Version anglaiseVersion espagnoleVersion françaiseInscrivez-vous, c'est gratuit ! (mot de passe oublié)
- Dimanche 27 juillet 2008 - 00:44:16
- inscrits : 891189
- connectés : 19146
- questions/jour : 3938
- Taux de réponse : 84.21%
Aide pour le rapport hijackthis Analyse rapports hijackthis en ligne Apprendre a lire un rapport hijackthis Comment dechiffrer un rapport hijackthis Connection internet impossible rapport hijackthis Decrypter hijackthis rapport Déchiffrer rapport hijackthis Décrypter un rapport hijackthis Hijackthi rapport Lecture rapport hijackthis Les erreur dans les rapport hijackthis Les métiers qui rapportent Ligne bo rapport hijackthis Lire un rapport hijackthis Mon rapport hijackthis Page de garde rapport de stage Pop up cid lire rapport hijackthis Rapport de stage Rapport de stage ouvrier Rapport de stage secrétariat Rapport hijackthis Sommaire rapport de stage Toolbar dans rapport hijackthis Tuto hijackthis rapport Tutorial rapport hijackthis Urlsearchhook dans rapport hijackthisPlus
Ils ont besoin de votre aide
- 00:43 animation 3ds max comment l'enregistrer (Logiciels/Pilotes)
- 00:43 nouveau virus sur msn ???? (Messagerie/Chat)
- 00:43 regarder une vidéo sur internet avec... (Internet)
- 00:42 Mettre son plexiglass soit mème sur... (Matériel/Hardware)
- 00:41 débloquer un nokia N70 (Logiciels/Pilotes)
- 00:41 Deux sim en simultané (Téléphonie/PDA/GPS)
Liste des forumsAidez-lesStatistiquesRechercherCharte
Plateformes d'assistanceDiscussions & Opinions des Communautés
|
|
|
|
Statut : Résolu
Posté par 
Jigsaw, le jeudi 7 février 2008 à 19:34:31
Rapport Vundofix+Hijackthis ke faire ensuite?
Posté par Jigsaw, le jeudi 7 février 2008 à 19:34:31Bonjour,
Voilà je pense avoir le trojan vundo du coup je viens de faire Vundofix dont voici le rapport ainsi qu'un nouveau rapport Hijackthis suite au premier, mais que dois-je faire ensuite ? "Fix checked" mais quelles lignes ??? Merci de votre aide :
Rapport Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 12:49:21 04/02/2008
Listing files found while scanning....
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
C:\windows\system32\aqcbpwcs.dll
C:\WINDOWS\system32\dpesvnvq.exe
C:\WINDOWS\system32\evtllpvk.ini
C:\WINDOWS\system32\iryyqqjo.dll
C:\WINDOWS\system32\iysxvkhf.exe
C:\WINDOWS\system32\jmousdon.dll
C:\WINDOWS\system32\kvplltve.dll
C:\WINDOWS\system32\mdrkkpse.dll
C:\WINDOWS\system32\mlqwpsrw.dll
C:\windows\system32\mlqwpsrw.dllbox
C:\WINDOWS\system32\mwalbjah.dll
C:\WINDOWS\system32\NexPlayerX.dll
C:\WINDOWS\system32\obwisewm.dll
C:\WINDOWS\system32\qarnkqku.dll
C:\WINDOWS\system32\qbipuruy.dll
C:\WINDOWS\system32\qbqpanmb.dll
C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\scyprwwa.dll
C:\WINDOWS\system32\slwgucpj.dll
C:\WINDOWS\system32\veydphbm.dll
C:\WINDOWS\system32\xwwbqpko.exe
C:\WINDOWS\system32\yansfgwu.dll
C:\WINDOWS\system32\yugmospl.dll
Beginning removal...
Attempting to delete C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe Has been deleted!
Attempting to delete C:\windows\system32\aqcbpwcs.dll
C:\windows\system32\aqcbpwcs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dpesvnvq.exe
C:\WINDOWS\system32\dpesvnvq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\evtllpvk.ini
C:\WINDOWS\system32\evtllpvk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iryyqqjo.dll
C:\WINDOWS\system32\iryyqqjo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iysxvkhf.exe
C:\WINDOWS\system32\iysxvkhf.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jmousdon.dll
C:\WINDOWS\system32\jmousdon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kvplltve.dll
C:\WINDOWS\system32\kvplltve.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdrkkpse.dll
C:\WINDOWS\system32\mdrkkpse.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlqwpsrw.dll
C:\WINDOWS\system32\mlqwpsrw.dll Could not be deleted.
