionnaire de disque logique est entré dans l'état : en cours d'exécution.

 

Record Number: 1181

Source Name: Service Control Manager

Time Written: 20090515112722.000000+120

Event Type: Informations

User:

 

Computer Name: NICOLAS

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Service d'administration du Gestionnaire de disque logique.

 

Record Number: 1180

Source Name: Service Control Manager

Time Written: 20090515112722.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: NICOLAS

Event Code: 7036

Message: Le service Gestion d'applications est entré dans l'état : en cours d'exécution.

 

Record Number: 1179

Source Name: Service Control Manager

Time Written: 20090515104857.000000+120

Event Type: Informations

User:

 

Computer Name: NICOLAS

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

 

Record Number: 1178

Source Name: Service Control Manager

Time Written: 20090515104857.000000+120

Event Type: Informations

User: CP_

 

Computer Name: NICOLAS

Event Code: 7036

Message: Le service Autodesk Licensing Service est entré dans l'état : en cours d'exécution.

 

Record Number: 1177

Source Name: Service Control Manager

Time Written: 20090515093554.000000+120

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: NICOLAS

Event Code: 4096

Message: Le service AntiVir a bien démarré!

 

Record Number: 331

Source Name: Avira AntiVir

Time Written: 20090610094742.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: NICOLAS

Event Code: 11707

Message: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 -- Installation completed successfully.

 

Record Number: 330

Source Name: MsiInstaller

Time Written: 20090610094626.000000+120

Event Type: Informations

User: CPS-BE\NICOLAS BECQUET

 

Computer Name: NICOLAS

Event Code: 1002

Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré.

 

Record Number: 329

Source Name: Winlogon

Time Written: 20090610090414.000000+120

Event Type: Informations

User:

 

Computer Name: NICOLAS

Event Code: 1704

Message: La stratégie de sécurité dans les objets Stratégie de groupe a été appliquée correctement.

 

Record Number: 328

Source Name: SceCli

Time Written: 20090610085010.000000+120

Event Type: Informations

User:

 

Computer Name: NICOLAS

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 327

Source Name: SecurityCenter

Time Written: 20090610085007.000000+120

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=2b01

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

Modifié par jeanphy
jeanphy Member

jeanphy

Posté(e)
  • Auteur
Posté(e)

ok je refais tout ca! j'ai refais une analyse mbam pour voir et il m'a trouvé ca:

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2557

Windows 5.1.2600 Service Pack 3

 

04/08/2009 15:45:51

mbam-log-2009-08-04 (15-45-51).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 138211

Temps écoulé: 23 minute(s), 44 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 34

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010280.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010312.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010330.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010347.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010350.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010353.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010358.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010366.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010382.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010399.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010405.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010406.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010417.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010422.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010424.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010428.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010430.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010436.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010437.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010438.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010446.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010460.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010466.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010469.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010498.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP80\A0010571.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A7913E16-20FB-49C4-883F-6F1004AE143F}\RP81\A0010576.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\wpv481249195745.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\wpv131249202403.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Parfait, la mise à jour a trouvé les restes (inactifs) de la restauration système, et deux bricoles. :P

 

Tu peux passer à l'étape OtMoveIT (voir plus haut). :P

jeanphy Member

jeanphy

Posté(e)
  • Auteur
Posté(e)

Fichier dazevibyb.exe reçu le 2009.08.04 14:30:18 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.08.04 -

AhnLab-V3 5.0.0.2 2009.08.03 -

AntiVir 7.9.0.240 2009.08.04 -

Antiy-AVL 2.0.3.7 2009.08.04 -

Authentium 5.1.2.4 2009.08.03 -

Avast 4.8.1335.0 2009.08.04 -

AVG 8.5.0.406 2009.08.04 -

BitDefender 7.2 2009.08.04 -

CAT-QuickHeal 10.00 2009.08.04 -

ClamAV 0.94.1 2009.08.04 -

Comodo 1863 2009.08.04 -

DrWeb 5.0.0.12182 2009.08.04 -

eSafe 7.0.17.0 2009.08.03 -

eTrust-Vet 31.6.6657 2009.08.04 -

F-Prot 4.4.4.56 2009.08.03 -

F-Secure 8.0.14470.0 2009.08.04 -

Fortinet 3.120.0.0 2009.08.04 -

GData 19 2009.08.04 -

Ikarus T3.1.1.64.0 2009.08.04 -

Jiangmin 11.0.800 2009.08.04 -

K7AntiVirus 7.10.810 2009.08.04 -

Kaspersky 7.0.0.125 2009.08.04 -

McAfee 5697 2009.08.03 -

McAfee+Artemis 5697 2009.08.03 -

McAfee-GW-Edition 6.8.5 2009.08.04 -

Microsoft 1.4903 2009.08.04 -

NOD32 4305 2009.08.04 -

Norman 6.01.09 2009.08.04 -

nProtect 2009.1.8.0 2009.08.04 -

Panda 10.0.0.14 2009.08.03 -

PCTools 4.4.2.0 2009.08.04 -

Prevx 3.0 2009.08.04 -

Rising 21.41.14.00 2009.08.04 -

Sophos 4.44.0 2009.08.04 -

Sunbelt 3.2.1858.2 2009.08.04 -

Symantec 1.4.4.12 2009.08.04 -

TheHacker 6.3.4.3.375 2009.08.01 -

TrendMicro 8.950.0.1094 2009.08.04 -

VBA32 3.12.10.9 2009.08.04 -

ViRobot 2009.8.4.1867 2009.08.04 -

VirusBuster 4.6.5.0 2009.08.04 -

 

