Sécurité informatique Forum Index

Sécurité informatique
Sécurité informatique

 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Kaspersky : Scanner en ligne

Logo Sonnerie Mobile
Sonneries et Logos les moins cher du web pour mobile		Meilleur Mobile .com
Leader de la vente de mobiles opérateurs au meilleur prix !		Rachat crédit immobilier
Comparez les taux, obtenez les taux bas pour votre crédit
Liens sponsorisés

infection vundo
Goto page: 1, 2, 3  >
 
Post new topic   Reply to topic    Sécurité informatique Forum Index -> Sécurité informatique -> Désinfection
Previous topic :: Next topic  
Author Message
Bruce Lee
Administrateur

Offline

Joined: 15 Mar 2007
Posts: 1,240
Point(s): 0
Moyenne de points: 0.00
PostPosted: 30/04/2008 13:06:26    Post subject: infection vundo Reply with quote
SUJET DE chevreuil59112

Bonjour Bruce Lee,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:36, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Tele2\FSPC\fspc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/support/driver.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
O2 - BHO: (no name) - {1B2F4009-60A3-406A-B047-FC485378C5A2} - C:\WINDOWS\system32\qoMfcbxw.dll
O2 - BHO: (no name) - {2D699711-8461-B5F6-F603-0A967BF810D2} - C:\WINDOWS\system32\zgrexbtl.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {93F4E8CF-9DBB-4571-B53A-EAFE30C306E2} - C:\WINDOWS\system32\qoMGAqnK.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {23511682-818c-0b68-8304-b6c42926131b} - {b1316292-4c6b-4038-86b0-c81828611532} - C:\WINDOWS\system32\wuorwqsm.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\ddcBUnkj.dll
O2 - BHO: (no name) - {F651AAA7-6AA2-4571-962E-D1E20473B0B1} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vljwqixz] C:\WINDOWS\system32\vljwqixz.exe
O4 - HKLM\..\Run: [fifipibo] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\fifipibo.dll"
O4 - HKLM\..\Run: [SBI] D:\Documents and Settings\Jean Claude.HERMELLE\Local Settings\Temporary Internet Files\Content.IE5\C8FISGLN\install_sbd_fr[1].exe
O4 - HKLM\..\Run: [d4c4b22f] rundll32.exe "C:\WINDOWS\system32\mbovgcrb.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMd7f781b3] Rundll32.exe "C:\WINDOWS\system32\khxapjfu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DU Meter] C:\WINDOWS\system32\DUMeter.exe
O4 - HKLM\..\Policies\Explorer\Run: [AzVxoAtKAc] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4055652696-2424855875-2636023318-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Jean Claude')
O4 - HKUS\S-1-5-21-4055652696-2424855875-2636023318-1007\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background (User 'Jean Claude')
O4 - HKUS\S-1-5-21-4055652696-2424855875-2636023318-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jean Claude')
O4 - HKUS\S-1-5-21-4055652696-2424855875-2636023318-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" (User 'Jean Claude')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SM.lnk = C:\Program Files\SM\skymessnet.exe
O4 - Global Startup: .protected
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Pack Sécurité TELE2 Internet.lnk = C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/…
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: ddcBUnkj - C:\WINDOWS\SYSTEM32\ddcBUnkj.dll
O20 - Winlogon Notify: winrvc32 - C:\WINDOWS\SYSTEM32\winrvc32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - F-Secure Corp. - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Control Pro (RCPServer) - Unknown owner - C:\Program Files\Remote Control Pro\rcpserver.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14694 bytes

_________________
_________________
ttt
Back to top
Bruce Lee
Administrateur

Offline

Joined: 15 Mar 2007
Posts: 1,240
Point(s): 0
Moyenne de points: 0.00
PostPosted: 30/04/2008 13:08:01    Post subject: infection vundo Reply with quote
Bonjour chevreuil59112 et bienvenue sur ce forum Wink

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :[list]

Démarre en mode sans échec http://cybersecurite.xooit.com/t88-Demarrer-en-Mode-sans-echec.htm#665

Déroule la liste des instructions ci-dessous :

  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum


1. Télécharge combofix.exe (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

sur ton Bureau.

2. Double clique sur combofix.exe pour lancer le scan.
3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
_________________
ttt
Back to top
chevreuil59112


Offline

Joined: 29 Apr 2008
Posts: 16
Point(s): 0
Moyenne de points: 0.00
PostPosted: 30/04/2008 20:56:11    Post subject: infection vundo Reply with quote
Alala merci beaucoup pour ton aide, voila le raport de SDFix :



SDFix: Version 1.177
Run by BRICE on 30/04/2008 at 20:03

Microsoft Windows XP [version 5.1.2600]
Running From: D:\DOCUME~1\BRICE~1.HER\Bureau\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\-72530~1 - Deleted
C:\.protected - Deleted
C:\WINDOWS\system32\drivers\etc\.protected - Deleted
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\system\smss.exe - Deleted
C:\WINDOWS\system\smvss.exe - Deleted
C:\WINDOWS\system32\msvchost.exe - Deleted
C:\WINDOWS\system32\winsystem.exe - Deleted
C:\WINDOWS\system32\winupdate.exe - Deleted
C:\WINDOWS\Web\def.htm - Deleted