Attempting to delete C:\windows\system32\mlqwpsrw.dllbox
C:\windows\system32\mlqwpsrw.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwalbjah.dll
C:\WINDOWS\system32\mwalbjah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\NexPlayerX.dll
C:\WINDOWS\system32\NexPlayerX.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\obwisewm.dll
C:\WINDOWS\system32\obwisewm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qarnkqku.dll
C:\WINDOWS\system32\qarnkqku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qbipuruy.dll
C:\WINDOWS\system32\qbipuruy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qbqpanmb.dll
C:\WINDOWS\system32\qbqpanmb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\qomnl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\scyprwwa.dll
C:\WINDOWS\system32\scyprwwa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\slwgucpj.dll
C:\WINDOWS\system32\slwgucpj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\veydphbm.dll
C:\WINDOWS\system32\veydphbm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xwwbqpko.exe
C:\WINDOWS\system32\xwwbqpko.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yansfgwu.dll
C:\WINDOWS\system32\yansfgwu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yugmospl.dll
C:\WINDOWS\system32\yugmospl.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.8
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 18:46:52 07/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\gjmfycsx.dll
C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\lnmoq.ini2
C:\WINDOWS\system32\mlqwpsrw.dll
C:\windows\system32\mlqwpsrw.dllbox
C:\WINDOWS\system32\ooqjlmyc.dll
C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\roblibcr.dll
C:\WINDOWS\system32\xyvyvpvk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gjmfycsx.dll
C:\WINDOWS\system32\gjmfycsx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\lnmoq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lnmoq.ini2
C:\WINDOWS\system32\lnmoq.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlqwpsrw.dll
C:\WINDOWS\system32\mlqwpsrw.dll Could not be deleted.
Attempting to delete C:\windows\system32\mlqwpsrw.dllbox
C:\windows\system32\mlqwpsrw.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\ooqjlmyc.dll
C:\WINDOWS\system32\ooqjlmyc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\qomnl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\roblibcr.dll
C:\WINDOWS\system32\roblibcr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyvyvpvk.dll
C:\WINDOWS\system32\xyvyvpvk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:44, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\qomnl.exe
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {143CEC6F-CEA3-478A-BC59-F15D278E1768} - C:\WINDOWS\system32\qomnl.dll (file missing)
O2 - BHO: (no name) - {1FDFB8C1-4079-4094-B1BD-BAB36BE11E1b} - C:\WINDOWS\system32\aqcbpwcs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: {de8976bf-4444-af88-8fd4-81e9c7b8263a} - {a3628b7c-9e18-4df8-88fa-4444fb6798ed} - C:\WINDOWS\system32\ooqjlmyc.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mlqwpsrw.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [d4fbde05] rundll32.exe "C:\WINDOWS\system32\roblibcr.dll",b
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\RunOnce: [CleanUp] CleanUp.exe
O4 - HKLM\..\RunOnce: [SpkrCnfg] DSndUp.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{F0A37~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{F0A37~1\reboot.ini
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\de poortere\Bureau\vundofix.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [speakersettings] regedit /s c:\pnp\audio\speaker_setting.reg
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: gebxxus - gebxxus.dll (file missing)
O20 - Winlogon Notify: mlqwpsrw - C:\WINDOWS\SYSTEM32\mlqwpsrw.dll
O20 - Winlogon Notify: winblg32 - winblg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qugugrbo.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
End of file - 8776 bytes
Voilà je pense avoir le trojan vundo du coup je viens de faire Vundofix dont voici le rapport ainsi qu'un nouveau rapport Hijackthis suite au premier, mais que dois-je faire ensuite ? "Fix checked" mais quelles lignes ??? Merci de votre aide :
Rapport Vundofix :
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 12:49:21 04/02/2008
Listing files found while scanning....
