Logiciel qui s'installe tout seul ! Fermé

Question

Bonjour, Mon ordinateur a u un faux antivirus : spyware guard 2008 . En plus il c'est installer tout seul ! Quand je veut le desinstaller ça ne fait rien du tout ! A cose de ce logiciel je ne peut pas aller sur internet ( occasionellement) ! Pouvez vous m'aider svp merci

Destrio5 · Answer

Salut,

- Télécharge HijackThis v2.0.2 sur ton Bureau.

- Double-clique sur HJTInstall afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.

Pwiincesse-224 · Answer

Merci mais j'ai un probleme car je ne peut pas installer d'autre logiciel car je n'ai pas assez de place :\

Destrio5 · Answer

Fais du tri ^^

Pwiincesse-224 · Answer

Ok mais comment on fait pour savoir la mémoire qui nous reste dans notre ordi jme souvien plus kommen on fait !

Destrio5 · Answer

On va essayer quelque chose.

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. 
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).

Pwiincesse-224 · Answer

je dois partir on se vera demain je le ferais

Destrio5 · Answer

Si tu me laisses tomber, je préfère que tu me le dises.

Destrio5 · Answer

Je ne me vexe pas mais un trop grand pourcentage de personnes disparaissent sans donner de nouvelle.

Pwiincesse-224 · Answer

Ok Mais Moi je revien ;)

Pwiincesse-224 · Answer

Voici le Blog note : 



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:58, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\fxstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [a8e27778] rundll32.exe "C:\WINDOWS\system32\krboaocj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - AppInit_DLLs: irpjuo.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Destrio5 · Answer

Infection Vundo.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Pwiincesse-224 · Answer

Ok merci je vais suivre tout cela

Pwiincesse-224 · Answer

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1541
Windows 5.1.2600 Service Pack 3

24/12/2008 19:06:28
mbam-log-2008-12-24 (19-06-28).txt

Type de recherche: Examen rapide
Eléments examinés: 74187
Temps écoulé: 21 minute(s), 30 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 8
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 90

Processus mémoire infecté(s):
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\krboaocj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMgEUnl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnmlliF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnmNGWq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqronnM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32qRIyVlj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sfqitjjb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\irpjuo.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmllif (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e76df63-64fa-489d-aa84-84cd9d0ca9e6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6e76df63-64fa-489d-aa84-84cd9d0ca9e6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9de487bb-2748-41e7-a42f-f9a56d81b52b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9de487bb-2748-41e7-a42f-f9a56d81b52b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9de487bb-2748-41e7-a42f-f9a56d81b52b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6e76df63-64fa-489d-aa84-84cd9d0ca9e6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a8e27778 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\qomgeunl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomgeunl  -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\pmnmlliF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\irpjuo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMgEUnl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lnUEgMoq.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lnUEgMoq.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krboaocj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jcoaobrk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhcpvkib.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bikvpchm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnmNGWq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssqronnM.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32qRIyVlj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sfqitjjb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\sysrest32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftsicgff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtRlJd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOfedC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnmMFyv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfub.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlJdCs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcYpmnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32qRIxwVO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32qRKCtrP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaYpOI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbAQgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwWNde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGxUOHB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGxWQhh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hnhnnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEUOgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfFVMGw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYpNhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNggEU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPgHxV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRKBTk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlIYqp.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awturOFu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXnlMcd(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOIbcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRKCUl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	uvUKcde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	uvUOFWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	uvVLdeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqNEWNf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqPfEtT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcaabb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdARIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdCrpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJBrRhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJcCrsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifecccb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayXQJde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxxwvV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxyyaY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHYPjH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:eps.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\1BF1HI1Q\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\UP5R7EL1\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\WB81WPYF\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtuRhEX.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\byXRhGXq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWSeged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Protect	rack.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\zledymppda.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Pwiincesse-224 · Answer

Ece que c'est Bon signe ??

Destrio5 · Answer

---> Redémarre ton PC.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Je te conseille vivement d'installer la Console de récupération.

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\Combofix.txt

Tutoriel officiel : 
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Pwiincesse-224 · Answer

ok ! Est-tu informaticien ??

Destrio5 · Answer

MBAM a supprimé pas mal d'infection mais à mon avis, il doit en rester.

Je ne suis pas informaticien.