Folder C:\Program Files\akl - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 20:37:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,97,1e,76,d9,87,e3,e7,a3,9a,63,73,db,13,69,a7,00,cd,64,97,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,97,1e,76,d9,87,e3,e7,a3,9a,63,73,db,13,69,a7,00,cd,64,97,e4,..

scanning hidden registry entries ...

scanning hidden files ...

folder error: D:\Documents and Settings\BRICE.HERMELLE

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Tele2\\backweb\\2338637\\Program\\fspex.exe"="C:\\Program Files\\Tele2\\backweb\\2338637\\program\\fspex.exe:*:enabled:Pack S‚curit‚ TELE2 Internet"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\77exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\77exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\20exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\20exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\19exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\19exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\94exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\94exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\63exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\63exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\89exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\89exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\18exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\18exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\38exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\38exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\8exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\8exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\80exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\80exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\33exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\33exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\60exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\60exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\86exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\86exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\68exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\68exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\20exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\20exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\75exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\75exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\22exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\22exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\42exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\42exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\46exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\46exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\0exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\0exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\4exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\4exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\78exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\78exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\92exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\92exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\91exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\91exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\88exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\88exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\3exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\3exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\27exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\27exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\55exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\55exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\0exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\0exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\16exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\16exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\31exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\31exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\28exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\28exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\65exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\65exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\29exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\29exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\64exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\64exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\97exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\97exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\13exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\13exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\71exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\71exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\81exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\81exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\44exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\44exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\8exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\8exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\95exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\95exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\72exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\72exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\48exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\48exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\79exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\79exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\96exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\96exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\84exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\84exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\53exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\53exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\14exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\14exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\72exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\72exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\32exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\32exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\41exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\41exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\63exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\63exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\45exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\45exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\34exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\34exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\66exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\66exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\67exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\67exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\86exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\86exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\52exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\52exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\17exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\17exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\10exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\10exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\52exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\52exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\61exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\61exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\1exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\1exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\2exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\2exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\38exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\38exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\37exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\37exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\11exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\11exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\35exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\35exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\98exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\98exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\69exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\69exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\49exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\49exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\37exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\37exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\1exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\1exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\77exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\77exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\9exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\9exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\83exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\83exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\3exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\3exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\95exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\95exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\15exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\15exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\22exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\22exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\4exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\4exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\23exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\23exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\61exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\61exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\90exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\90exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\18exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\18exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\35exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\35exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\57exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\57exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\69exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\69exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\32exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\32exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\59exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\59exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\12exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\12exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\89exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\89exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\21exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\21exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\57exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\57exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\99exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\99exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\24exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\24exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\73exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\73exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\79exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\79exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\90exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\90exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\14exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\14exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\44exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\44exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\36exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\36exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\58exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\58exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\80exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\80exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\51exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\51exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\55exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\55exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\26exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\26exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\15exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\15exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\53exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\53exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\25exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\25exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\23exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\23exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\26exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\26exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\64exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\64exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\30exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\30exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\45exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\45exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\34exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\34exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\47exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\47exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\21exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\21exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\43exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\43exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\17exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\17exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\5exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\5exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\58exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\58exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\47exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\47exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\74exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\74exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\39exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\39exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\40exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\40exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\9exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\9exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\59exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\59exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\54exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\54exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\24exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\24exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\87exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\87exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\82exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\82exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\39exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\39exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\88exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\88exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\7exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\7exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\97exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\97exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\6exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\6exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\84exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\84exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\56exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\56exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\5exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\5exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\33exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\33exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\60exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\60exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\92exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\92exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\43exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\43exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\68exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\68exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\83exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\83exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\74exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\74exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\25exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\25exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\48exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\48exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\99exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\99exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\7exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\7exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\16exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\16exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\70exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\70exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\85exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\85exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\54exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\54exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\36exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\36exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\51exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\51exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\27exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\27exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\73exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\73exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\41exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\41exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\56exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\56exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\85exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\85exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\11exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\11exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\82exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\82exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\91exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\91exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\78exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\78exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\6exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\6exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\87exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\87exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\13exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\13exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\62exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\62exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\50exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\50exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\67exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\67exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\75exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\75exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\30exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\30exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\93exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\93exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\46exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\46exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\47ex"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\47ex:*:Enabled:Microsoft Update"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\29exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\29exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\81exinjs.ab.exe"="D:\\DOCUME~1\\BRICE~1.HER\\LOCALS~1\\Temp\\81exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\2exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\2exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\70exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\70exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\10exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\10exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\19exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\19exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\28exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\28exinjs.ab.exe:*:Enabled:Microsoft Update"
"D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\40exinjs.ab.exe"="D:\\DOCUME~1\\JEANCL~1.HER\\LOCALS~1\\Temp\\40exinjs.ab.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Tele2\\backweb\\2338637\\Program\\fspex.exe"="C:\\Program Files\\Tele2\\backweb\\2338637\\program\\fspex.exe:*:enabled:Pack S‚curit‚ TELE2 Internet"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - D:\DOCUME~1\BRICE~1.HER\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 30 Nov 2005 215 A.SHR --- "C:\BOOT.BAK"
Sun 6 Apr 2008 24 ..SH. --- "C:\WINDOWS\S5E35E946.tmp"
Tue 31 May 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Fri 18 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3baf18ad8b1aef3a4fc43c15f7b3a2c9\BIT7.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT2.tmp"
Fri 18 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\771350e502329b319ea4189fe126f571\BIT6.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT3.tmp"
Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