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
C:\windows\system32\aqcbpwcs.dll
C:\WINDOWS\system32\dpesvnvq.exe
C:\WINDOWS\system32\evtllpvk.ini
C:\WINDOWS\system32\iryyqqjo.dll
C:\WINDOWS\system32\iysxvkhf.exe
C:\WINDOWS\system32\jmousdon.dll
C:\WINDOWS\system32\kvplltve.dll
C:\WINDOWS\system32\mdrkkpse.dll
C:\WINDOWS\system32\mlqwpsrw.dll
C:\windows\system32\mlqwpsrw.dllbox
C:\WINDOWS\system32\mwalbjah.dll
C:\WINDOWS\system32\NexPlayerX.dll
C:\WINDOWS\system32\obwisewm.dll
C:\WINDOWS\system32\qarnkqku.dll
C:\WINDOWS\system32\qbipuruy.dll
C:\WINDOWS\system32\qbqpanmb.dll
C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\scyprwwa.dll
C:\WINDOWS\system32\slwgucpj.dll
C:\WINDOWS\system32\veydphbm.dll
C:\WINDOWS\system32\xwwbqpko.exe
C:\WINDOWS\system32\yansfgwu.dll
C:\WINDOWS\system32\yugmospl.dll
Beginning removal...
Attempting to delete C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe Has been deleted!
Attempting to delete C:\windows\system32\aqcbpwcs.dll
C:\windows\system32\aqcbpwcs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dpesvnvq.exe
C:\WINDOWS\system32\dpesvnvq.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\evtllpvk.ini
C:\WINDOWS\system32\evtllpvk.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\iryyqqjo.dll
C:\WINDOWS\system32\iryyqqjo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\iysxvkhf.exe
C:\WINDOWS\system32\iysxvkhf.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\jmousdon.dll
C:\WINDOWS\system32\jmousdon.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\kvplltve.dll
C:\WINDOWS\system32\kvplltve.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mdrkkpse.dll
C:\WINDOWS\system32\mdrkkpse.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlqwpsrw.dll
C:\WINDOWS\system32\mlqwpsrw.dll Could not be deleted.
Attempting to delete C:\windows\system32\mlqwpsrw.dllbox
C:\windows\system32\mlqwpsrw.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwalbjah.dll
C:\WINDOWS\system32\mwalbjah.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\NexPlayerX.dll
C:\WINDOWS\system32\NexPlayerX.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\obwisewm.dll
C:\WINDOWS\system32\obwisewm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qarnkqku.dll
C:\WINDOWS\system32\qarnkqku.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qbipuruy.dll
C:\WINDOWS\system32\qbipuruy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qbqpanmb.dll
C:\WINDOWS\system32\qbqpanmb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\qomnl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\scyprwwa.dll
C:\WINDOWS\system32\scyprwwa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\slwgucpj.dll
C:\WINDOWS\system32\slwgucpj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\veydphbm.dll
C:\WINDOWS\system32\veydphbm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xwwbqpko.exe
C:\WINDOWS\system32\xwwbqpko.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\yansfgwu.dll
C:\WINDOWS\system32\yansfgwu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yugmospl.dll
C:\WINDOWS\system32\yugmospl.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.7.8
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 18:46:52 07/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\gjmfycsx.dll
C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\lnmoq.ini2
C:\WINDOWS\system32\mlqwpsrw.dll
C:\windows\system32\mlqwpsrw.dllbox
C:\WINDOWS\system32\ooqjlmyc.dll
C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\roblibcr.dll
C:\WINDOWS\system32\xyvyvpvk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gjmfycsx.dll
C:\WINDOWS\system32\gjmfycsx.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\lnmoq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\lnmoq.ini2
C:\WINDOWS\system32\lnmoq.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlqwpsrw.dll
C:\WINDOWS\system32\mlqwpsrw.dll Could not be deleted.