Pwiincesse-224 · Answer

Ok en tout cas tu es très cultivé dans ce domaine a ce que je vois

Pwiincesse-224 · Answer

"admin" - 2008-12-24 20:12:39 Service Pack 3 ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\admin\Bureau\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\DOCUME~1\admin\Bureau\internet.lnk" ((((((((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))))) 2008-12-24 20:10 401,408 --a------ C:\WINDOWS\system32\CF11354.exe 2008-12-24 18:35 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-12-24 18:35 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-12-24 18:35 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-24 18:35 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes 2008-12-24 18:35 d-------- C:\DOCUME~1\admin\APPLIC~1\Malwarebytes 2008-12-24 18:21 d-------- C:\Program Files\Trend Micro 2008-12-24 18:12 d-------- C:\Program Files\Combined Community Codec Pack 2008-12-24 14:46 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-12-24 14:46 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-12-24 14:42 221,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-12-24 14:42 2,182,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-12-24 14:42 d-------- C:\Program Files\Kaspersky Lab 2008-12-24 14:42 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Kaspersky Lab 2008-12-20 18:38 d-------- C:\Program Files\Enigma Software Group 2008-12-19 20:41 69,632 --a------ C:\oskie.exe 2008-12-19 20:35 91,648 --a------ C:\hehe.exe 2008-12-19 18:19 441 --a------ C:\WINDOWS\system32\TDSSosvd.dat 2008-12-16 19:47 d-------- C:\Program Files\MSNFix 2008-12-14 19:35 d-------- C:\DOCUME~1\admin\APPLIC~1\MSNInstaller 2008-12-14 19:32 1,490,944 --a------ C:\Documents and Settings\admin tuser.dat 2008-12-14 19:32 1,490,944 --a------ C:\DOCUME~1\admin tuser.dat 2008-12-09 11:53 d-------- C:\Program Files\MSXML 4.0 2008-12-07 15:00 d-------- C:\DOCUME~1\admin\APPLIC~1\Samsung 2008-12-07 14:11 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-12-07 14:10 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-12-07 14:09 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys 2008-12-07 14:09 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys 2008-12-07 14:09 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys 2008-12-07 14:09 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys 2008-12-07 14:09 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys 2008-12-07 14:09 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys 2008-12-07 14:09 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys 2008-12-07 14:08 d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-12-07 14:08 d-------- C:\Program Files\Samsung 2008-12-07 11:14 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-12-06 21:11 d-------- C:\DOCUME~1\admin\APPLIC~1\U3 2008-12-06 19:27 d-------- C:\DOCUME~1\admin\APPLIC~1\LimeWire 2008-12-06 19:26 410,984 --a------ C:\WINDOWS\system32\deploytk.dll 2008-12-03 16:53 d-------- C:\Program Files\Apple Software Update 2008-12-03 16:53 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer 2008-12-03 16:53 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple 2008-12-03 16:50 d-------- C:\WINDOWS\system32\LogFiles 2008-12-03 16:50 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-12-03 16:41 d-------- C:\DOCUME~1\admin\APPLIC~1\Creative 2008-12-03 16:37 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe 2008-12-03 16:37 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2008-12-03 16:37 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-12-03 16:37 20,480 -ra------ C:\WINDOWS\P0620Cfg.exe 2008-12-03 16:37 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2008-12-03 16:37 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2008-12-03 16:37 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-12-03 16:37 126,976 -ra------ C:\WINDOWS\system32\P0620Vfw.dll 2008-12-03 16:37 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2008-12-03 16:37 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-12-03 16:36 91,864 -ra------ C:\WINDOWS\system32\drivers\P0620Vid.sys 2008-12-03 16:36 57,344 -ra------ C:\WINDOWS\system32\P0620Hwx.dll 2008-12-03 16:36 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-12-03 16:36 36,864 -ra------ C:\WINDOWS\system32\P0620Pin.dll 2008-12-03 16:36 36,864 -ra------ C:\WINDOWS\system32\CtRegApp.dll 2008-12-03 16:36 32,768 -ra------ C:\WINDOWS\system32\p0620sti.dll 2008-12-03 16:36 24,576 -ra------ C:\WINDOWS\system32\P0620Aor.dll 2008-12-03 16:36 20,480 -ra------ C:\WINDOWS\system32\P0620Srv.exe 2008-12-03 16:34 308,224 --a------ C:\WINDOWS\IsUn040c.exe 2008-12-03 16:32 36,864 -ra------ C:\WINDOWS\system32\CtCamMgr.dll 2008-12-03 16:32 24,576 --------- C:\WINDOWS\system32\CTWEBFUN.DLL 2008-12-03 14:49 0 --a------ C:\WINDOWS sreg.dat 2008-12-03 13:18 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage 2008-12-03 11:46 268,648 --a------ C:\WINDOWS\system32\mucltui.dll 2008-12-03 11:46 208,744 --a------ C:\WINDOWS\system32\muweb.dll 2008-12-03 11:45 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Messenger Plus! 2008-12-02 20:46 d-------- C:\Program Files\PhotoFiltre 2008-12-02 20:00 d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller 2008-12-02 19:53 d---s---- C:\Documents and Settings\admin\UserData 2008-12-02 19:53 d---s---- C:\DOCUME~1\admin\UserData 2008-12-02 19:38 d-------- C:\Documents and Settings\admin\Tracing 2008-12-02 19:38 d-------- C:\DOCUME~1\admin\Tracing 2008-12-02 19:34 d-------- C:\Program Files\Fichiers communs\Windows Live 2008-12-02 19:26 d-------- C:\Program Files\Messenger Plus! Live 2008-12-02 19:21 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-12-02 14:46 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-12-02 13:54 d-------- C:\Documents and Settings\admin\Contacts 2008-12-02 13:54 d-------- C:\DOCUME~1\admin\Contacts 2008-12-02 13:01 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-12-02 13:00 315,392 --a------ C:\WINDOWS\alcupd.exe 2008-12-02 12:55 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2008-12-02 12:55 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2008-12-02 12:55 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2008-12-02 12:55 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2008-12-02 12:55 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2008-12-02 12:55 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2008-12-02 12:55 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2008-12-02 12:55 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2008-12-02 12:55 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2008-12-02 12:55 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2008-12-02 12:55 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys 2008-12-02 12:54 58,752 --a------ C:\WINDOWS\system32\drivers edbook.sys 2008-12-02 12:54 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-12-02 12:53 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2008-12-02 12:53 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-12-02 12:53 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2008-12-02 12:53 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll 2008-12-02 12:53 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2008-12-02 12:53 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll 2008-12-02 12:53 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll 2008-12-02 12:53 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys 2008-12-02 12:53 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2008-12-02 12:53 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll 2008-12-02 12:52 88,192 --a------ C:\WINDOWS\system32\drivers\irda.sys 2008-12-02 12:52 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2008-12-02 12:52 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2008-12-02 12:52 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS 2008-12-02 12:52 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys 2008-12-02 12:52 29,184 --a------ C:\WINDOWS\system32\irmon.dll 2008-12-02 12:52 19,584 --a------ C:\WINDOWS\system32\drivers asirda.sys 2008-12-02 12:52 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys 2008-12-02 12:52 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2008-12-02 12:52 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2008-12-02 