Information additionnelle

File size: 13654 bytes

MD5...: d13a87c9be5a18cec19afdf2f5c0a3b7

SHA1..: f24293e89519dcc2cece2ec00a98fca37eea8c7a

SHA256: 6ab528284e1773d3395346d3f24aa5828b75348b847eb8c248f31dc9552b4e4e

ssdeep: 384:QAajycuS6KGMEXtLY1BQszYTjqaSp40nOlm:8jFsXtLYBxjagjn<BR>

PEiD..: -

TrID..: File type identification<BR>Unknown!

PEInfo: -

PDFiD.: -

RDS...: NSRL Reference Data Set<BR>-

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.08.04 -

AhnLab-V3 5.0.0.2 2009.08.03 -

AntiVir 7.9.0.240 2009.08.04 -

Antiy-AVL 2.0.3.7 2009.08.04 -

Authentium 5.1.2.4 2009.08.03 -

Avast 4.8.1335.0 2009.08.04 -

AVG 8.5.0.406 2009.08.04 -

BitDefender 7.2 2009.08.04 -

CAT-QuickHeal 10.00 2009.08.04 -

ClamAV 0.94.1 2009.08.04 -

Comodo 1863 2009.08.04 -

DrWeb 5.0.0.12182 2009.08.04 -

eSafe 7.0.17.0 2009.08.03 -

eTrust-Vet 31.6.6657 2009.08.04 -

F-Prot 4.4.4.56 2009.08.03 -

F-Secure 8.0.14470.0 2009.08.04 -

Fortinet 3.120.0.0 2009.08.04 -

GData 19 2009.08.04 -

Ikarus T3.1.1.64.0 2009.08.04 -

Jiangmin 11.0.800 2009.08.04 -

K7AntiVirus 7.10.810 2009.08.04 -

Kaspersky 7.0.0.125 2009.08.04 -

McAfee 5697 2009.08.03 -

McAfee+Artemis 5697 2009.08.03 -

McAfee-GW-Edition 6.8.5 2009.08.04 -

Microsoft 1.4903 2009.08.04 -

NOD32 4305 2009.08.04 -

Norman 6.01.09 2009.08.04 -

nProtect 2009.1.8.0 2009.08.04 -

Panda 10.0.0.14 2009.08.03 -

PCTools 4.4.2.0 2009.08.04 -

Prevx 3.0 2009.08.04 -

Rising 21.41.14.00 2009.08.04 -

Sophos 4.44.0 2009.08.04 -

Sunbelt 3.2.1858.2 2009.08.04 -

Symantec 1.4.4.12 2009.08.04 -

TheHacker 6.3.4.3.375 2009.08.01 -

TrendMicro 8.950.0.1094 2009.08.04 -

VBA32 3.12.10.9 2009.08.04 -

ViRobot 2009.8.4.1867 2009.08.04 -

VirusBuster 4.6.5.0 2009.08.04 -

 

Information additionnelle

File size: 13654 bytes

MD5...: d13a87c9be5a18cec19afdf2f5c0a3b7

SHA1..: f24293e89519dcc2cece2ec00a98fca37eea8c7a

SHA256: 6ab528284e1773d3395346d3f24aa5828b75348b847eb8c248f31dc9552b4e4e

ssdeep: 384:QAajycuS6KGMEXtLY1BQszYTjqaSp40nOlm:8jFsXtLYBxjagjn<BR>

PEiD..: -

TrID..: File type identification<BR>Unknown!

PEInfo: -

PDFiD.: -

RDS...: NSRL Reference Data Set<BR>-

jeanphy Member

jeanphy

Posté(e)
  • Auteur
Posté(e)

Fichier xazuvily.dll reçu le 2009.08.04 14:42:41 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.08.04 -