Attempting to delete C:\windows\system32\mlqwpsrw.dllbox
C:\windows\system32\mlqwpsrw.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\ooqjlmyc.dll
C:\WINDOWS\system32\ooqjlmyc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.dll
C:\WINDOWS\system32\qomnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qomnl.exe
C:\WINDOWS\system32\qomnl.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\roblibcr.dll
C:\WINDOWS\system32\roblibcr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xyvyvpvk.dll
C:\WINDOWS\system32\xyvyvpvk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:44, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\qomnl.exe
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {143CEC6F-CEA3-478A-BC59-F15D278E1768} - C:\WINDOWS\system32\qomnl.dll (file missing)
O2 - BHO: (no name) - {1FDFB8C1-4079-4094-B1BD-BAB36BE11E1b} - C:\WINDOWS\system32\aqcbpwcs.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: {de8976bf-4444-af88-8fd4-81e9c7b8263a} - {a3628b7c-9e18-4df8-88fa-4444fb6798ed} - C:\WINDOWS\system32\ooqjlmyc.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mlqwpsrw.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [d4fbde05] rundll32.exe "C:\WINDOWS\system32\roblibcr.dll",b
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com
O4 - HKLM\..\RunOnce: [CleanUp] CleanUp.exe
O4 - HKLM\..\RunOnce: [SpkrCnfg] DSndUp.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{F0A37~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{F0A37~1\reboot.ini
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\de poortere\Bureau\vundofix.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [speakersettings] regedit /s c:\pnp\audio\speaker_setting.reg
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: gebxxus - gebxxus.dll (file missing)
O20 - Winlogon Notify: mlqwpsrw - C:\WINDOWS\SYSTEM32\mlqwpsrw.dll
O20 - Winlogon Notify: winblg32 - winblg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing)
O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qugugrbo.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
End of file - 8776 bytes
Configuration: Windows XP Internet Explorer 6.0
Re !!!!
Je viens de lancer "Virtumundobegone" dont voici le rapport : (Quelqu'un peut-il me venir en aide S'IL VOUS PLAIT !!!!!) : [02/07/2008, 20:03:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\de poortere\Bureau\VirtumundoBeGone.exe" ) [02/07/2008, 20:04:00] - Detected System Information: [02/07/2008, 20:04:00] - Windows Version: 5.1.2600, Service Pack 2 [02/07/2008, 20:04:00] - Current Username: de poortere (Admin) [02/07/2008, 20:04:00] - Windows is in SAFE mode. [02/07/2008, 20:04:00] - Searching for Browser Helper Objects: [02/07/2008, 20:04:00] - BHO 1: {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - No filename found. Continuing. [02/07/2008, 20:04:00] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [02/07/2008, 20:04:00] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/07/2008, 20:04:00] - BHO 4: {143CEC6F-CEA3-478A-BC59-F15D278E1768} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - Checking for HKLM\...\Winlogon\Notify\qomnl [02/07/2008, 20:04:00] - Key not found: HKLM\...\Winlogon\Notify\qomnl, continuing. [02/07/2008, 20:04:00] - BHO 5: {1FDFB8C1-4079-4094-B1BD-BAB36BE11E1b} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - Checking for HKLM\...\Winlogon\Notify\aqcbpwcs [02/07/2008, 20:04:00] - Key not found: HKLM\...\Winlogon\Notify\aqcbpwcs, continuing. [02/07/2008, 20:04:00] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/07/2008, 20:04:00] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/07/2008, 20:04:00] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - No filename found. Continuing. [02/07/2008, 20:04:00] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/07/2008, 20:04:00] - BHO 10: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - No filename found. Continuing. [02/07/2008, 20:04:00] - BHO 11: {a3628b7c-9e18-4df8-88fa-4444fb6798ed} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - Checking for HKLM\...\Winlogon\Notify\ooqjlmyc [02/07/2008, 20:04:00] - Key not found: HKLM\...\Winlogon\Notify\ooqjlmyc, continuing. [02/07/2008, 20:04:00] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - Checking for HKLM\...\Winlogon\Notify\mlqwpsrw [02/07/2008, 20:04:00] - Found: HKLM\...\Winlogon\Notify\mlqwpsrw - This is probably Virtumundo. [02/07/2008, 20:04:00] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object [02/07/2008, 20:04:00] - BHO list has been changed! Starting over... [02/07/2008, 20:04:00] - BHO 1: {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - No filename found. Continuing. [02/07/2008, 20:04:00] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [02/07/2008, 20:04:00] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/07/2008, 20:04:00] - BHO 4: {143CEC6F-CEA3-478A-BC59-F15D278E1768} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - Checking for HKLM\...\Winlogon\Notify\qomnl [02/07/2008, 20:04:00] - Key not found: HKLM\...