12:49 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2008-12-02 12:49 9,104 --a------ C:\WINDOWS\system\VER.DLL 2008-12-02 12:49 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll 2008-12-02 12:49 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2008-12-02 12:49 8,704 --a------ C:\WINDOWS\system32\batt.dll 2008-12-02 12:49 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2008-12-02 12:49 76,800 --a------ C:\WINDOWS\system32\storprop.dll 2008-12-02 12:49 70,688 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2008-12-02 12:49 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE 2008-12-02 12:49 70,352 --a------ C:\WINDOWS\system\AVICAP.DLL 2008-12-02 12:49 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2008-12-02 12:49 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2008-12-02 12:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2008-12-02 12:49 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2008-12-02 12:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2008-12-02 12:49 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2008-12-02 12:49 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2008-12-02 12:49 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2008-12-02 12:49 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2008-12-02 12:49 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2008-12-02 12:49 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2008-12-02 12:49 33,904 --a------ C:\WINDOWS\system\COMMDLG.DLL 2008-12-02 12:49 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-12-02 12:49 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2008-12-02 12:49 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2008-12-02 12:49 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2008-12-02 12:49 15,872 --a------ C:\WINDOWS\TASKMAN.EXE 2008-12-02 12:49 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-12-02 12:49 127,168 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2008-12-02 12:49 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2008-12-02 12:49 109,568 --a------ C:\WINDOWS\system\AVIFILE.DLL 2008-12-02 12:49 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2008-12-02 12:49 dr------- C:\DOCUME~1\DEFAUL~1.WIN\Menu D‚marrer 2008-12-02 12:49 dr------- C:\DOCUME~1\ALLUSE~1.WIN\Menu D‚marrer 2008-12-02 12:49 dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documents 2008-12-02 12:49 d--h----- C:\DOCUME~1\DEFAUL~1.WIN\Voisinage r‚seau 2008-12-02 12:49 d--h----- C:\DOCUME~1\DEFAUL~1.WIN\Voisinage d'impression 2008-12-02 12:49 d--h----- C:\DOCUME~1\DEFAUL~1.WIN\ModŠles 2008-12-02 12:49 d--h----- C:\DOCUME~1\ALLUSE~1.WIN\ModŠles 2008-12-02 12:49 d-------- C:\DOCUME~1\DEFAUL~1.WIN\Mes documents 2008-12-02 12:49 d-------- C:\DOCUME~1\DEFAUL~1.WIN\Favoris 2008-12-02 12:49 d-------- C:\DOCUME~1\DEFAUL~1.WIN\Bureau 2008-12-02 12:49 d-------- C:\DOCUME~1\ALLUSE~1.WIN\Favoris 2008-12-02 12:49 d-------- C:\DOCUME~1\ALLUSE~1.WIN\Bureau 2008-12-02 12:48 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-12-02 12:48 111,184 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-12-02 12:45 97,480 --a------ C:\WINDOWS\system32\AVASTSS.scr 2008-12-02 12:45 94,032 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-12-02 12:45 93,296 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-12-02 12:45 50,864 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-12-02 12:45 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-12-02 12:45 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2008-12-02 12:45 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-12-02 12:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-12-02 12:45 1,236,208 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-12-02 12:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-12-02 12:45 d-------- C:\Program Files\Alwil Software 2008-12-02 12:40 4,108,992 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys 2008-12-02 12:32 dr------- C:\Documents and Settings\admin\Mes documents 2008-12-02 12:32 dr------- C:\Documents and Settings\admin\Menu D‚marrer 2008-12-02 12:32 dr------- C:\Documents and Settings\admin\Favoris 2008-12-02 12:32 dr------- C:\DOCUME~1\admin\Mes documents 2008-12-02 12:32 dr------- C:\DOCUME~1\admin\Menu D‚marrer 2008-12-02 12:32 dr------- C:\DOCUME~1\admin\Favoris 2008-12-02 12:32 d--h----- C:\Documents and Settings\admin\Voisinage r‚seau 2008-12-02 12:32 d--h----- C:\Documents and Settings\admin\Voisinage d'impression 2008-12-02 12:32 d--h----- C:\Documents and Settings\admin\ModŠles 2008-12-02 12:32 d--h----- C:\DOCUME~1\admin\Voisinage r‚seau 2008-12-02 12:32 d--h----- C:\DOCUME~1\admin\Voisinage d'impression 2008-12-02 12:32 d--h----- C:\DOCUME~1\admin\ModŠles 2008-12-02 12:32 d-------- C:\Documents and Settings\admin\Bureau 2008-12-02 12:32 d-------- C:\DOCUME~1\admin\Bureau 2008-12-02 12:20 241,664 --a------ C:\DOCUME~1\NETWOR~1.AUT\NTUSER.DAT 2008-12-02 12:20 241,664 --a------ C:\DOCUME~1\LOCALS~1.AUT\NTUSER.DAT 2008-12-02 12:13 241,664 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT 2008-12-02 12:13 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2008-12-02 12:11 d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM 2008-12-02 12:09 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2008-12-02 12:09 81,920 --a------ C:\WINDOWS\system32\ils.dll 2008-12-02 12:09 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2008-12-02 12:09 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2008-12-02 12:09 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys 2008-12-02 12:09 72,192 --a------ C:\WINDOWS\system32\acctres.dll 2008-12-02 12:09 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll 2008-12-02 12:09 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2008-12-02 12:09 691,712 --a------ C:\WINDOWS\system32\inetcomm.dll 2008-12-02 12:09 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2008-12-02 12:09 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2008-12-02 12:09 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2008-12-02 12:09 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2008-12-02 12:09 561,688 --a------ C:\WINDOWS\system32\wuapi.dll 2008-12-02 12:09 51,224 --a------ C:\WINDOWS\system32\wuauclt.exe 2008-12-02 12:09 50,688 --a------ C:\WINDOWS\system32\inetres.dll 2008-12-02 12:09 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2008-12-02 12:09 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2008-12-02 12:09 43,520 --a------ C:\WINDOWS\system32 acpldlg.dll 2008-12-02 12:09 409,088 --a------ C:\WINDOWS\system32\qmgr.dll 2008-12-02 12:09 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2008-12-02 12:09 34,328 --a------ C:\WINDOWS\system32\wups.dll 2008-12-02 12:09 323,608 --a------ C:\WINDOWS\system32\wucltui.dll 2008-12-02 12:09 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2008-12-02 12:09 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2008-12-02 12:09 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2008-12-02 12:09 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll 2008-12-02 12:09 281,600 --a------ C:\WINDOWS\system32\mstask.dll 2008-12-02 12:09 28,672 --a------ C:\WINDOWS\system32 mmkcert.dll 2008-12-02 12:09 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2008-12-02 12:09 241,664 --a------ C:\WINDOWS\system32\srrstr.dll 2008-12-02 12:09 23,040 --a------ C:\WINDOWS\system32\fltMc.exe 2008-12-02 12:09 202,776 --a------ C:\WINDOWS\system32\wuweb.dll 2008-12-02 12:09 194,560 --a------ C:\WINDOWS\system32\schedsvc.dll 2008-12-02 12:09 184,320 --a------ C:\WINDOWS\system32\wuaueng1.dll 2008-12-02 12:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-12-02 12:09 171,520 --a------ C:\WINDOWS\system32\srsvc.dll 2008-12-02 12:09 168,960 --a------ C:\WINDOWS\system32\wuauclt1.exe 2008-12-02 12:09 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2008-12-02 12:09 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2008-12-02 12:09 129,792 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2008-12-02 12:09 12,288 --a------ C:\WINDOWS\system32 mevtmsg.dll 2008-12-02 12:09 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2008-12-02 12:09 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2008-12-02 12:09 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2008-12-02 12:09 1,809,944 --a------ C:\WINDOWS\system32\wuaueng.dll 2008-12-02 12:08 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-12-02 12:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2008-12-02 12:07 5,632 --a------ C:\WINDOWS\system32\write.exe 2008-12-02 12:07 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2008-12-02 12:07 232,960 --a------ C:\WINDOWS\system32\avtapi.dll 2008-12-02 12:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2008-12-02 12:07 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2008-12-02 12:06 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2008-12-02 12:06 956,928 --a------ C:\WINDOWS\system32\msdtctm.dll 2008-12-02 12:06 94,208 --a------ C:\WINDOWS\system32 scfgwmi.dll 2008-12-02 12:06 91,648 --a------ C:\WINDOWS\system32\mtxoci.dll 2008-12-02 12:06 87,176 --a------ C:\WINDOWS\system32 dpwsx.dll 2008-12-02 12:06 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2008-12-02 12:06 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2008-12-02 12:06 677,888 --a------ C:\WINDOWS\system32\mstsc.exe 2008-12-02 12:06 67,072 --a------ C:\WINDOWS\system32 dshost.exe 2008-12-02 12:06 634,880 --a------ C:\WINDOWS\system32\getuname.dll 2008-12-02 12:06 625,664 --a------ C:\WINDOWS\system32\catsrvut.dll 2008-12-02 12:06 62,976 --a------ C:\WINDOWS\system32 dpclip.exe 2008-12-02 12:06 61,952 --a------ C:\WINDOWS\system32 emotepg.dll 2008-12-02 12:06 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2008-12-02 12:06 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2008-12-02 12:06 6,144 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2008-12-02 12:06 59,392 --a------ C:\WINDOWS\system32\stclient.dll 2008-12-02 12:06 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2008-12-02 12:06 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2008-12-02 12:06 57,344 --a------ C:\WINDOWS\system32\sol.exe 2008-12-02 12:06 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2008-12-02 12:06 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2008-12-02 12:06 539,648 --a------ C:\WINDOWS\system32\comuid.dll 2008-12-02 12:06 539,136 --a------ C:\WINDOWS\system32\spider.exe 2008-12-02 12:06 53,248 --a------ C:\WINDOWS\system32 sgqec.dll 2008-12-02 12:06 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2008-12-02 12:06 427,008 --a------ C:\WINDOWS\system32\msdtcprx.dll 2008-12-02 12:06 40,840 --a------ C:\WINDOWS\system32\drivers ermdd.sys 2008-12-02 12:06 4,608 --a------ C:\WINDOWS\system32 dpcfgex.dll 2008-12-02 12:06 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2008-12-02 12:06 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll 2008-12-02 12:06 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll 2008-12-02 12:06 35,840 --a------ C:\WINDOWS\system32\winchat.exe 2008-12-02 12:06 347,648 --a------ C:\WINDOWS\system32\mspaint.exe 2008-12-02 12:06 34,304 --a------ C:\WINDOWS\system32\mtxlegih.dll 2008-12-02 12:06 33,792 --a------ C:\WINDOWS\system32 egini.exe 2008-12-02 12:06 30,720 --a------ C:\WINDOWS\system32\mtxdm.dll 2008-12-02 12:06 297,984 --a------ C:\WINDOWS\system32 ermsrv.dll 2008-12-02 12:06 290,304 --a------ C:\WINDOWS\system32 httpaa.dll 2008-12-02 12:06 28,160 --a------ C:\WINDOWS\system32\comaddin.dll 2008-12-02 12:06 226,304 --a------ C:\WINDOWS\system32\catsrv.dll 2008-12-02 12:06 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2008-12-02 12:06 22,528 --a------ C:\WINDOWS\system32\msg.exe 2008-12-02 12:06 21,896 --a------ C:\WINDOWS\system32\drivers dtcp.sys 2008-12-02 12:06 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2008-12-02 12:06 2,061,824 --a------ C:\WINDOWS\system32\mstscax.dll 2008-12-02 12:06 196,224 --a------ C:\WINDOWS\system32\drivers dpdr.sys 2008-12-02 12:06 191,488 --a------ C:\WINDOWS\system32\cmprops.dll 2008-12-02 12:06 190,464 --a------ C:\WINDOWS\system32\accwiz.exe 2008-12-02 12:06 19,968 --a------ C:\WINDOWS\system32 dpsnd.dll 2008-12-02 12:06 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2008-12-02 12:06 17,408 --a------ C:\WINDOWS\system32 sshutdn.exe 2008-12-02 12:06 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2008-12-02 12:06 167,424 --a------ C:\WINDOWS\system32\comsnap.dll 2008-12-02 12:06 161,792 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2008-12-02 12:06 16,896 --a------ C:\WINDOWS\system32 skill.exe 2008-12-02 12:06 16,384 --a------ C:\WINDOWS\system32 winsta.exe 2008-12-02 12:06 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2008-12-02 12:06 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2008-12-02 12:06 15,360 --a------ C:\WINDOWS\system32 scon.exe 2008-12-02 12:06 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2008-12-02 12:06 147,968 --a------ C:\WINDOWS\system32 dchost.dll 2008-12-02 12:06 142,848 --a------ C:\WINDOWS\system32\sessmgr.exe 2008-12-02 12:06 14,848 --a------ C:\WINDOWS\system32 sdiscon.exe 2008-12-02 12:06 139,656 --a------ C:\WINDOWS\system32\drivers dpwd.sys 2008-12-02 12:06 136,192 --a------ C:\WINDOWS\system32\aaclient.dll 2008-12-02 12:06 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe 2008-12-02 12:06 13,824 --a------ C:\WINDOWS\system32 dsaddin.exe 2008-12-02 12:06 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2008-12-02 12:06 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2008-12-02 12:06 12,040 --a------ C:\WINDOWS\system32\drivers dpipe.sys 2008-12-02 12:06 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2008-12-02 12:06 115,200 --a------ C:\WINDOWS\system32\calc.exe 2008-12-02 12:06 110,592 --a------ C:\WINDOWS\system32\clbcatex.dll 2008-12-02 12:06 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2008-12-02 12:06 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2008-12-02 12:06 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe 2008-12-02 12:06 10,240 --a------ C:\WINDOWS\system32 eset.exe 2008-12-02 12:06 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2008-12-02 12:06 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-12-16 14:36:08 -------- d-----w C:\Program Files\Windows Live 2008-12-07 13:09:46 -------- d--h--w C:\Program Files\InstallShield Installation Information 2008-12-06 18:11:21 -------- d-----w C:\Program Files\LimeWire 2008-12-03 15:53:45 -------- d-----w C:\Program Files\QuickTime 2008-12-03 15:49:30 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat 2008-12-03 15:49:30 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat 2008-12-02 12:01:00 -------- d-----w C:\Program Files\Realtek AC97 2008-10-24 11:21:09 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-10-23 12:36:51 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-10-16 13:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll 2008-10-16 13:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll 2008-10-03 10:03:53 247,326 ----a-w C:\WINDOWS\system32\strmdll.dll 2008-09-30 15:43:34 1,286,152 ----a-w C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 05:43] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 15:24] {DBC80044-A445-435b-BC74-9C25C1C588A9}=C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 05:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 18:18] "SoundMan"="SOUNDMAN.EXE" [] "Cmaudio"="cmicnfg.cpl" [] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 C:\WINDOWS\system32\P0620Pin.dll] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 09:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 05:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:34] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34] "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-03-29 07:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\dimsntfy] %SystemRoot%\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* napagent hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfa7e13e-24eb-11dd-8bbe-0019660cba68}] AutoRun\command- F:\CDSTART.EXE Contents of the 'Scheduled Tasks' folder 2008-12-15 15:42:06 C:\WINDOWS asks\AppleSoftwareUpdate.job 2008-12-24 19:00:00 C:\WINDOWS asks\zjckplwb.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-24 20:15:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService] "ImagePath"="\"C:\Program Files\Java\jre6\bin\jqs.exe\" -service -config \"C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf\"" Completion time: 2008-12-24 20:16:08 C:\ComboFix-quarantined-files.txt ... 2008-12-24 20:15 --- E O F ---