AhnLab-V3 5.0.0.2 2009.08.03 -

AntiVir 7.9.0.240 2009.08.04 -

Antiy-AVL 2.0.3.7 2009.08.04 -

Authentium 5.1.2.4 2009.08.03 -

Avast 4.8.1335.0 2009.08.04 -

AVG 8.5.0.406 2009.08.04 -

BitDefender 7.2 2009.08.04 -

CAT-QuickHeal 10.00 2009.08.04 -

ClamAV 0.94.1 2009.08.04 -

Comodo 1863 2009.08.04 -

DrWeb 5.0.0.12182 2009.08.04 -

eSafe 7.0.17.0 2009.08.04 -

eTrust-Vet 31.6.6657 2009.08.04 -

F-Prot 4.4.4.56 2009.08.03 -

F-Secure 8.0.14470.0 2009.08.04 -

Fortinet 3.120.0.0 2009.08.04 -

GData 19 2009.08.04 -

Ikarus T3.1.1.64.0 2009.08.04 -

Jiangmin 11.0.800 2009.08.04 -

K7AntiVirus 7.10.810 2009.08.04 -

Kaspersky 7.0.0.125 2009.08.04 -

McAfee 5697 2009.08.03 -

McAfee+Artemis 5697 2009.08.03 -

McAfee-GW-Edition 6.8.5 2009.08.04 -

Microsoft 1.4903 2009.08.04 -

NOD32 4305 2009.08.04 -

Norman 6.01.09 2009.08.04 -

nProtect 2009.1.8.0 2009.08.04 -

Panda 10.0.0.14 2009.08.03 -

PCTools 4.4.2.0 2009.08.04 -

Prevx 3.0 2009.08.04 -

Rising 21.41.14.00 2009.08.04 -

Sophos 4.44.0 2009.08.04 -

Sunbelt 3.2.1858.2 2009.08.04 -

Symantec 1.4.4.12 2009.08.04 -

TheHacker 6.3.4.3.375 2009.08.01 -

TrendMicro 8.950.0.1094 2009.08.04 -

VBA32 3.12.10.9 2009.08.04 -

ViRobot 2009.8.4.1867 2009.08.04 -

VirusBuster 4.6.5.0 2009.08.04 -

 

Information additionnelle

File size: 10616 bytes

MD5...: b6f0b074e7da5bfa958aa3303e5c211b

SHA1..: 60f3071a184abf95586cb818044eae2a5fa07248

SHA256: ca1960ec388441e9f6038c577e212d9532581033a8aca80cc9047e6aa38bb6e8

ssdeep: 192:giRvOdbBoBWk30UcHJQEb7rDW/LSOxByJLrn4O8AbJv6p68In/WuzLrerX9I<BR>VtI0:7vObuBFcHSJ/LPfyhrCAbJCo8e9vsMv<BR>

PEiD..: -

TrID..: File type identification<BR>MPEG Video (100.0%)

PEInfo: -

PDFiD.: -

RDS...: NSRL Reference Data Set<BR>-

 

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.08.04 -

AhnLab-V3 5.0.0.2 2009.08.03 -

AntiVir 7.9.0.240 2009.08.04 -

Antiy-AVL 2.0.3.7 2009.08.04 -

Authentium 5.1.2.4 2009.08.03 -

Avast 4.8.1335.0 2009.08.04 -

AVG 8.5.0.406 2009.08.04 -

BitDefender 7.2 2009.08.04 -

CAT-QuickHeal 10.00 2009.08.04 -

ClamAV 0.94.1 2009.08.04 -

Comodo 1863 2009.08.04 -

DrWeb 5.0.0.12182 2009.08.04 -

eSafe 7.0.17.0 2009.08.04 -

eTrust-Vet 31.6.6657 2009.08.04 -

F-Prot 4.4.4.56 2009.08.03 -

F-Secure 8.0.14470.0 2009.08.04 -

Fortinet 3.120.0.0 2009.08.04 -

GData 19 2009.08.04 -

Ikarus T3.1.1.64.0 2009.08.04 -

Jiangmin 11.0.800 2009.08.04 -

K7AntiVirus 7.10.810 2009.08.04 -

Kaspersky 7.0.0.125 2009.08.04 -

McAfee 5697 2009.08.03 -

McAfee+Artemis 5697 2009.08.03 -

McAfee-GW-Edition 6.8.5 2009.08.04 -

Microsoft 1.4903 2009.08.04 -

NOD32 4305 2009.08.04 -

Norman 6.01.09 2009.08.04 -

nProtect 2009.1.8.0 2009.08.04 -

Panda 10.0.0.14 2009.08.03 -

PCTools 4.4.2.0 2009.08.04 -

Prevx 3.0 2009.08.04 -

Rising 21.41.14.00 2009.08.04 -

Sophos 4.44.0 2009.08.04 -

Sunbelt 3.2.1858.2 2009.08.04 -

Symantec 1.4.4.12 2009.08.04 -

TheHacker 6.3.4.3.375 2009.08.01 -

TrendMicro 8.950.0.1094 2009.08.04 -

VBA32 3.12.10.9 2009.08.04 -

ViRobot 2009.8.4.1867 2009.08.04 -

VirusBuster 4.6.5.0 2009.08.04 -

 

Information additionnelle

File size: 10616 bytes

MD5...: b6f0b074e7da5bfa958aa3303e5c211b

SHA1..: 60f3071a184abf95586cb818044eae2a5fa07248

SHA256: ca1960ec388441e9f6038c577e212d9532581033a8aca80cc9047e6aa38bb6e8

ssdeep: 192:giRvOdbBoBWk30UcHJQEb7rDW/LSOxByJLrn4O8AbJv6p68In/WuzLrerX9I<BR>VtI0:7vObuBFcHSJ/LPfyhrCAbJCo8e9vsMv<BR>

PEiD..: -

TrID..: File type identification<BR>MPEG Video (100.0%)

PEInfo: -

PDFiD.: -

RDS...: NSRL Reference Data Set<BR>-

jeanphy Member

jeanphy

Posté(e)
  • Auteur
Posté(e)

le rapport otmoveit:

 

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

File/Folder C:\Documents and Settings\NICOLAS BECQUET\Menu Démarrer\Programmes\Démarrage\ikowin32.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010\ deleted successfully.