\Winlogon\Notify\qomnl, continuing. [02/07/2008, 20:04:00] - BHO 5: {1FDFB8C1-4079-4094-B1BD-BAB36BE11E1b} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - Checking for HKLM\...\Winlogon\Notify\aqcbpwcs [02/07/2008, 20:04:00] - Key not found: HKLM\...\Winlogon\Notify\aqcbpwcs, continuing. [02/07/2008, 20:04:00] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/07/2008, 20:04:00] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/07/2008, 20:04:00] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - No filename found. Continuing. [02/07/2008, 20:04:00] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/07/2008, 20:04:00] - BHO 10: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - No filename found. Continuing. [02/07/2008, 20:04:00] - BHO 11: {a3628b7c-9e18-4df8-88fa-4444fb6798ed} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - Checking for HKLM\...\Winlogon\Notify\ooqjlmyc [02/07/2008, 20:04:00] - Key not found: HKLM\...\Winlogon\Notify\ooqjlmyc, continuing. [02/07/2008, 20:04:00] - BHO 12: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object) [02/07/2008, 20:04:00] - ALERT: Found MSEvents Object! [02/07/2008, 20:04:00] - BHO 13: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} () [02/07/2008, 20:04:00] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:00] - No filename found. Continuing. [02/07/2008, 20:04:00] - Finished Searching Browser Helper Objects [02/07/2008, 20:04:00] - *** Detected MSEvents Object [02/07/2008, 20:04:00] - Trying to remove MSEvents Object... [02/07/2008, 20:04:01] - Terminating Process: IEXPLORE.EXE [02/07/2008, 20:04:02] - Terminating Process: RUNDLL32.EXE [02/07/2008, 20:04:02] - Disabling Automatic Shell Restart [02/07/2008, 20:04:02] - Terminating Process: EXPLORER.EXE [02/07/2008, 20:04:03] - Suspending the NT Session Manager System Service [02/07/2008, 20:04:03] - Terminating Windows NT Logon/Logoff Manager [02/07/2008, 20:04:03] - Re-enabling Automatic Shell Restart [02/07/2008, 20:04:03] - File to disable: C:\WINDOWS\system32\mlqwpsrw.dll [02/07/2008, 20:04:03] - Renaming C:\WINDOWS\system32\mlqwpsrw.dll -> C:\WINDOWS\system32\mlqwpsrw.dll.vir [02/07/2008, 20:04:04] - File successfully renamed! [02/07/2008, 20:04:04] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} [02/07/2008, 20:04:04] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A} [02/07/2008, 20:04:04] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A} [02/07/2008, 20:04:04] - Deleting ATLEvents/MSEvents Registry entries [02/07/2008, 20:04:04] - Removing HKLM\...\Winlogon\Notify\mlqwpsrw [02/07/2008, 20:04:04] - Searching for Browser Helper Objects: [02/07/2008, 20:04:04] - BHO 1: {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} () [02/07/2008, 20:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:04] - No filename found. Continuing. [02/07/2008, 20:04:04] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [02/07/2008, 20:04:04] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/07/2008, 20:04:04] - BHO 4: {143CEC6F-CEA3-478A-BC59-F15D278E1768} () [02/07/2008, 20:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:04] - Checking for HKLM\...\Winlogon\Notify\qomnl [02/07/2008, 20:04:04] - Key not found: HKLM\...\Winlogon\Notify\qomnl, continuing. [02/07/2008, 20:04:04] - BHO 5: {1FDFB8C1-4079-4094-B1BD-BAB36BE11E1b} () [02/07/2008, 20:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:04] - Checking for HKLM\...\Winlogon\Notify\aqcbpwcs [02/07/2008, 20:04:04] - Key not found: HKLM\...\Winlogon\Notify\aqcbpwcs, continuing. [02/07/2008, 20:04:04] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [02/07/2008, 20:04:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [02/07/2008, 20:04:04] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [02/07/2008, 20:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:04] - No filename found. Continuing. [02/07/2008, 20:04:04] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/07/2008, 20:04:04] - BHO 10: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} () [02/07/2008, 20:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:04] - No filename found. Continuing. [02/07/2008, 20:04:04] - BHO 11: {a3628b7c-9e18-4df8-88fa-4444fb6798ed} () [02/07/2008, 20:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:04] - Checking for HKLM\...\Winlogon\Notify\ooqjlmyc [02/07/2008, 20:04:04] - Key not found: HKLM\...\Winlogon\Notify\ooqjlmyc, continuing. [02/07/2008, 20:04:04] - BHO 12: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} () [02/07/2008, 20:04:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/07/2008, 20:04:04] - No filename found. Continuing. [02/07/2008, 20:04:04] - Finished Searching Browser Helper Objects [02/07/2008, 20:04:04] - Finishing up... [02/07/2008, 20:04:04] - A restart is needed. [02/07/2008, 20:04:18] - Attempting to Restart via STOP error (Blue Screen!) |
SVP Que dois-je faire pour me débarasser de cette M**** !!!!!! |
Et toujours personne pour m'aider !!!! |
Génies de l'informatique venez à mon aide SVP !!!!! Merci |
Salut !