Destrio5 · Answer

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

Pwiincesse-224 · Answer

Ok ! Tu crois que ça sera bon après ? Que j'aurais plus de virus ? ( J'ai aussi un virus msn )

Pwiincesse-224 · Answer

Merci pour les explications !

Destrio5 · Answer

C:\WINDOWS\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully. 

---> Ça, c'était le virus MSN. Il est supprimé par MBAM.

Je reviens plus tard ou demain.

Pwiincesse-224 · Answer

-------------- UsbFix V2.413.7 ---------------

* User : admin - ADMIN-6E7FABC7B
* Outils mis a jours le 24/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 20:37:42 le 24/12/2008
* Windows Xp - Internet Explorer 6.0.2900.5512 
  
  
--------------- [ Processus actifs ] ----------------   
  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
  
--------------- [ Informations lecteurs ] ----------------   
  
C: - Lecteur fixe


--------------- [ Lecteur C ] ---------------- 

C: - Lecteur fixe


+- Listing des fichiers présents :

[18/05/2008 15:40][--a------] C:\AUTOEXEC.BAT   
[13/04/2008 08:43][-rahs----] C:\NTDETECT.COM   
[19/12/2008 20:35][--a------] C:\hehe.exe   
[19/12/2008 20:35][--a------] C:\oskie.exe   
[02/12/2008 12:01][---hs----] C:\boot.ini   
[24/12/2008 20:11][--a------] C:\Bug.txt   
[24/12/2008 20:11][--a------] C:\ComboFix-quarantined-files.txt   
[24/12/2008 20:11][--a------] C:\ComboFix.txt   
[24/12/2008 20:11][--a------] C:\UsbFix.txt   
[24/12/2008 20:11][--a------] C:\WLCount.Txt   
[18/05/2008 15:40][--a------] C:\CONFIG.SYS   
[18/05/2008 15:40][--a------] C:\hiberfil.sys   
[18/05/2008 15:40][--a------] C:\IO.SYS   
[18/05/2008 15:40][--a------] C:\MSDOS.SYS   
[18/05/2008 15:40][--a------] C:\pagefile.sys   
  
--------------- [ Registre / Startup ] ----------------   
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
  
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] 
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
  
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
   MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
   Creative WebCam Tray="C:\Program Files\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
   SoundMan=SOUNDMAN.EXE
   Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
   PD0620 STISvc=RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
   QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
   SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
  
--------------- [ Registre / Mountpoint2 ] ----------------   
  
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command  
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfa7e13e-24eb-11dd-8bbe-0019660cba68}\Shell\AutoRun\command  
  
--------------- [ Nettoyage des disques ] ----------------   
   
Supprimé ! - [02/04/2007 14:21][--a------] C:\WINDOWS\system32\swreg.exe    
Supprimé ! - [29/11/2006 17:21][--a------] C:\WINDOWS\system32\swsc.exe    
Supprimé ! - [01/12/2006 05:20][--a------] C:\WINDOWS\system32\swxcacls.exe    
  
--------------- [ Resumé ] ----------------   
  
 -> /!\ Le resultat doit etre interprété par un spécialiste  /!\   
  
[18/05/2008 15:40][--a------] C:\AUTOEXEC.BAT   
[13/04/2008 08:43][-rahs----] C:\NTDETECT.COM   
[19/12/2008 20:35][--a------] C:\hehe.exe   
[19/12/2008 20:35][--a------] C:\oskie.exe   
[02/12/2008 12:01][---hs----] C:\boot.ini   
 
Joyeuses fetes a tous de la part de T'Chiki et Chimay ...et merci a toutes les personnes ayant,  
de pret ou de loin participé a UsbFix durant l annee 2008 , merci a eux !  
 
--------------- ! Fin du rapport ! ----------------

Pwiincesse-224 · Answer

Mercii Destrio5 tu es genial ! Je n'est plus de virus

Destrio5 · Answer

Ne pars pas, ce serait dommage ^^

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Désinstalle UsbFix.

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Pwiincesse-224 · Answer

Logfile of random's system information tool 1.05 (written by random/random)
Run by admin at 2008-12-25 12:47:46
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 69 GB (88%) free of 78 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:49, on 25/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Destrio5 · Answer

---> Fais analyser les fichiers suivants :
- C:\WINDOWS
igzss.txt 
- C:\oskie.exe  
- C:\hehe.exe  

---> Sur VirusTotal et poste les liens des analyses :
https://www.virustotal.com/gui/

Pwiincesse-224 · Answer

Je narriive pas a analyser

Pwiincesse-224 · Answer

analisis/6d27edce30ddb84ce7538a3d27207651

Pwiincesse-224 · Answer

analisis/c73120513fc551644ba538b86acd600d

Destrio5 · Answer

J'ai une idée, tu peux m'envoyer les fichiers sur mon adresse mail (Clique sur mon pseudo pour l'avoir).