========== SERVICES/DRIVERS ==========

 

Service\Driver catchme deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

 

User: NICOLAS BECQUET

->Temp folder emptied: 0 bytes

 

User: NICOLAS BECQUET.CPS-BE

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\227LCA2KRLPKCABOF7EICAYR7B3YCAOPP3LACA0S1Q5DCAIE4J36CAWQDHEDCA48LD1SCA4DWDF

KCA0NJJLTCAGSPC54CAMECGJ5CAHXP72BCALYFSR5CAHLN00UCALKXXCKCAWCCGZSCAGRAFZACATZVO7Y

CAE3NREB scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\23J0CAU8S009CALDZPW8CAJF9HEJCAOLNB63CA64TA2KCAV1MVOQCAHDGH4ICA7FNVEOCAZY7GI

FCAEHHCWKCA9FQY0NCA5ER86ICATWVY7ACADK0IGYCAO08WFWCA4PZ3CWCA77ZMPOCAERBCAQCA2DKKY5

CAH2BF23 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CALB5I8RCAM7H6KGCA6RCM6QCA4024VCCASOREVWCA5OW55SCADLK39ACA4O6VLHCA68BCY6CAI

OHP5DCA10T5AUCAM1JEYZCA6WDRPNCA0GZ3BYCAL3AMPFCA48BZNRCAV1117GCAML6AJPCA6ITTIDCAKI

HW6Q.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAMNC26TCA6IOHD7CADSNV05CACLGGXOCA89BKCQCAS21KX0CAX8158LCAG7CXLXCATPEABGCAE

DQRLQCAHQOWT8CAOEKBIRCA4JRAPNCAFMYSG1CA1WU26PCA4GXDX7CA5TKIVWCA90V97UCALKPLQUCASJ

PVBD.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAXSFJLPCAF8S2EQCAZCP3IXCAVB8QNYCAJ8NT7ZCAVN4F2ZCALVG9YECAE2D4Z6CARSN38OCAA

ARMUCCATQ5ZIOCAV7B1YUCA9UOF17CATTSQZFCAEH0SN4CADEFBOLCAC2DO23CALHGKAPCAKS4E7TCAJL

37FK.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\J8MGCAECESWNCA4OXARPCAKUYBODCAOE9KDBCAHRV19FCAPBPU8HCAM2RLE2CASTCT9MCAJVLR9

FCASA134QCABK14BRCA206QJ5CAGMZJHICAP5AY18CAVKJUVBCAQX12VRCAYLJ3CJCA9IW03NCARDJHMA

CAMZTYKJ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\REK9CA2P5UOJCAOE334WCAFZNSA1CAHDG8MYCA95OJJZCA67CIN9CAJF08OWCAY0SAYBCAC25KS

SCA3JJNDCCA7TRZDOCAS8UF32CAYNJMXMCA3W975TCAGVAO08CAR0L82ICA2BV066CACXAYLYCA4K49XM

CADR8DZF scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\UEW8CAOQASRWCAFREGP1CAYMTU9RCAV09X2FCA5C6VV8CAQA0312CAJJSS7QCA68SAPHCAD34NM

XCAGVYIRYCA2F97QDCAW4SAQ5CASE3H0GCAF366M9CAE9Q98WCAC4YNL1CAC9HTNMCAE4YOSOCARG96U2

CALWB9C3 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAGBN0ZYCACP9CQACAN5QN8KCAAQHJMFCA3LCU81CA7RJDENCA1UCDPSCAF5YYGBCADZ4EACCAW

VWKCFCAJJQJ8GCAY6KU0NCA0XFNA4CAD6SXEECA1X9JJSCAT9C6D7CA2XTCN0CAIKZPINCANFAS5PCA2F

DEIY.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAI34R8DCA4DI0TRCAAN0ND2CA0ODSPNCA0MBBF0CA852RV4CASZBJT6CAEGQQXFCATWIG8TCA8

A8KHJCA5FJWGECA4CR3BQCAU5VZFQCAJM3NUPCA1RASQECA56E11YCA457NJTCATULBKDCAYFAF66CAZU

P93H.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAKFNV0BCANAOKUXCAWN76QQCANW3LKZCAH5QNEYCAZ19AWMCALIBZ90CARFHBV6CA9FXM4RCAI

YY6NNCA9QTXUNCAYTCGKRCAAIRHEVCAUFEMTZCABVC4C3CAB8D0WMCABJJY30CA1MGEB6CAFZQFN9CARL

MD03.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAOH3H9KCA9JHF40CA0F9BM6CAU1SBT4CAZYD9J8CAB2LYH9CAEODYHICA0R770NCAQ76PWECAG

HJ23DCA8YW6M6CAXXLN1QCA7S2Y1OCALA54CICAWOUJ77CAZPNGF2CA2Z5ZUPCAJYPEJKCAT9CXK5CA29

2GOQ.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAQKSLQ1CA1OGXLHCACD2VIZCARET60CCA6GIGFRCAJDX53BCASZT2PBCA3LXD26CA2GVY3TCAV