Finished!
Back to top
Bruce Lee
Administrateur

Offline

Joined: 15 Mar 2007
Posts: 1,240
Point(s): 0
Moyenne de points: 0.00
PostPosted: 30/04/2008 21:04:55    Post subject: infection vundo Reply with quote
Re,

Merci d'utiliser ComboFix comme dit dans mon premier post.

@+
_________________
ttt
Back to top
chevreuil59112


Offline

Joined: 29 Apr 2008
Posts: 16
Point(s): 0
Moyenne de points: 0.00
PostPosted: 30/04/2008 21:12:54    Post subject: infection vundo Reply with quote
Merci d'avoir repondut rapidement, voila celui de ComboFix :

ComboFix 08-04-29.5 - Jean Claude 2008-04-30 20:57:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1251 [GMT 2:00]
Endroit: D:\Documents and Settings\Jean Claude.HERMELLE\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\iSecurity
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\ucleaner.bmp
C:\Program Files\iSecurity\ucleaner.ico
C:\Program Files\iSecurity\ucleaneri.bmp
C:\Program Files\iSecurity\udefender.bmp
C:\Program Files\iSecurity\udefender.ico
C:\Program Files\iSecurity\udefenderi.bmp
C:\Program Files\iSecurity\v7\iSecurity.cpl
C:\Program Files\iSecurity\winifixer.bmp
C:\Program Files\iSecurity\winifixer.ico
C:\Program Files\iSecurity\winifixeri.bmp
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\Installer\{425153b4-be80-42c9-864e-a1ad49690e9a}
C:\WINDOWS\Installer\{425153b4-be80-42c9-864e-a1ad49690e9a}\UnknownSetup.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\resources\PrxCheck.dll
C:\WINDOWS\system32\172135\172135.dll
C:\WINDOWS\system32\609856\609856.dll
C:\WINDOWS\system32\aneswltr.ini
C:\WINDOWS\system32\awcavfmo.dll
C:\WINDOWS\system32\bcsfxyhy.dll
C:\WINDOWS\system32\bjiwxmtv.dll
C:\WINDOWS\system32\BJSBdcdd.ini
C:\WINDOWS\system32\BJSBdcdd.ini2
C:\WINDOWS\system32\bkeqtbex.ini
C:\WINDOWS\system32\brcgvobm.ini
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\cbnlrwfe.dll
C:\WINDOWS\system32\cgrdyecd.dll
C:\WINDOWS\system32\CMTCJkkj.ini
C:\WINDOWS\system32\CMTCJkkj.ini2
C:\WINDOWS\system32\cqyxnqec.ini
C:\WINDOWS\system32\ddcBUnkj.dll
C:\WINDOWS\system32\ddcdBSJB.dll
C:\WINDOWS\system32\djjajsvn.dll
C:\WINDOWS\system32\DMSrAJlm.ini
C:\WINDOWS\system32\DMSrAJlm.ini2
C:\WINDOWS\system32\efwrlnbc.ini
C:\WINDOWS\system32\efwrlnbc.ini2
C:\WINDOWS\system32\ejokpmwk.ini
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\eopmdpwi.dll
C:\WINDOWS\system32\geBuSKCt.dll
C:\WINDOWS\system32\glgxglbl.dll
C:\WINDOWS\system32\HRBKmUtv.ini
C:\WINDOWS\system32\HRBKmUtv.ini2
C:\WINDOWS\system32\iifcCsTj.dll
C:\WINDOWS\system32\iSecurity.cpl
C:\WINDOWS\system32\jkkJCTMC.dll
C:\WINDOWS\system32\jnbvbhar.dll
C:\WINDOWS\system32\jTsCcfii.ini
C:\WINDOWS\system32\jTsCcfii.ini2
C:\WINDOWS\system32\jwcpwqfl.ini
C:\WINDOWS\system32\khxapjfu.dll
C:\WINDOWS\system32\khxiscfl.dll
C:\WINDOWS\system32\kksivwpw.dll
C:\WINDOWS\system32\KnqAGMoq.ini
C:\WINDOWS\system32\KnqAGMoq.ini2
C:\WINDOWS\system32\kphnitya.ini
C:\WINDOWS\system32\kwmpkoje.dll
C:\WINDOWS\system32\lfqwpcwj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJArSMD.dll
C:\WINDOWS\system32\MmmoWyay.ini
C:\WINDOWS\system32\MmmoWyay.ini2
C:\WINDOWS\system32\msdiqyfu.dll
C:\WINDOWS\system32\nbcidjcp.dll
C:\WINDOWS\system32\oltwwgxt.ini
C:\WINDOWS\system32\pmnnNeBr.dll
C:\WINDOWS\system32\pyollkii.dll
C:\WINDOWS\system32\qoMfcbxw.dll
C:\WINDOWS\system32\rBeNnnmp.ini
C:\WINDOWS\system32\rBeNnnmp.ini2
C:\WINDOWS\system32\rxhvpuou.ini
C:\WINDOWS\system32\rxoqyffq.dll
C:\WINDOWS\system32\shaknrvw.ini
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\svsahrfr.ini
C:\WINDOWS\system32\tCKSuBeg.ini
C:\WINDOWS\system32\tCKSuBeg.ini2
C:\WINDOWS\system32\uqppinpj.ini
C:\WINDOWS\system32\vtmxwijb.ini
C:\WINDOWS\system32\whbcpqqh.dll
C:\WINDOWS\system32\winrvc32.dll
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\wpwviskk.ini
C:\WINDOWS\system32\wuorwqsm.dll
C:\WINDOWS\system32\wvUmlKBQ.dll
C:\WINDOWS\system32\wxbcfMoq.ini
C:\WINDOWS\system32\wxbcfMoq.ini2
C:\WINDOWS\system32\xebtqekb.dll
C:\WINDOWS\system32\xkqehujr.dll
C:\WINDOWS\system32\yayHNqss.ini
C:\WINDOWS\system32\yayHNqss.ini2
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
.