Tu vas devoir les mettre dans une archive avec Winrar pour pouvoir me les envoyer.

Si tu ne sais pas comment faire, je t'expliquerai.

Ne double-clique pas sur les fichiers !

Pwiincesse-224 · Answer

Redis moi ce que je dois faire pour analyse

Destrio5 · Answer

Dans VirusTotal, tu cliques sur Parcourir et tu choisis un des trois fichiers à analyser.

Puis tu cliques sur Envoyer le fichier.

L'analyse va se faire puis une fois finie, prends le lien et poste-le ici.

Pwiincesse-224 · Answer

Ok merci

Pwiincesse-224 · Answer

http://www.virustotal.com/fr/analisis/6d27edce30ddb84ce7538a3d27207651

Destrio5 · Answer

Ça ne fonctionne pas de cette manière.

La page où j'accède n'a rien à voir avec ton fichier.

Pwiincesse-224 · Answer

A d'accord :( tu n'a pas une autre solution stp

Destrio5 · Answer

As-tu Winrar ?

Pwiincesse-224 · Answer

Non je n'ai pas Winrar . Veut-tu que je le télécharge ?

Destrio5 · Answer

https://www.commentcamarche.net/telecharger/utilitaires/24097-winrar/

Pwiincesse-224 · Answer

Et ensuite je fais quoi ? Stp

Destrio5 · Answer

Clique droit (PAS DE DOUBLE-CLIC) sur oskie.exe que tu trouveras dans C:\ et choisis Ajouter à "oskie.rar".

Envoie-moi oskie.rar sur mon adresse mail ;)

Pwiincesse-224 · Answer

Je n'y arrive pas :( desoler

Destrio5 · Answer

"J'arrive pas", c'est trop vague.

Pwiincesse-224 · Answer

Comment faire pour t'envoyer oskie ?

Destrio5 · Answer

Clique sur mon pseudo et tu auras mon adresse mail.

Mets le fichier en tant que pièce jointe.

Pwiincesse-224 · Answer

Ah ! Merci j'ai compris ! Desolé si je prend du temps pour comprendre .

Pwiincesse-224 · Answer

ça ne marche pas . ça ecrit : erreur d'envoi veuillez modifier vos paramètres

Destrio5 · Answer

Ajoute (adresse mail supprimée) sur ton MSN.

Pwiincesse-224 · Answer

Ok merci

Destrio5 · Answer

/!\ Seul Pwiincesse-224 peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

File::
C:\WINDOWS\system32\CF11354.exe
C:\oskie.exe
C:\hehe.exe 
C:\WINDOWS\system32\TDSSosvd.dat 
C:\WINDOWS	asks\zjckplwb.job
C:\WINDOWS\system32\a3c1b306-.txt 
C:\WINDOWS
igzss.txt

FileLook::
C:\WINDOWS\system32\vfind.exe     
C:\WINDOWS\system32\moveex.exe 







---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt

Destrio5 · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:files
C:\WINDOWS\system32\CF11354.exe
C:\oskie.exe
C:\hehe.exe
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS	asks\zjckplwb.job
C:\WINDOWS\system32\a3c1b306-.txt
C:\WINDOWS
igzss.txt 

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]






---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Pwiincesse-224 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\CF11354.exe moved successfully.
C:\oskie.exe moved successfully.
C:\hehe.exe moved successfully.
C:\WINDOWS\system32\TDSSosvd.dat moved successfully.
C:\WINDOWS	asks\zjckplwb.job moved successfully.
C:\WINDOWS\system32\a3c1b306-.txt moved successfully.
C:\WINDOWS
igzss.txt moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\hsperfdata_admin\3468 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFF1C8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFF1E0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFFBE4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFFC02.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_5c0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_644.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12272008_211910

Files moved on Reboot...
File C:\DOCUME~1\admin\LOCALS~1\Temp\hsperfdata_admin\3468 not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFF1C8.tmp not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFF1E0.tmp not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFFBE4.tmp not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFFC02.tmp not found!
C:\WINDOWS	emp\Perflib_Perfdata_5c0.dat moved successfully.
File C:\WINDOWS	emp\Perflib_Perfdata_644.dat not found!
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\XUL.mfl moved successfully.

Destrio5 · Answer

Bien.

---> Supprime Avast avec ceci :
http://files.avast.com/files/eng/aswclear.exe

---> Installe Antivir et mets-le à jour :
http://www.commentcamarche.net/telecharger/telecharger 55 antivir

---> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

---> Dans Antivir, choisis Outils puis Configuration.

---> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

---> Fais un scan complet et poste le rapport.

Destrio5 · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:services
aswUpdSv
avast! Antivirus
avast! Mail Scanner
avast! Web Scanner
aswRdr
aswMon2
aswFsBlk
aswTdi
aswSP
Aavmker4

:files
C:\Program Files\Alwil Software

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]






---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Pwiincesse-224 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service aswUpdSv stopped successfully.
Service aswUpdSv deleted successfully.
Service avast! Antivirus stopped successfully.
Service avast! Antivirus deleted successfully.
Service avast! Mail Scanner stopped successfully.
Service avast! Mail Scanner deleted successfully.
Service avast! Web Scanner stopped successfully.
Service avast! Web Scanner deleted successfully.
Service aswRdr stopped successfully.
Service aswRdr deleted successfully.
Unable to stop service aswMon2 .
Unable to stop service aswFsBlk .
Unable to stop service aswTdi .
Unable to stop service aswSP .
Unable to stop service Aavmker4 .
========== FILES ==========
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATAeport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\push scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\lics scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\dllcache scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\etilqs_khemqoPpxBRfR7szREkL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFA25B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFA26D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFAA29.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFAA3A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_5c4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_76c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12272008_214504

Files moved on Reboot...
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATAeport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\push scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\lics scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\dllcache scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATAeport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\push scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\lics scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\dllcache scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATAeport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\push scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\lics scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\dllcache scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup\INF scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\Setup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HtmlData scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH\HELP scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\ENGLISH scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\Skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATAeport scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\push scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\moved scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\lics scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\journal scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\integ scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\dllcache scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\chest scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA\backup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4\DATA scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software\Avast4 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Alwil Software scheduled to be moved on reboot.
File C:\DOCUME~1\admin\LOCALS~1\Temp\etilqs_khemqoPpxBRfR7szREkL not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFA25B.tmp not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFA26D.tmp not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFAA29.tmp not found!
File C:\DOCUME~1\admin\LOCALS~1\Temp\~DFAA3A.tmp not found!
File C:\WINDOWS	emp\Perflib_Perfdata_5c4.dat not found!
File C:\WINDOWS	emp\Perflib_Perfdata_76c.dat not found!
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\zfpknlh3.default\urlclassifier3.sqlite moved successfully.