B4PK8CABBTL69CAXWW7Y0CAHHJQHBCA7Y7H3GCA5X5NKQCASSRXD8CAFJ3WW0CAF8IXT8CAJTOSETCAFL

X3BE.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA2XGKE5CAN9NK2ECAJ4VJMICALPF9DUCAMBWT9JCADV4Y6ICAHPMKEOCA3E3NAACAM0JNNQCA9

3RE8VCA1JMWF5CASRODF3CA5NMTBXCAH6U2G2CAMAYJ73CA6TLAOZCAKJ17WLCA06EYE7CAODCWX6CALJ

UMNU.txt scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7NX99UCAMFHN64CA8LK7G7CADL9RUZCACO5C0UCAQ57353CA6Y2LZACA5XCCH2CAZB0WVGCAV

GO2I0CACV452RCAYN0I5PCAOB8OPSCA7SU5VOCAQIXWEDCAXL4W5TCA8OUVSSCAWO9HX0CAHKPZY3CA4A

SDSU.txt scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7UH7WCCAAVWX6GCA45F64GCAASO326CALOAT5FCAMC4NWECA0DQRB7CAM046LXCA05V8GICAU

CGKEYCAH4AR8MCA12OE8ECAPOELR0CAO7HFQKCAMX6N65CAMEBDRJCAJA5AORCAN3UOM1CA1TNW5XCAWC

T2EE.txt scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA9E01OECAQSTHU4CAF33OQ4CAFF6GSQCA5OGEG8CAKFWUHBCA0NK4AYCA28TTRZCA3AGRFYCAZ

JO9ZMCAGSR66HCAGP1WEUCAJS003ECAPENMGICAHGN3IWCA3QXLZDCACWQD1SCAJODWEHCATGVRRNCA8A

W441.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAKP6AIACA1UOZ1TCAZW4WCQCAX2COW3CAUYZTPMCAOYMW7WCAJNTKUBCAKQW6DXCAIU62O9CAJ

H5GJMCAZK9CYHCAVVV3V1CA6810WOCAN4LRZ2CA3HF1I1CA76QJI7CADCBPM2CA04XWRMCAXUXNUZCA1X

GIDK.txt scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAUJDZGHCAVMYW85CA1KOKV2CAFPD3LYCA8FVBNDCAY3JHDDCABVUYKLCA8P21Y6CAMWDYJMCA9

V1N4DCAJ0O47ECA10MW0XCA2IEGY4CAS053O7CATNEBUHCABPOLMUCAN9TMNQCAJKHA9GCA02Z03RCAZ7

WUS1.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\0VAWCA4UXC4MCA5VKGYICA3U3TNBCAJUMIE2CANMTHOMCA6FK6GGCAPTYG2BCAI1Y2IJCAHNMQOIC

AK87D79CANTWI2SCAYZXOUGCADL3MVKCAUSUDG5CAC1X34ECAENZF4ECAVM94NECAGZV3N3CAN4A521CA

Q5NSBZ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\2OVDCAYO80R2CAX31Y4NCAWTUQO9CAYG71QPCA4NBJIICA5S28OLCAXUYQX1CA11DUMZCA4QC68

RCAQ4FEQXCA0WHRBVCA8PQL2CCADBN5VWCAYLBN4WCAYJOW6PCAUT20E2CA2MR887CA5KV7NNCA2ZTVLI

CA7WX2JD scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\9AFHCAVAAPX5CA1S0SJZCATEN01UCAP1WW5YCA23R304CAMOD0YVCA3BKX60CA0ZEE2ICAJGKBL

NCA08KIPBCABEKME6CAV877A7CAGCJMP4CA33IR2NCAT7DH62CA95X34KCAFRZ3N0CADSRY0ZCA7RFGJP

CAVSH0GA scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CA0E93U3CAD4XRI8CA54VXV7CA5AN30BCA0ZC3UICA3N30IOCAZBG90FCAFY0D0HCA1D251MCAG

RRZL2CAP55FL8CA11MRUGCAIPAQQGCA48MIOKCA6XLEKQCA5LZD2NCACJRA9ICA21Q7ZBCA88DAY0CA6R

GX0C.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CAUKR83ECACWB2QJCAP270YACATEZ99NCAQTDS9VCA9DP3JICAZOD94JCA5QG1HNCA7L4DJACA0

T0I5OCAFZJ3LBCAPCRWMJCA3CKQGHCAPYVMKOCAHIDGB6CAFB36BWCAPTMEK0CA02Y50MCAA330Q3CAFX

LHGB.htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\OZKJCAO8Z2UFCARYM2EICA2QD4H6CACAHOMACAQGVY9CCA1FHPMDCA2FLDCXCA4RGGW0CADKYSZ

UCAL3L9KBCAPMKA33CA1T7WBXCAAM2IWCCAVLHNEYCARDZRB9CAYTUQACCA97AO4HCAM6JXQLCAF811VC

CAAPT5M8 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\TYKNCAGFAVIGCA87XOT0CAJZBCY2CA62VAP0CARUNON5CAPCG6Z3CAHJ98AWCA8M4R93CAR1SGM

ICAH2E496CATIBE98CAJSOVSXCA7MG8DRCA4XDIYVCAHLP3RWCA5T09CUCAKUNBXSCAA2V469CAFTTRK4

CA0QWW71 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\VZWXCARWSJ5ICATG47GTCAUKRTDPCA8NX54GCA2DUT3DCABX3QL1CAQXEWXVCA8HZSU0CAKS026

ACAJIBTJXCADJSQHWCA03H4OLCA1KOSHVCAE0193HCAZ3W5Z0CAJY5C0ECADI6SRRCAKL6HL9CAIUZZL2

CAXP15AU scheduled to be deleted on reboot.