2008-04-30 20:44 . 2008-04-30 21:01 <REP> d-------- C:\WINDOWS\system32\172135
2008-04-30 20:43 . 2008-04-30 21:01 <REP> d-------- C:\WINDOWS\system32\609856
2008-04-30 20:43 . 2008-04-30 20:43 <REP> d-------- C:\Program Files\IE Extensions
2008-04-30 20:43 . 2008-04-30 20:43 5,690 --a------ C:\Program Files\tmp570640.exe
2008-04-30 20:43 . 2008-04-30 20:43 5,690 --a------ C:\Program Files\tmp565265.exe
2008-04-30 20:43 . 2008-04-30 20:43 5,690 --a------ C:\Program Files\tmp561453.exe
2008-04-30 20:42 . 2008-04-30 20:42 122,880 --a------ D:\Documents and Settings\All Users\Application Data\ktmrwxcl.dll
2008-04-30 20:42 . 2008-04-30 20:42 122,880 --a------ C:\WINDOWS\system32\tdkykbty.dll
2008-04-30 20:42 . 2008-04-30 20:42 102,400 --a------ C:\WINDOWS\system32\rhyskmrk.exe
2008-04-30 20:42 . 2008-04-30 20:42 18,944 --a------ C:\WINDOWS\system32\drvvej.dll
2008-04-30 20:42 . 2008-04-30 20:42 16,652 --a------ C:\Program Files\tmp513046.exe
2008-04-30 20:41 . 2008-04-30 20:41 102,400 --a------ C:\WINDOWS\system32\mfpylutx.exe
2008-04-30 19:53 . 2008-04-30 19:53 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-30 19:31 . 2008-04-29 05:11 <REP> d-------- C:\SDFix
2008-04-29 13:04 . 2008-04-29 13:04 131 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 12:47 . 2008-04-29 12:49 <REP> d-------- D:\Documents and Settings\All Users\Application Data\avg8
2008-04-29 12:47 . 2008-04-29 12:47 <REP> d-------- C:\Program Files\AVG
2008-04-29 12:46 . 2008-04-29 12:51 262,144 --a------ D:\Documents and Settings\INVIT~1
2008-04-29 11:14 . 2008-04-29 11:14 <REP> dr------- D:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-04-29 11:14 . 2008-04-29 11:21 <REP> d-------- C:\Program Files\ReparateurDeSysteme
2008-04-26 12:46 . 2008-04-26 12:56 <REP> d-------- D:\Documents and Settings\BRICE.HERMELLE\.housecall6.6
2008-04-26 11:13 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-23 11:09 . 2008-04-23 11:10 <REP> d-------- C:\Program Files\VirusEffaceur
2008-04-23 02:48 . 2008-04-30 20:41 109,747 --a------ C:\WINDOWS\BMd7f781b3.xml
2008-04-22 15:50 . 2008-04-22 15:52 4,378 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-22 15:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-22 15:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-22 15:49 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-22 15:49 . 2008-04-22 13:43 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-22 15:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-22 15:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-22 15:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-22 15:44 . 2008-04-22 15:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 15:33 . 2008-04-22 15:33 <REP> d-------- C:\VundoFix Backups
2008-04-22 14:40 . 2008-04-22 14:40 106,496 --a------ D:\Documents and Settings\All Users\Application Data\fifipibo.dll
2008-04-22 14:40 . 2008-04-22 14:40 106,496 --a------ C:\WINDOWS\system32\zgrexbtl.dll
2008-04-21 17:25 . 2008-04-21 17:25 244 --ah----- C:\sqmnoopt07.sqm
2008-04-21 17:25 . 2008-04-21 17:25 232 --ah----- C:\sqmdata07.sqm
2008-04-21 16:34 . 2008-04-21 16:34 244 --ah----- C:\sqmnoopt06.sqm
2008-04-21 16:34 . 2008-04-21 16:34 232 --ah----- C:\sqmdata06.sqm
2008-04-19 21:24 . 2008-04-19 21:24 331 --a------ C:\WINDOWS\doom3.ini
2008-04-19 12:09 . 2008-04-19 21:30 <REP> d-------- C:\Program Files\Doom 3
2008-04-18 12:05 . 2008-04-18 12:05 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-04-18 10:21 . 2008-04-18 10:21 <REP> d-------- C:\WINDOWS\OPTIONS
2008-04-18 10:21 . 2008-04-18 10:21 <REP> d-------- C:\Program Files\Realtek