Destrio5 · Answer

1/

---> Menu Démarrer > Exécuter > Tape combofix /u et valide par OK.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Pwiincesse-224 · Answer

info.txt logfile of random's system information tool 1.05 2008-12-27 22:14:15

======Uninstall list======

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x40c  /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADC07715-D995-45EE-8810-0F1A733D580D}\SETUP.EXE" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x40c 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative Photo Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c  /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c  /remove
Creative WebCam Instant Driver (1.03.02.0425)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres CtCamPin.crl
Enregistrement du produit WebCam Instant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADC07715-D995-45EE-8810-0F1A733D580D}\SETUP.EXE" -l0x40c  /remove
Favorit-->"c:\documents and settings\admin\local settings\application data\xacmnx.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installer Yahoo! Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x40c  /remove
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manuel d'utilisation de Creative WebCam Instant (Français)-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Manuel d'utilisation de Creative WebCam Instant\French\CTManual.isu"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.1b2)-->C:\Program Files\Mozilla Firefox 3.1 Beta 2\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c  -removeonly
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c  -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c  -removeonly
Utilitaire Effets vidéos avancés-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x40c  /remove
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WORLD_TV_CENTER Toolbar-->C:\PROGRA~1\WORLD_~1\UNWISE.EXE   /U C:\PROGRA~1\WORLD_~1\INSTALL.LOG  

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 000000-0] (disabled) (outdated)

System event log

Computer Name: ADMIN-6E7FABC7B
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 395
Source Name: Service Control Manager
Time Written: 20081204133318.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: ADMIN-6E7FABC7B
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 394
Source Name: EventLog
Time Written: 20081204133251.000000+060
Event Type: Informations
User: 

Computer Name: ADMIN-6E7FABC7B
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 393
Source Name: EventLog
Time Written: 20081204133251.000000+060
Event Type: Informations
User: 

Computer Name: ADMIN-6E7FABC7B
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 392
Source Name: EventLog
Time Written: 20081204133210.000000+060
Event Type: Informations
User: 

Computer Name: ADMIN-6E7FABC7B
Event Code: 1074
Message: Le processus winlogon.exe a initialisé le redémarrage de ADMIN-6E7FABC7B pour la raison suivante : Aucun titre à cette raison n'a pu être trouvé

Raison mineure : 0x2

Type d'arrêt : redémarrer.

Commentaire : 

Record Number: 391
Source Name: USER32
Time Written: 20081204133200.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Application event log

Computer Name: ADMIN-6E7FABC7B
Event Code: 103
Message: MsnMsgr (2144) \.\C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\fatoulamissdu91@hotmail.fr\SharingMetadata\Working\database_86A8_E28A_A8E2_77D7\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 342
Source Name: ESENT
Time Written: 20081209195747.000000+060
Event Type: Informations
User: 

Computer Name: ADMIN-6E7FABC7B
Event Code: 102
Message: MsnMsgr (2144) \.\C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Messenger\fatoulamissdu91@hotmail.fr\SharingMetadata\Working\database_86A8_E28A_A8E2_77D7\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 341
Source Name: ESENT
Time Written: 20081209195450.000000+060
Event Type: Informations
User: 

Computer Name: ADMIN-6E7FABC7B
Event Code: 100
Message: MsnMsgr (2144) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 340
Source Name: ESENT
Time Written: 20081209195449.000000+060
Event Type: Informations
User: 

Computer Name: ADMIN-6E7FABC7B
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 339
Source Name: usnjsvc
Time Written: 20081209195446.000000+060
Event Type: 
User: 

Computer Name: ADMIN-6E7FABC7B
Event Code: 1002
Message: Application bloquée IEXPLORE.EXE, version 6.0.2900.5512, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Record Number: 338
Source Name: Application Hang
Time Written: 20081209131458.000000+060
Event Type: erreur
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Pwiincesse-224 · Answer

Logfile of random's system information tool 1.05 (written by random/random)
Run by admin at 2008-12-27 22:13:59
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 67 GB (86%) free of 78 GB
Total RAM: 511 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:08, on 27/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\documents and settings\admin\local settings\application data\xacmnx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\admin\Bureau\RSIT.exe
C:\Program Files	rend micro\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: WORLD TV CENTER Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\WORLD_TV_CENTER	bWORL.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: WORLD TV CENTER Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\WORLD_TV_CENTER	bWORL.dll
O3 - Toolbar: WORLD TV CENTER Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Program Files\WORLD_TV_CENTER	bWORL.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [xacmnx] "c:\documents and settings\admin\local settings\application data\xacmnx.exe" xacmnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Pwiincesse-224 · Answer

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1541
Windows 5.1.2600 Service Pack 3

27/12/2008 23:47:21
mbam-log-2008-12-27 (23-47-21).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 91935
Temps écoulé: 1 hour(s), 2 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 295

