[Résolu] Probleme avec Razespyware - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : [Résolu] Probleme avec Razespyware
 
KithKanaan
Profil : IDNaute
Plus d'informations
n°58289
11-01-2006 à 14:53:35

voila il m arive la meme chose que certaines personnes sur ce forum : j ai un probleme avec razespyware .
j ai allumé le PC et j avais un arriere plan rouge
" Danger:spyware....."

alors j ai fais une recherche sur internet et la plupart des personnes avaient reglé ca en allant dans :
propriété d affichage ->bureau-> personalisation du bureau-> web et tout cocher sauf un truc .

sauf que moi je n ai rien dans cette liste -_- quelqu un peut m aider ?

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

OmaR
Profil : Extensionaute
Plus d'informations
n°58497
12-01-2006 à 12:41:46

Salut,

Télécharge HijackThis : http://www.infos-du-net.com/telech [...] kThis.html
Extrais le fichier hijackthis.exe, de son fichier zip, dans un dossier dédié (un dossier que tu places sur le bureau par exemple).
Lance le fichier hijackthis.exe, choisi Do a system scan a save a logfile, et donne nous le résultat du scan.

KithKanaan
Profil : IDNaute
Plus d'informations
n°58576
12-01-2006 à 17:24:39

voila ca y est c est fait :) :

Logfile of HijackThis v1.99.1
Scan saved at 17:24:09, on 12/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Famille\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\cbxvu.dll
O2 - BHO: Class - {3901E8B9-569B-50AA-35AC-D0FC976E91F1} - C:\WINDOWS\javaej.dll (file missing)
O2 - BHO: (no name) - {538EEB8F-48F3-4823-CA19-09ED9EFBD83E} - (no file)
O2 - BHO: winapi32.MyBHO - {7A533235-A128-434B-9F8A-9300A544D191} - C:\WINDOWS\System32\winapi32.dll
O2 - BHO: (no name) - {7B197E28-9E40-E13E-D193-C6BD227A9291} - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O2 - BHO: Class - {D3137D6C-5DB4-2572-904E-47959850B407} - C:\WINDOWS\ntko.dll (file missing)
O2 - BHO: (no name) - {D741F288-69CD-DC65-04EF-24D24A69D9CD} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\khhfg.dll
O2 - BHO: Class - {EC6A8E0A-AD32-E83A-DFB2-E57B1A014627} - C:\WINDOWS\system32\sysji.dll (file missing)
O2 - BHO: Class - {FC63F231-14C0-2872-4514-264B57E8F5C1} - C:\WINDOWS\ipqy32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [68.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\68.tmp.exe
O4 - HKLM\..\Run: [69.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\69.tmp.exe
O4 - HKLM\..\Run: [68.tmp.exe] C:\DOCUME~1\Famille\LOCALS~1\Temp\68.tmp.exe
O4 - HKLM\..\Run: [69.tmp.exe] C:\DOCUME~1\Famille\LOCALS~1\Temp\69.tmp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Universal Porn Dialer] C:\WINDOWS\System32\xxxdialer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/window [...] 5971445471
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{838986F3-BC58-4B4F-8DF3-09651B0E99AB}: NameServer = 195.3.96.67 195.3.96.68
O20 - Winlogon Notify: cbxvu - C:\WINDOWS\System32\cbxvu.dll
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O20 - Winlogon Notify: khhfg - C:\WINDOWS\SYSTEM32\khhfg.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apixy32.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)

bob_
Profil : IDNaute
Plus d'informations
n°58705
13-01-2006 à 15:09:21

Salut,

1/ Redémarrer en mode sans échec

Redémarre l'ordinateur. Après les écritures du BIOS, appuyes sur F8 (ou F5 si F8 marche pas) pour arriver à un menu avec des écritures blanches sur un fond noir.

Dans ce menu, tu dois pouvoir choisir le mode sans échec (celà se passe avec les flèches et Entrée pour valider).

Le démarrage en mode sans échec est souvent relativement long. Si tu as des écritures blanches bizarres, ne t'inquiètes pas.
Prend juste ton mal en patience.