2008-04-18 10:21 . 2008-02-25 20:54 105,088 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-04-17 18:25 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-11 19:26 . 2008-04-12 12:21 340 --a------ C:\WINDOWS\BeatBox.INI
2008-04-11 19:06 . 2008-04-12 12:21 113 --a------ C:\WINDOWS\musicmaker.INI
2008-04-11 19:02 . 2008-04-11 19:02 <REP> d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2008-04-11 19:01 . 2008-04-11 19:09 <REP> d-------- C:\WINDOWS\system32\MAGIX
2008-04-11 19:01 . 2008-04-11 19:08 <REP> d-------- C:\MAGIX
2008-04-11 19:01 . 2006-09-13 13:44 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-04-11 19:01 . 1998-10-15 17:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-04-11 19:01 . 2008-04-11 19:09 6,423 --a------ C:\WINDOWS\mgxoschk.ini
2008-04-11 12:15 . 2008-04-11 12:15 244 --ah----- C:\sqmnoopt05.sqm
2008-04-11 12:15 . 2008-04-11 12:15 232 --ah----- C:\sqmdata05.sqm
2008-04-10 20:34 . 2008-04-10 20:34 <REP> d-------- C:\Program Files\inKline Global
2008-04-10 18:58 . 2008-04-10 18:58 4,147,544 --a------ C:\Bibi RnB 2.wav
2008-04-07 14:14 . 2008-04-30 10:12 <REP> d-------- D:\Documents and Settings\BRICE.HERMELLE\Application Data\LimeWire
2008-04-07 14:14 . 2008-04-07 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-04-07 04:07 . 2008-04-07 04:07 244 --ah----- C:\sqmnoopt04.sqm
2008-04-07 04:07 . 2008-04-07 04:07 232 --ah----- C:\sqmdata04.sqm
2008-04-06 22:01 . 2008-04-06 22:01 244 --ah----- C:\sqmnoopt03.sqm
2008-04-06 22:01 . 2008-04-06 22:01 232 --ah----- C:\sqmdata03.sqm
2008-04-06 21:55 . 2008-04-06 21:55 244 --ah----- C:\sqmnoopt02.sqm
2008-04-06 21:55 . 2008-04-06 21:55 232 --ah----- C:\sqmdata02.sqm
2008-04-06 17:15 . 2008-04-06 19:50 <REP> d-------- C:\Program Files\UltraISO
2008-04-06 16:40 . 2008-04-06 16:41 24 ---hs---- C:\WINDOWS\S5E35E946.tmp
2008-03-29 07:19 . 2008-02-26 04:59 9,797,632 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-03-29 06:40 . 2008-02-26 04:19 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 05:56 . 2008-02-26 05:02 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 05:56 . 2008-02-26 05:02 126,976 --a------ C:\WINDOWS\system32\Oemdspif.dll
2008-03-29 05:55 . 2008-02-26 05:01 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2008-03-29 05:52 . 2008-02-26 04:58 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2008-03-29 05:36 . 2008-03-29 05:36 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2008-03-29 05:24 . 2008-02-26 04:29 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll
2008-03-29 05:23 . 2008-02-26 04:21 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll
2008-03-29 05:19 . 2008-02-26 04:23 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
2008-03-29 05:18 . 2008-02-26 04:22 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2008-03-23 18:26 . 2008-03-23 18:26 15,344,696 --a------ C:\Bibi rap 1.wav
2008-03-22 23:52 . 2008-03-22 23:52 <REP> d-------- C:\Program Files\NoLimits Enregistr‚
2008-03-22 23:19 . 2008-03-22 23:35 <REP> d-------- C:\Games
2008-03-22 17:24 . 2008-03-22 17:24 <REP> d-------- D:\Documents and Settings\LocalService\Bureau
2008-03-22 16:46 . 2008-03-22 16:46 <REP> d-------- D:\Documents and Settings\Jean Claude.HERMELLE\Application Data\Talkback
2008-03-22 12:57 . 2008-03-22 12:57 <REP> d-------- C:\Program Files\BeWAN ADSL V1.9.0.10
2008-03-22 12:56 . 2008-03-22 12:56 <REP> d-------- C:\ADSL
2008-03-21 17:57 . 2008-03-21 17:57 <REP> d-------- D:\Documents and Settings\BRICE.HERMELLE\Application Data\AutoTransfer
2008-03-14 22:04 . 2008-03-14 22:04 <REP> d-------- C:\Temporaire
2008-03-13 20:12 . 2008-03-13 20:12 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-06 16:40 . 2008-02-14 19:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-03-03 15:41 . 2008-03-03 15:45 5,732,120 --a------ C:\test 1.wav