->Temp folder emptied: 3284331 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2351795 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

Windows Temp folder emptied: 696261 bytes

RecycleBin emptied: 781909 bytes

 

Total Files Cleaned = 6,79 mb

 

 

OTM by OldTimer - Version 3.0.0.5 log created on 08042009_162924

 

Files moved on Reboot...

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\227LCA2KRLPKCABOF7EICAYR7B3YCAOPP3LACA0S1Q5DCAIE4J36CAWQDHEDCA48LD1SCA4DWDF

KCA0NJJLTCAGSPC54CAMECGJ5CAHXP72BCALYFSR5CAHLN00UCALKXXCKCAWCCGZSCAGRAFZACATZVO7Y

CAE3NREB not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\23J0CAU8S009CALDZPW8CAJF9HEJCAOLNB63CA64TA2KCAV1MVOQCAHDGH4ICA7FNVEOCAZY7GI

FCAEHHCWKCA9FQY0NCA5ER86ICATWVY7ACADK0IGYCAO08WFWCA4PZ3CWCA77ZMPOCAERBCAQCA2DKKY5

CAH2BF23 not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CALB5I8RCAM7H6KGCA6RCM6QCA4024VCCASOREVWCA5OW55SCADLK39ACA4O6VLHCA68BCY6CAI

OHP5DCA10T5AUCAM1JEYZCA6WDRPNCA0GZ3BYCAL3AMPFCA48BZNRCAV1117GCAML6AJPCA6ITTIDCAKI

HW6Q.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAMNC26TCA6IOHD7CADSNV05CACLGGXOCA89BKCQCAS21KX0CAX8158LCAG7CXLXCATPEABGCAE

DQRLQCAHQOWT8CAOEKBIRCA4JRAPNCAFMYSG1CA1WU26PCA4GXDX7CA5TKIVWCA90V97UCALKPLQUCASJ

PVBD.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\CAXSFJLPCAF8S2EQCAZCP3IXCAVB8QNYCAJ8NT7ZCAVN4F2ZCALVG9YECAE2D4Z6CARSN38OCAA

ARMUCCATQ5ZIOCAV7B1YUCA9UOF17CATTSQZFCAEH0SN4CADEFBOLCAC2DO23CALHGKAPCAKS4E7TCAJL

37FK.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\J8MGCAECESWNCA4OXARPCAKUYBODCAOE9KDBCAHRV19FCAPBPU8HCAM2RLE2CASTCT9MCAJVLR9

FCASA134QCABK14BRCA206QJ5CAGMZJHICAP5AY18CAVKJUVBCAQX12VRCAYLJ3CJCA9IW03NCARDJHMA

CAMZTYKJ not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\REK9CA2P5UOJCAOE334WCAFZNSA1CAHDG8MYCA95OJJZCA67CIN9CAJF08OWCAY0SAYBCAC25KS

SCA3JJNDCCA7TRZDOCAS8UF32CAYNJMXMCA3W975TCAGVAO08CAR0L82ICA2BV066CACXAYLYCA4K49XM

CADR8DZF not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\V1ECNFJT\UEW8CAOQASRWCAFREGP1CAYMTU9RCAV09X2FCA5C6VV8CAQA0312CAJJSS7QCA68SAPHCAD34NM

XCAGVYIRYCA2F97QDCAW4SAQ5CASE3H0GCAF366M9CAE9Q98WCAC4YNL1CAC9HTNMCAE4YOSOCARG96U2

CALWB9C3 not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAGBN0ZYCACP9CQACAN5QN8KCAAQHJMFCA3LCU81CA7RJDENCA1UCDPSCAF5YYGBCADZ4EACCAW

VWKCFCAJJQJ8GCAY6KU0NCA0XFNA4CAD6SXEECA1X9JJSCAT9C6D7CA2XTCN0CAIKZPINCANFAS5PCA2F

DEIY.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAI34R8DCA4DI0TRCAAN0ND2CA0ODSPNCA0MBBF0CA852RV4CASZBJT6CAEGQQXFCATWIG8TCA8

A8KHJCA5FJWGECA4CR3BQCAU5VZFQCAJM3NUPCA1RASQECA56E11YCA457NJTCATULBKDCAYFAF66CAZU

P93H.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAKFNV0BCANAOKUXCAWN76QQCANW3LKZCAH5QNEYCAZ19AWMCALIBZ90CARFHBV6CA9FXM4RCAI