2/ Fixer des lignes

Relances HijackThis. Choisi Do a system scan only cette fois-ci.
Puis coche les lignes suivantes, et appuie sur Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Class - {3901E8B9-569B-50AA-35AC-D0FC976E91F1} - C:\WINDOWS\javaej.dll (file missing)
O2 - BHO: (no name) - {538EEB8F-48F3-4823-CA19-09ED9EFBD83E} - (no file)
O2 - BHO: (no name) - {7B197E28-9E40-E13E-D193-C6BD227A9291} - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O2 - BHO: Class - {D3137D6C-5DB4-2572-904E-47959850B407} - C:\WINDOWS\ntko.dll (file missing)
O2 - BHO: (no name) - {D741F288-69CD-DC65-04EF-24D24A69D9CD} - (no file)
O2 - BHO: Class - {EC6A8E0A-AD32-E83A-DFB2-E57B1A014627} - C:\WINDOWS\system32\sysji.dll (file missing)
O2 - BHO: Class - {FC63F231-14C0-2872-4514-264B57E8F5C1} - C:\WINDOWS\ipqy32.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [68.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\68.tmp.exe
O4 - HKLM\..\Run: [69.tmp] C:\DOCUME~1\Famille\LOCALS~1\Temp\69.tmp.exe
O4 - HKLM\..\Run: [68.tmp.exe] C:\DOCUME~1\Famille\LOCALS~1\Temp\68.tmp.exe
O4 - HKLM\..\Run: [69.tmp.exe] C:\DOCUME~1\Famille\LOCALS~1\Temp\69.tmp.exe
O4 - HKLM\..\Run: [Universal Porn Dialer] C:\WINDOWS\System32\xxxdialer.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

3/ Afficher tous les fichiers

Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage

Coche : Afficher les fichiers cachés
Décoche : Masquer les extensions des types connus
Décoche : Masquer les fichiers protégés du système d'exploitation

4/ Supprimer des fichiers

C:\WINDOWS\System32\cbxvu.dll
C:\WINDOWS\SYSTEM32\khhfg.dll
C:\WINDOWS\System32\xxxdialer.exe

5/ Redémarre normalement l'ordinateur.

6/ Dans l'explorateur de Windows (par ex) :
Outils -> Options des dossier -> onglet Affichage
Remet tout comme avant (si tu affichais déjà tous les fichiers, ne change rien).

Décoche : Afficher les fichiers cachés
Coche : Masquer les extensions des types connus
Coche : Masquer les fichiers protégés du système d'exploitation

7/Fais des analyses avec CCleaner et Kaspersky.

Si tu ne sais pas utiliser Kaspersky :

Citation:
--------------------------------------------------------------------------------

Alors, pour le scan online de Kaspersky, fais ceci :
- va ici (obligé d'utiliser IE)
- choisi Kaspersky Online Scanner
- dans la popup qui s'ouvre, choisi Accept
- là, il met à jour les définitions de virus
- il peut te demander d'accepter un ActiveX, accepte le, une fois que la mise à jour est finie
- clique sur Next
- puis clique sur My computer
- attend que le scan se réalise
- post ton log final

8/Reposte un log

Relances HijackThis. Choisi Do a system scan and save a logfile.
Et repostes nous ton nouveau log en nous précisant les étapes que tu n'as pas réussi.

Ensuite pour l'infection Vundo :

1/ Télécharge VundoFix.exe et mets-le sur le bureau.

2/ Double-clic sur VundoFix.exe
Cela créera un dossier VundoFix sur le bureau

3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

4/ Ouvre le dossier VundoFix et double-clic sur KillVundo.bat
Tu auras cet avertissement :

Citation:

--------------------------------------------------------------------------------

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

--------------------------------------------------------------------------------

Appuie sur la touche Entrée
Ensuite tu auras ce texte :

Citation:

--------------------------------------------------------------------------------

Please type in the filepath as instructed by the forum staff
and then press enter :

--------------------------------------------------------------------------------

Tape exactement ceci : C:\WINDOWS\System32\khhfg.dll

Ensuite appuie sur la touche Entrée.

Ensuite tu auras ce texte :

Citation:

--------------------------------------------------------------------------------

Please type in the second filepath as instructed by the forum staff
then press enter :

--------------------------------------------------------------------------------

Tape exactement ceci : C:\WINDOWS\System32\cbxvu.dll

Ensuite appuie sur la touche Entrée.

Ensuite HijackThis va s'ouvrir.
puis --> Do a system scan only
coche les lignes indiquées ci-dessous si présentes
puis --> Fix checked
puis oui à la question de confirmation

O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\cbxvu.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\khhfg.dll
O20 - Winlogon Notify: cbxvu - C:\WINDOWS\System32\cbxvu.dll
O20 - Winlogon Notify: khhfg - C:\WINDOWS\SYSTEM32\khhfg.dll

Ensuite ferme Hijackthis et appuie sur une touche pour redémarrer le PC.
En cas de plantage du PC, redémarre-le avec la touche RESET.

Après redémarrage, poste un nouveau rapport HJT.