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 16:27 --------- d-----w C:\Program Files\ATI Technologies
2008-04-13 09:35 --------- d-----w C:\Program Files\Everest Poker
2008-04-12 16:45 --------- d-----w C:\Program Files\Finale 2003a FR
2008-04-11 10:09 --------- d-----w C:\Program Files\Tele2
2008-04-10 17:37 --------- d-----w C:\Program Files\SlySoft
2008-04-07 12:23 --------- d-----w C:\Program Files\EA GAMES
2008-04-05 11:24 --------- d-----w C:\Program Files\Image-Line
2008-04-05 11:22 --------- d-----w C:\Program Files\Remote Control Pro
2008-04-05 11:02 --------- d-----w C:\Program Files\Time of War
2008-04-05 11:02 --------- d-----w C:\Program Files\epson
2008-04-05 11:02 --------- d-----w C:\Program Files\DicoRime
2008-04-04 16:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-31 07:56 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 07:56 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:52 --------- d-----w C:\Program Files\NoLimits Enregistré
2008-03-16 15:28 --------- d-----w C:\Program Files\Chevaliers&Camelots
2008-03-16 09:45 --------- d-----w C:\Program Files\Google
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{027E57EC-5426-ED47-479E-041897689CA1}]
2008-04-30 20:42 122880 --a------ C:\WINDOWS\system32\tdkykbty.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D699711-8461-B5F6-F603-0A967BF810D2}]
2008-04-22 14:40 106496 --a------ C:\WINDOWS\system32\zgrexbtl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93F4E8CF-9DBB-4571-B53A-EAFE30C306E2}]
C:\WINDOWS\system32\qoMGAqnK.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 16:21 68856]
"DU Meter"="C:\WINDOWS\system32\DUMeter.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 14:03 310272]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-05-10 17:37 286720]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [ ]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [ ]
"F-Secure Manager"="C:\Program Files\Tele2\Common\FSM32.exe" [2006-04-02 03:19 184369]
"F-Secure Startup Wizard"="C:\Program Files\Tele2\FSGUI\FSSW.exe" [2006-06-14 22:12 724992]
"F-Secure TNB"="C:\Program Files\Tele2\FSGUI\TNBUtil.exe" [2006-06-14 22:12 671744]
"AMD_Display"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-21 22:38 185632]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"vljwqixz"="C:\WINDOWS\system32\vljwqixz.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2005-12-20 13:19 98352]
"mfpylutx"="C:\WINDOWS\system32\mfpylutx.exe" [2008-04-30 20:41 102400]
"MSDisp32"="C:\WINDOWS\system32\drvvej.dll" [2008-04-30 20:42 18944]
"rhyskmrk"="C:\WINDOWS\system32\rhyskmrk.exe" [2008-04-30 20:42 102400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 16:21 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"AzVxoAtKAc"= C:\WINDOWS\TEMP\win32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Tele2\\backweb\\2338637\\Program\\fspex.exe"= C:\\Program Files\\Tele2\\backweb\\2338637\\program\\fspex.exe
"C:\\WINDOWS\\system32\\winver.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 BackWeb Plug-in - 2338637;Pack Sécurité TELE2 Internet;C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE [2007-09-17 11:18]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 13:51]
S2 RCPServer;Remote Control Pro;C:\Program Files\Remote Control Pro\rcpserver.exe []
S3 iatmunin;iatmunin;D:\DOCUME~1\BRICE~1.HER\LOCALS~1\Temp\iatmunin.sys []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-30 19:00:00 C:\WINDOWS\Tasks\A2D0FA8391876D47.job"
- d:\docume~1\bibi~1.her\applic~1\slowbags\Dvd Download Tool.exe
"2008-04-30 08:50:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 21:06:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 450