YY6NNCA9QTXUNCAYTCGKRCAAIRHEVCAUFEMTZCABVC4C3CAB8D0WMCABJJY30CA1MGEB6CAFZQFN9CARL

MD03.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAOH3H9KCA9JHF40CA0F9BM6CAU1SBT4CAZYD9J8CAB2LYH9CAEODYHICA0R770NCAQ76PWECAG

HJ23DCA8YW6M6CAXXLN1QCA7S2Y1OCALA54CICAWOUJ77CAZPNGF2CA2Z5ZUPCAJYPEJKCAT9CXK5CA29

2GOQ.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RJCDGG4S\CAQKSLQ1CA1OGXLHCACD2VIZCARET60CCA6GIGFRCAJDX53BCASZT2PBCA3LXD26CA2GVY3TCAV

B4PK8CABBTL69CAXWW7Y0CAHHJQHBCA7Y7H3GCA5X5NKQCASSRXD8CAFJ3WW0CAF8IXT8CAJTOSETCAFL

X3BE.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA2XGKE5CAN9NK2ECAJ4VJMICALPF9DUCAMBWT9JCADV4Y6ICAHPMKEOCA3E3NAACAM0JNNQCA9

3RE8VCA1JMWF5CASRODF3CA5NMTBXCAH6U2G2CAMAYJ73CA6TLAOZCAKJ17WLCA06EYE7CAODCWX6CALJ

UMNU.txt not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7NX99UCAMFHN64CA8LK7G7CADL9RUZCACO5C0UCAQ57353CA6Y2LZACA5XCCH2CAZB0WVGCAV

GO2I0CACV452RCAYN0I5PCAOB8OPSCA7SU5VOCAQIXWEDCAXL4W5TCA8OUVSSCAWO9HX0CAHKPZY3CA4A

SDSU.txt not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA7UH7WCCAAVWX6GCA45F64GCAASO326CALOAT5FCAMC4NWECA0DQRB7CAM046LXCA05V8GICAU

CGKEYCAH4AR8MCA12OE8ECAPOELR0CAO7HFQKCAMX6N65CAMEBDRJCAJA5AORCAN3UOM1CA1TNW5XCAWC

T2EE.txt not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CA9E01OECAQSTHU4CAF33OQ4CAFF6GSQCA5OGEG8CAKFWUHBCA0NK4AYCA28TTRZCA3AGRFYCAZ

JO9ZMCAGSR66HCAGP1WEUCAJS003ECAPENMGICAHGN3IWCA3QXLZDCACWQD1SCAJODWEHCATGVRRNCA8A

W441.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAKP6AIACA1UOZ1TCAZW4WCQCAX2COW3CAUYZTPMCAOYMW7WCAJNTKUBCAKQW6DXCAIU62O9CAJ

H5GJMCAZK9CYHCAVVV3V1CA6810WOCAN4LRZ2CA3HF1I1CA76QJI7CADCBPM2CA04XWRMCAXUXNUZCA1X

GIDK.txt not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\RE19HUTX\CAUJDZGHCAVMYW85CA1KOKV2CAFPD3LYCA8FVBNDCAY3JHDDCABVUYKLCA8P21Y6CAMWDYJMCA9

V1N4DCAJ0O47ECA10MW0XCA2IEGY4CAS053O7CATNEBUHCABPOLMUCAN9TMNQCAJKHA9GCA02Z03RCAZ7

WUS1.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\0VAWCA4UXC4MCA5VKGYICA3U3TNBCAJUMIE2CANMTHOMCA6FK6GGCAPTYG2BCAI1Y2IJCAHNMQOIC

AK87D79CANTWI2SCAYZXOUGCADL3MVKCAUSUDG5CAC1X34ECAENZF4ECAVM94NECAGZV3N3CAN4A521CA

Q5NSBZ not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\2OVDCAYO80R2CAX31Y4NCAWTUQO9CAYG71QPCA4NBJIICA5S28OLCAXUYQX1CA11DUMZCA4QC68

RCAQ4FEQXCA0WHRBVCA8PQL2CCADBN5VWCAYLBN4WCAYJOW6PCAUT20E2CA2MR887CA5KV7NNCA2ZTVLI

CA7WX2JD not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\9AFHCAVAAPX5CA1S0SJZCATEN01UCAP1WW5YCA23R304CAMOD0YVCA3BKX60CA0ZEE2ICAJGKBL

NCA08KIPBCABEKME6CAV877A7CAGCJMP4CA33IR2NCAT7DH62CA95X34KCAFRZ3N0CADSRY0ZCA7RFGJP

CAVSH0GA not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CA0E93U3CAD4XRI8CA54VXV7CA5AN30BCA0ZC3UICA3N30IOCAZBG90FCAFY0D0HCA1D251MCAG

RRZL2CAP55FL8CA11MRUGCAIPAQQGCA48MIOKCA6XLEKQCA5LZD2NCACJRA9ICA21Q7ZBCA88DAY0CA6R

GX0C.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\CAUKR83ECACWB2QJCAP270YACATEZ99NCAQTDS9VCA9DP3JICAZOD94JCA5QG1HNCA7L4DJACA0