KithKanaan
Profil : IDNaute
Plus d'informations
n°58773
13-01-2006 à 18:54:23

donc voila le log Kaspersky :



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, January 13, 2006 20:06:31
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/01/2006
Kaspersky Anti-Virus database records: 160557
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 25279
Number of viruses found: 12
Number of infected objects: 225
Number of suspicious objects: 0
Duration of the scan process: 3644 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Maman\Local Settings\Temporary Internet Files\Content.IE5\U9G1W3SD\adsldpbd[1].dll Infected: Trojan-Downloader.Win32.Delf.lh
C:\Microsoft AntiSpyware\Quarantine\50B20738-2614-48CA-9AF4-0E8AF7\D32262BB-7FBA-452D-BB23-935A68 Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\Microsoft AntiSpyware\Quarantine\53C587A0-B690-4229-8BAC-974B62\77851B04-46E2-4E6D-9947-709A1C Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006755.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006755.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006755.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006755.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006755.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006755.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006758.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006811.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006811.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006811.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006811.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006811.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006811.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006817.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006863.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006863.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006863.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006863.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006863.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006863.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006870.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006870.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006870.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006870.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006870.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0006870.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007871.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007871.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007871.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007871.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007871.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007871.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007877.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007888.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007888.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007888.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007888.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007888.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007888.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007893.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007893.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007893.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0007898.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0008888.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0008888.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0008888.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0008888.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0008888.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP5\A0008888.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008892.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008892.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008892.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008895.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008895.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008895.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008895.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008895.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008895.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008899.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008922.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008922.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008922.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008922.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008922.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008922.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008932.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008933.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008933.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008933.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008948.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008948.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008948.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008948.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008948.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008948.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008956.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008980.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008980.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008980.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008980.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008980.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008980.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008987.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008987.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008987.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0008988.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009007.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009007.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009007.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009007.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009007.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009007.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009018.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009028.iss:bjqenn:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009038.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009038.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009038.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009038.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009038.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009038.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009041.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009041.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009041.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP6\A0009048.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0009223.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0009223.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0009223.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0009223.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0009223.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0009223.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0009225.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010040.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010040.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010040.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010040.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010040.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010040.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010051.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010051.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010051.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010054.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010063.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010063.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010063.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010063.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010063.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010063.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010065.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010088.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010088.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010088.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010089.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010089.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010089.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010104.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010104.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010104.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010104.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010104.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010104.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010108.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010125.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010125.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010125.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010125.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010125.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010125.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010132.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010132.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010132.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010132.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010132.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010132.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010136.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010147.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010147.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0010147.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0011133.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0011133.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0011133.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0011133.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012133.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012133.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012133.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012133.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012133.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012133.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012139.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012143.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012143.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012143.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012184.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012184.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012184.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012184.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012184.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012184.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012185.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012185.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012185.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012194.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012201.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012203.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012204.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012208.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012210.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012211.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012213.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012214.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012215.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012216.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012217.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012218.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012219.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012220.exe Infected: Packed.Win32.CryptExe
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012221.exe Infected: Backdoor.Win32.SdBot.aig
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012227.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012229.exe Infected: Trojan.Win32.LowZones.cu
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012231.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012231.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012231.pif:uhexy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012231.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012231.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0012231.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0013246.exe/data.rar/w3.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0013246.exe/data.rar Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0013246.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\System Volume Information\_restore{C129CDD6-7217-425C-BEDD-637234802F8A}\RP7\A0013271.exe Infected: Trojan-Proxy.Win32.Ranky.dv
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\on.exe Infected: Trojan-Downloader.Win32.Femad.am
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\on.exe Infected: Trojan-Downloader.Win32.Femad.am
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\on.exe Infected: Trojan-Downloader.Win32.Femad.am
C:\WINDOWS\Downloaded Program Files\on.exe Infected: Trojan-Downloader.Win32.Femad.am
C:\WINDOWS\ST6UNST.001:qqcymc:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\stub14.ini:bsfrio:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab
C:\WINDOWS\system32\TFTP2612 Infected: Backdoor.Win32.PoeBot.b
C:\WINDOWS\Tasse à café.bmp:ldtvxx:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:hxmotq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\_default.pif:mhpcbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:uhexyd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\_default.pif:wulhxa:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:zyftna:$DATA Infected: Trojan.Win32.Agent.bi

KithKanaan
Profil : IDNaute
Plus d'informations
n°58786
13-01-2006 à 20:12:43

et voila le log HJT ( a priori j ai tout reussi j ai eu un peu de mal a faire marcher kasperspy mais il a finalement marché :) ):

Logfile of HijackThis v1.99.1
Scan saved at 20:11:58, on 13/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\shell386.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Famille\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: ATLDistrib Object - {2353FCBC-012D-487B-8BF3-865C0929FBEB} - C:\WINDOWS\System32\cbxvu.dll
O2 - BHO: winapi32.MyBHO - {7A533235-A128-434B-9F8A-9300A544D191} - C:\WINDOWS\System32\winapi32.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\khhfg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Universal Porn Dialer] C:\WINDOWS\System32\xxxdialer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads [...] nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/window [...] 5971445471
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{838986F3-BC58-4B4F-8DF3-09651B0E99AB}: NameServer = 195.3.96.67 195.3.96.68
O20 - Winlogon Notify: cbxvu - C:\WINDOWS\System32\cbxvu.dll
O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
O20 - Winlogon Notify: khhfg - C:\WINDOWS\SYSTEM32\khhfg.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apixy32.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)

KithKanaan
Profil : IDNaute
Plus d'informations