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Tele2\backweb\2338637\Program\fsbwsys.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Tele2\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\APPS\ABOARD\AOSD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-30 21:10:35 - machine was rebooted [BRICE]
ComboFix-quarantined-files.txt 2008-04-30 19:10:30

Pre-Run: 5,224,894,464 octets libres
Post-Run: 5,100,212,224 octets libres

379 --- E O F --- 2008-04-19 07:57:42
Back to top
Bruce Lee
Administrateur

Offline

Joined: 15 Mar 2007
Posts: 1,240
Point(s): 0
Moyenne de points: 0.00
PostPosted: 30/04/2008 22:03:02    Post subject: infection vundo Reply with quote
Re,

Démarrer/panneau de configuration/ajout et suppression de programmes et vérifie la présence de:

PC-Antispyware

Si ce programme est présent désinstalle-le.


1/ Ouvre le Bloc-notes ( Menu Démarrer\Tous les programmes\Accessoires\Bloc-notes)

2/ Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :

Quote:
File::
C:\WINDOWS\BMd7f781b3.xml
C:\Program Files\tmp570640.exe
C:\Program Files\tmp565265.exe
C:\Program Files\tmp561453.exe
D:\Documents and Settings\All Users\Application Data\ktmrwxcl.dll
C:\WINDOWS\system32\tdkykbty.dll
C:\WINDOWS\system32\rhyskmrk.exe
C:\WINDOWS\system32\drvvej.dll
C:\Program Files\tmp513046.exe
C:\WINDOWS\system32\mfpylutx.exe
D:\Documents and Settings\All Users\Application Data\fifipibo.dll
C:\WINDOWS\system32\zgrexbtl.dll
C:\WINDOWS\system32\qoMGAqnK.dll
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\WINDOWS\S5E35E946.tmp
C:\Bibi rap 1.wav
C:\test 1.wav
C:\WINDOWS\TEMP\win32.exe
C:\WINDOWS\Tasks\A2D0FA8391876D47.job
Folder::
C:\WINDOWS\system32\172135
C:\WINDOWS\system32\609856
C:\Program Files\PC-Antispyware
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{027E57EC-5426-ED47-479E-041897689CA1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D699711-8461-B5F6-F603-0A967BF810D2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93F4E8CF-9DBB-4571-B53A-EAFE30C306E2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vljwqixz"=-
"mfpylutx"=-
"MSDisp32"=-
"rhyskmrk"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"AzVxoAtKAc"=-


-Enregistre ce fichier dans: Bureau
-Nom du fichier : CFScript
-Type du fichier : tous les fichiers
-clique sur Enregistrer
-quitte le Bloc Notes


[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Télécharger Malwarebytes' Anti-Malware depuis http://www.besttechie.net/tools/mbam-setup.exe
Enregistrer ce fichier sur le Bureau.
Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les

options par défaut).
Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware",

puis cliquer sur le bouton "Terminer".

Désactiver le module résident de ton antivirus.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel

pour analyser des fichiers (clic droit)".
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen complet" puis cliquer sur le

bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche, puis cliquer sur le bouton "Afficher les résultats".
Vérifier que toutes les lignes sont cochées.
Cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.

Poste le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le

dossier d'installation de Malwarebytes' Anti-Malware / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure

[hh-mn-ss])
_________________
ttt
Back to top
chevreuil59112


Offline

Joined: 29 Apr 2008
Posts: 16
Point(s): 0
Moyenne de points: 0.00
PostPosted: 30/04/2008 22:46:10    Post subject: infection vundo Reply with quote
Encore merci de me repondre aussi rapidement, voila le rapport de CFScript :

( mise à part que je n'ai pas eu la fenêtre bleue avec le message : Type 1 to continue, or 2 to abort )



ComboFix 08-04-29.5 - BRICE 2008-04-30 22:39:41.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1393 [GMT 2:00]
Endroit: D:\Documents and Settings\Jean Claude.HERMELLE\Mes documents\ComboFix.exe
Command switches used :: D:\Documents and Settings\Jean Claude.HERMELLE\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Bibi rap 1.wav
C:\Program Files\tmp513046.exe
C:\Program Files\tmp561453.exe
C:\Program Files\tmp565265.exe
C:\Program Files\tmp570640.exe
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\test 1.wav
C:\WINDOWS\BMd7f781b3.xml
C:\WINDOWS\S5E35E946.tmp
C:\WINDOWS\system32\drvvej.dll
C:\WINDOWS\system32\mfpylutx.exe
C:\WINDOWS\system32\qoMGAqnK.dll
C:\WINDOWS\system32\rhyskmrk.exe
C:\WINDOWS\system32\tdkykbty.dll
C:\WINDOWS\system32\zgrexbtl.dll
C:\WINDOWS\Tasks\A2D0FA8391876D47.job
C:\WINDOWS\TEMP\win32.exe
D:\Documents and Settings\All Users\Application Data\fifipibo.dll
D:\Documents and Settings\All Users\Application Data\ktmrwxcl.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Bibi rap 1.wav
C:\Program Files\tmp513046.exe
C:\Program Files\tmp561453.exe
C:\Program Files\tmp565265.exe
C:\Program Files\tmp570640.exe
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\test 1.wav
C:\WINDOWS\BMd7f781b3.xml
C:\WINDOWS\S5E35E946.tmp
C:\WINDOWS\system32\172135
C:\WINDOWS\system32\609856
C:\WINDOWS\system32\drvvej.dll
C:\WINDOWS\system32\mfpylutx.exe
C:\WINDOWS\system32\rhyskmrk.exe
C:\WINDOWS\system32\tdkykbty.dll
C:\WINDOWS\system32\zgrexbtl.dll
C:\WINDOWS\Tasks\A2D0FA8391876D47.job
D:\Documents and Settings\All Users\Application Data\fifipibo.dll
D:\Documents and Settings\All Users\Application Data\ktmrwxcl.dll
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.protected
D:\Documents and Settings\Jean Claude.HERMELLE\Bureau\WinIFixer.lnk