T0I5OCAFZJ3LBCAPCRWMJCA3CKQGHCAPYVMKOCAHIDGB6CAFB36BWCAPTMEK0CA02Y50MCAA330Q3CAFX

LHGB.htm not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\OZKJCAO8Z2UFCARYM2EICA2QD4H6CACAHOMACAQGVY9CCA1FHPMDCA2FLDCXCA4RGGW0CADKYSZ

UCAL3L9KBCAPMKA33CA1T7WBXCAAM2IWCCAVLHNEYCARDZRB9CAYTUQACCA97AO4HCAM6JXQLCAF811VC

CAAPT5M8 not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\TYKNCAGFAVIGCA87XOT0CAJZBCY2CA62VAP0CARUNON5CAPCG6Z3CAHJ98AWCA8M4R93CAR1SGM

ICAH2E496CATIBE98CAJSOVSXCA7MG8DRCA4XDIYVCAHLP3RWCA5T09CUCAKUNBXSCAA2V469CAFTTRK4

CA0QWW71 not found!

File C:\Documents and Settings\NICOLAS BECQUET.CPS-BE\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\2EYAQ4W4\VZWXCARWSJ5ICATG47GTCAUKRTDPCA8NX54GCA2DUT3DCABX3QL1CAQXEWXVCA8HZSU0CAKS026

ACAJIBTJXCADJSQHWCA03H4OLCA1KOSHVCAE0193HCAZ3W5Z0CAJY5C0ECADI6SRRCAKL6HL9CAIUZZL2

CAXP15AU not found!

 

Registry entries deleted on Reboot...

 

et virus total:

 

 

Fichier gifowola.vbs reçu le 2009.08.04 14:43:50 (UTC)Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.24 2009.08.04 -

AhnLab-V3 5.0.0.2 2009.08.03 -

AntiVir 7.9.0.240 2009.08.04 -

Antiy-AVL 2.0.3.7 2009.08.04 -

Authentium 5.1.2.4 2009.08.03 -

Avast 4.8.1335.0 2009.08.04 -

AVG 8.5.0.406 2009.08.04 -

BitDefender 7.2 2009.08.04 -

CAT-QuickHeal 10.00 2009.08.04 -

ClamAV 0.94.1 2009.08.04 -

Comodo 1863 2009.08.04 -

DrWeb 5.0.0.12182 2009.08.04 -

eSafe 7.0.17.0 2009.08.04 -

eTrust-Vet 31.6.6657 2009.08.04 -

F-Prot 4.4.4.56 2009.08.03 -

F-Secure 8.0.14470.0 2009.08.04 -

Fortinet 3.120.0.0 2009.08.04 -

GData 19 2009.08.04 -

Ikarus T3.1.1.64.0 2009.08.04 -

Jiangmin 11.0.800 2009.08.04 -

K7AntiVirus 7.10.810 2009.08.04 -

Kaspersky 7.0.0.125 2009.08.04 -

McAfee 5697 2009.08.03 -

McAfee+Artemis 5697 2009.08.03 -

McAfee-GW-Edition 6.8.5 2009.08.04 -

Microsoft 1.4903 2009.08.04 -

NOD32 4305 2009.08.04 -

Norman 6.01.09 2009.08.04 -

nProtect 2009.1.8.0 2009.08.04 -

Panda 10.0.0.14 2009.08.03 -

PCTools 4.4.2.0 2009.08.04 -

Prevx 3.0 2009.08.04 -

Rising 21.41.14.00 2009.08.04 -

Sophos 4.44.0 2009.08.04 -

Sunbelt 3.2.1858.2 2009.08.04 -

Symantec 1.4.4.12 2009.08.04 -

TheHacker 6.3.4.3.375 2009.08.01 -

TrendMicro 8.950.0.1094 2009.08.04 -

VBA32 3.12.10.9 2009.08.04 -

ViRobot 2009.8.4.1867 2009.08.04 -

VirusBuster 4.6.5.0 2009.08.04 -

 

Information additionnelle

File size: 18077 bytes

MD5...: fb65de94da88747a5feb3c8ff5e91cb4

SHA1..: 6adfb68b733d3992ddb4aca20e36857f5cb1ff54

SHA256: a66f093d23855a07a99f3210f62b51eb8c237ff58ca85922554b1f2eb1ad6cb6

ssdeep: 384:JCTiKY2+1+KAMrAnHStMAzXbFRWyaw+GxiPmm7LZZI18LYkA2PeBAe8:0TiK<BR>J+1+KWSr/WwiP5X//yz8<BR>

PEiD..: -

TrID..: File type identification<BR>Unknown!

PEInfo: -

PDFiD.: -

RDS...: NSRL Reference Data Set<BR>-

jeanphy Member

jeanphy

Posté(e)
  • Auteur
Posté(e) (modifié)

un petit mbam encore:

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2557

Windows 5.1.2600 Service Pack 3

 

04/08/2009 16:52:12

mbam-log-2009-08-04 (16-52-12).txt

 

Type de recherche: Examen rapide

Eléments examinés: 93627

Temps écoulé: 2 minute(s), 25 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 5

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet connection wizard setup tool (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\NICOLAS _\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

C:\Documents and Settings\NICOLAS _E\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Shortcuts\icwsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Modifié par jeanphy
Invité
Ce sujet ne peut plus recevoir de nouvelles réponses.
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...