Laisse nous le temps d'analyser tout ça.... Premiere chose, ton Anti virus est encore là ? Regarde s'il est activé . Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". F3 - REG:win.ini: load=C:\WINDOWS\system32\qomnl.exe O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {143CEC6F-CEA3-478A-BC59-F15D278E1768} - C:\WINDOWS\system32\qomnl.dll (file missing) O2 - BHO: (no name) - {1FDFB8C1-4079-4094-B1BD-BAB36BE11E1b} - C:\WINDOWS\system32\aqcbpwcs.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: {de8976bf-4444-af88-8fd4-81e9c7b8263a} - {a3628b7c-9e18-4df8-88fa-4444fb6798ed} - C:\WINDOWS\system32\ooqjlmyc.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mlqwpsrw.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) Comment fixer les lignes <---- voir ici Générer un rapport <----- voir ici refais tourner Vundofix encore une fois aprés avoir fixé les lignes plus haut ! ---------------------------------------------------------------------------------------------- tu as là une belle collection, je regarde la prochaine manip' et je demande un coup de main, il faut etre patient... @ + (00) _llll_ The Punisher is watching ................... !!! |
Alléluia, manque de patience de ma part je reconnais, mais je desespère totalement !!!!!! Merci INFINIMENT pour cette réponse |
Concernant l'antivirus j'ai jeté ... J'avais Kapersky mais je le réinstalle après (se peut-il qu'un antivirus soit contaminé? C'est l'idée que je m'étais ancré en tête) ???!!!! Bon je "Fix checked les lignes que tu m'as désigné .... Merci pour ton aide !!!!
|
je ne promet rien, j'ai lancé un appel dans mon entourage car il faudra des bons pour nous aider !
Ce n'est pas la peine de paniquer... Verifie que ton ANTIVIRUS soit activé ( j'ai peur que non ), fais la manip' proposée, je prépare la suite... Rend toi sur ce site : http://www.virustotal.com/xhtml/virustotal_en.html Clik sur parcourir et recherche ces fichiers : C:\WINDOWS\system32\qomnl.exe C:\WINDOWS\system32\roblibcr.dll",b C:\WINDOWS\SYSTEM32\mlqwpsrw.dll Clik send et colle le rapport stp ! @ suivre...... (00) _llll_ The Punisher is watching ................... !!!
|
Ok donc voici le nouveau rapport Vundofix :
C:\WINDOWS\system32\mlqwpsrw.dll C:\windows\system32\mlqwpsrw.dllbox Beginning removal... Attempting to delete C:\windows\system32\mlqwpsrw.dllbox C:\windows\system32\mlqwpsrw.dllbox Has been deleted! Performing Repairs to the registry. Done |
OK, une bonne chose de faite ! Fais ce qui suit !
Fais un clic droit sur hijackthis, choisis "renommer" marque (tu écris) : ccm.exe Pourquoi renommer Hijackthis ? Parce que certaines infections Vundo ont la particularité de se "cacher" à la détection de HJT proprement dite ou à son analyse . la modification du nom de l'exe pallie ce problème... Poste moi un nouveau log après avoir renommé HJT's ! Choisis l'option "Do a system scan and save a log file" Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" -> Copier" pour copier tout le contenu du rapport Dès que tu auras installer l'antivirus, poste moi un nouveau rapport HJThis stp... @ suivre.... (00) _llll_ The Punisher is watching ................... !!! |
Ok je fais tout cela !!!! MERCI INFINIMENT C'est trop cool de ta part !!!! |
Voici le nouveau rapport Hijackthis après l'avoir renommé, dois lancé l'antivirus que tu m'as demandé de télécharger maintenant ???