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-30 ))))))))))))))))))))))))))))))))))))
.

2008-04-30 20:43 . 2008-04-30 20:43 <REP> d-------- C:\Program Files\IE Extensions
2008-04-30 19:53 . 2008-04-30 19:53 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-30 19:31 . 2008-04-29 05:11 <REP> d-------- C:\SDFix
2008-04-29 13:04 . 2008-04-29 13:04 131 --a------ C:\WINDOWS\ODBC.INI
2008-04-29 12:47 . 2008-04-29 12:49 <REP> d-------- D:\Documents and Settings\All Users\Application Data\avg8
2008-04-29 12:47 . 2008-04-29 12:47 <REP> d-------- C:\Program Files\AVG
2008-04-29 12:46 . 2008-04-29 12:51 262,144 --a------ D:\Documents and Settings\INVIT~1
2008-04-29 11:14 . 2008-04-29 11:14 <REP> dr------- D:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-04-29 11:14 . 2008-04-29 11:21 <REP> d-------- C:\Program Files\ReparateurDeSysteme
2008-04-26 12:46 . 2008-04-26 12:56 <REP> d-------- D:\Documents and Settings\BRICE.HERMELLE\.housecall6.6
2008-04-26 11:13 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-23 11:09 . 2008-04-23 11:10 <REP> d-------- C:\Program Files\VirusEffaceur
2008-04-22 15:50 . 2008-04-22 15:52 4,378 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-22 15:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-22 15:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-22 15:49 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-22 15:49 . 2008-04-22 13:43 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-22 15:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-22 15:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-22 15:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-22 15:44 . 2008-04-22 15:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-22 15:33 . 2008-04-22 15:33 <REP> d-------- C:\VundoFix Backups
2008-04-19 21:24 . 2008-04-19 21:24 331 --a------ C:\WINDOWS\doom3.ini
2008-04-19 12:09 . 2008-04-19 21:30 <REP> d-------- C:\Program Files\Doom 3
2008-04-18 12:05 . 2008-04-18 12:05 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-04-18 10:21 . 2008-04-18 10:21 <REP> d-------- C:\WINDOWS\OPTIONS
2008-04-18 10:21 . 2008-04-18 10:21 <REP> d-------- C:\Program Files\Realtek
2008-04-18 10:21 . 2008-02-25 20:54 105,088 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-04-17 18:25 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-11 19:26 . 2008-04-12 12:21 340 --a------ C:\WINDOWS\BeatBox.INI
2008-04-11 19:06 . 2008-04-12 12:21 113 --a------ C:\WINDOWS\musicmaker.INI
2008-04-11 19:02 . 2008-04-11 19:02 <REP> d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2008-04-11 19:01 . 2008-04-11 19:09 <REP> d-------- C:\WINDOWS\system32\MAGIX
2008-04-11 19:01 . 2008-04-11 19:08 <REP> d-------- C:\MAGIX
2008-04-11 19:01 . 2006-09-13 13:44 643,072 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-04-11 19:01 . 1998-10-15 17:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-04-11 19:01 . 2008-04-11 19:09 6,423 --a------ C:\WINDOWS\mgxoschk.ini
2008-04-10 20:34 . 2008-04-10 20:34 <REP> d-------- C:\Program Files\inKline Global
2008-04-10 18:58 . 2008-04-10 18:58 4,147,544 --a------ C:\Bibi RnB 2.wav
2008-04-07 14:14 . 2008-04-30 10:12 <REP> d-------- D:\Documents and Settings\BRICE.HERMELLE\Application Data\LimeWire
2008-04-07 14:14 . 2008-04-07 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-04-06 17:15 . 2008-04-06 19:50 <REP> d-------- C:\Program Files\UltraISO
2008-03-29 07:19 . 2008-02-26 04:59 9,797,632 --a------ C:\WINDOWS\system32\atioglx2.dll
2008-03-29 06:40 . 2008-02-26 04:19 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll
2008-03-29 05:56 . 2008-02-26 05:02 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll
2008-03-29 05:56 . 2008-02-26 05:02 126,976 --a--