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:33:47, on 07/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {143CEC6F-CEA3-478A-BC59-F15D278E1768} - C:\WINDOWS\system32\qomnl.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\StorageProtector\strpmon.exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [d4fbde05] rundll32.exe "C:\WINDOWS\system32\roblibcr.dll",b O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\StorageProtector\strpmon .exe" dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM\..\RunOnce: [CleanUp] CleanUp.exe O4 - HKLM\..\RunOnce: [SpkrCnfg] DSndUp.exe O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{F0A37~1\Setup.exe -rebootC:\PROGRA~1\INSTAL~1\{F0A37~1\reboot.ini O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP000.TMP\" O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\de poortere\Bureau\vundofix.exe" O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\DEPOOR~1\LOCALS~1\Temp\IXP001.TMP\" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [speakersettings] regedit /s c:\pnp\audio\speaker_setting.reg O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberlink.com/winxp/CheckDVD.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/... O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: gebxxus - gebxxus.dll (file missing) O20 - Winlogon Notify: winblg32 - winblg32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (file missing) O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (file missing) O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qugugrbo.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe End of file - 7321 bytes |
Par contre Virus Total a terminé d'analyser le fichier mais comment le poster ici j'ai "formater" ou "imprimer le résultat" ??? |
sers toi de ce tuto ! http://pageperso.aol.fr/loraline60/virus_total.htm
tu enregistre le rapport et tu copie/colle ici ... (00) _llll_ The Punisher is watching ................... !!! |
Fichier mlqwpsrw.dll.vir reçu le 2008.02.07 22:27:12 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 27/32 (84.38%) Bizarre pour la situation actuelle : car sur la page du site elle est "terminée" en réalité !!!! |
tu avais un rapport genre celui ci ?
Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.2.5.10 2008.02.04 - AntiVir 7.6.0.62 2008.02.04 TR/Agent.131072.I Authentium 4.93.8 2008.02.04 - Avast 4.7.1098.0 2008.02.04 - AVG 7.5.0.516 2008.02.04 SHeur.ANJL BitDefender 7.2 2008.02.05 Backdoor.Oderoor.F CAT-QuickHeal 9.00 2008.02.04 - ClamAV 0.92 2008.02.05 Trojan.Pakes-1085 DrWeb 4.44.0.09170 2008.02.04 Trojan.Spambot.2696 eSafe 7.0.15.0 2008.01.28 Suspicious File eTrust-Vet 31.3.5511 2008.02.04 - Ewido 4.0 2008.02.04 - FileAdvisor 1 2008.02.05 - Fortinet 3.14.0.0 2008.02.04 W32/Pakes.BZQ!tr F-Prot 4.4.2.54 2008.02.04 - F-Secure 6.70.13260.0 2008.02.04 Oderoor.gen2 Ikarus T3.1.1.20 2008.02.05 Virus.Trojan.Win32.Pakes.bzq Kaspersky 7.0.0.125 2008.02.05 Trojan.Win32.Pakes.bzq McAfee 5222 2008.02.04 Generic.dx Microsoft 1.3204 2008.02.04 Backdoor:Win32/Oderoor.gen!B NOD32v2 2848 2008.02.04 Win32/Agent.NHE Norman 5.80.02 2008.02.04 Oderoor.gen2 Panda 9.0.0.4 2008.02.04 Bck/IRCBot.BQZ Prevx1 V2 2008.02.05 Covert.Sys.Exec Rising 20.29.22.00 2008.01.30 Trojan.Win32.Undef.car Sophos 4.26.0 2008.02.04 Troj/Bckdr-QLC Sunbelt 2.2.907.0 2008.02.05 Backdoor.Oderoor.F Symantec 10 2008.02.05 Downloader TheHacker 6.2.9.209 2008.02.05 Trojan/Pakes.bzq VBA32 3.12.6.0 2008.02.02 Trojan.Win32.Pakes.bzq VirusBuster 4.3.26:9 2008.02.04 - Webwasher-Gateway 6.6.2 2008.02.05 Trojan.Agent.131072.I Information additionnelle File size: 131072 bytes MD5: d2b0a6a4dedf015e26dfe934502d49ad SHA1: f89c41a71179da054d3bd616ba0577f068352d9e (00) _llll_ The Punisher is watching ................... !!! |