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xacmnx (Adware.Navipromo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\WebMediaPlayer (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\admin\Local Settings\Application Data\xacmnx_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\xacmnx_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\xacmnx.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Local Settings\Application Data\xacmnx.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006485.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006491.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006495.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006496.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006498.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006499.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006501.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006508.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006509.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006510.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006511.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006512.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006513.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006514.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006516.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006517.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0007531.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006497.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP43\A0006515.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008639.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008640.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008643.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008644.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008645.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008646.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008647.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008668.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008672.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP48\A0008641.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013766.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013767.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013768.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013769.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013770.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013782.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013783.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013784.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013786.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013790.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013791.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013794.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013795.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013796.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013797.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013820.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013821.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013825.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013827.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013832.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013834.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013835.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013836.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013837.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013838.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013839.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013840.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013841.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013843.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013844.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013846.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013856.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013771.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013842.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013878.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013968.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013879.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013880.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013881.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013882.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013883.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013970.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013971.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013972.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013973.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013975.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013977.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013978.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP50\A0013979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP52\A0015013.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP52\A0015032.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015041.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015049.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015051.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015052.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015053.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015055.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015056.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015057.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015058.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015059.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015062.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015064.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015069.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015075.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015081.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015082.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015083.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015086.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015091.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015092.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015093.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015114.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015116.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015117.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015118.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015054.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015255.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015256.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0015257.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP53\A0017256.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP54\A0018454.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018533.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018551.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018524.exe (Trojan.SpamBot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018525.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018526.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018527.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018528.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018529.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018530.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018531.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018532.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP56\A0018540.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018566.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018567.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018568.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018569.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018570.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018575.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018579.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018581.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018589.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018578.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018721.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018710.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018711.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018712.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018715.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018717.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018718.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018722.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018723.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018725.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018732.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018735.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018738.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018743.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018744.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018745.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018747.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018764.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018766.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018767.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018771.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018776.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018777.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018778.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018779.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018780.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018781.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018782.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018783.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018784.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018785.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018786.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018788.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018789.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018790.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018813.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018817.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018904.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018905.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018906.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018909.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018910.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018911.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018912.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018914.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018931.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018932.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018933.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018935.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018936.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019007.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019008.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019009.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019010.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019011.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019012.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019043.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019064.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019069.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019142.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019143.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0018934.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AD86CA3F-9290-47E7-872B-FF3AEF2F2257}\RP57\A0019148.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysmgr.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.

- Double-clique sur Navilog1.exe afin de lancer l'installation.

- Si le fix ne se lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le Bureau.

- Appuie sur F ou f  puis valide par Entrée.

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse.

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

Pwiincesse-224 · Answer

Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 28 décembre 2008  17:26

La recherche porte sur 1125477 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme :      Windows XP
Version de Windows :(Service Pack 3)  [5.1.2600]
Mode Boot :       Démarré normalement
Identifiant :     admin
Nom de l'ordinateur :ADMIN-6E7FABC7B

Informations de version :
BUILD.DAT     : 8.2.0.52       16931 Bytes  02/12/2008 14:55:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  18/11/2008 08:21:00
AVSCAN.DLL    : 8.1.4.1        49921 Bytes  21/07/2008 13:44:27
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:16
LUKERES.DLL   : 8.1.4.0        13057 Bytes  04/07/2008 07:30:27
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  27/10/2008 11:30:36
ANTIVIR1.VDF  : 7.1.1.33     1705984 Bytes  24/12/2008 16:22:20
ANTIVIR2.VDF  : 7.1.1.34        2048 Bytes  24/12/2008 16:22:20
ANTIVIR3.VDF  : 7.1.1.41      116736 Bytes  28/12/2008 16:22:21
Version du moteur: 8.2.0.45  
AEVDF.DLL     : 8.1.0.6       102772 Bytes  14/10/2008 10:05:56
AESCRIPT.DLL  : 8.1.1.19      336252 Bytes  28/12/2008 16:22:25
AESCN.DLL     : 8.1.1.5       123251 Bytes  07/11/2008 15:06:41
AERDL.DLL     : 8.1.1.3       438645 Bytes  04/11/2008 13:58:38
AEPACK.DLL    : 8.1.3.4       393591 Bytes  11/11/2008 09:41:39
AEOFFICE.DLL  : 8.1.0.33      196987 Bytes  28/12/2008 16:22:24
AEHEUR.DLL    : 8.1.0.75     1524087 Bytes  28/12/2008 16:22:24
AEHELP.DLL    : 8.1.2.0       119159 Bytes  28/12/2008 16:22:22
AEGEN.DLL     : 8.1.1.8       323956 Bytes  28/12/2008 16:22:22
AEEMU.DLL     : 8.1.0.9       393588 Bytes  14/10/2008 10:05:56
AECORE.DLL    : 8.1.5.2       172405 Bytes  28/12/2008 16:22:21
AEBB.DLL      : 8.1.0.3        53618 Bytes  14/10/2008 10:05:56
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:02
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:27:58
AVREP.DLL     : 8.0.0.2        98344 Bytes  31/07/2008 12:02:15
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:37
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:19
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:46
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:36
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:07
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  04/07/2008 07:23:16
RCTEXT.DLL    : 8.0.52.1       86273 Bytes  17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Disques durs locaux
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, 
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : dimanche 28 décembre 2008  17:26

La recherche d'objets cachés commence.
'32653' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'usnsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CamTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'QTTask.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'soundman.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ashDisp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ashServ.exe' - '1' module(s) sont contrôlés
Processus de recherche 'aswUpdSv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'32' processus ont été contrôlés avec '32' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
    [INFO]      Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
    [INFO]      Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
C:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
    [RESULTAT]  Contient le cheval de Troie TR/PSW.ZGG.3
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49bea9ba.qua' !

Le registre a été contrôlé ( '48' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\hehe.rar
    [0] Type d'archive: RAR
    --> hehe.exe
      [RESULTAT]  Contient le modèle de détection du dropper DR/Delphi.Gen
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49bfa9c0.qua' !
C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\WINDOWS\pic0382.zip
    [0] Type d'archive: ZIP
    --> PICT00101.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49baacdc.qua' !
C:\WINDOWS\PICT00003.zip
    [0] Type d'archive: ZIP
    --> PICT00125.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aacc2.qua' !
C:\WINDOWS\PICT00004.zip
    [0] Type d'archive: ZIP
    --> PICT00022.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aacc7.qua' !
C:\WINDOWS\PICT00006.zip
    [0] Type d'archive: ZIP
    --> PICT00022.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aaccc.qua' !
C:\WINDOWS\PICT00008.zip
    [0] Type d'archive: ZIP
    --> PICT00035.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aaccf.qua' !
C:\WINDOWS\PICT00017.zip
    [0] Type d'archive: ZIP
    --> PICT00101.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aacd4.qua' !
C:\WINDOWS\PICT00034.zip
    [0] Type d'archive: ZIP
    --> PICT00016.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aacd7.qua' !
C:\WINDOWS\PICT00101.zip
    [0] Type d'archive: ZIP
    --> PICT00134.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aacdc.qua' !
C:\WINDOWS\PICT00120.zip
    [0] Type d'archive: ZIP
    --> PICT00004.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aace0.qua' !
C:\WINDOWS\PICT00131.zip
    [0] Type d'archive: ZIP
    --> PICT00027.JPG.scr
      [RESULTAT]  Contient le cheval de Troie TR/AntiAV.aaf
    [RESULTAT]  Le fichier contient un programme exécutable. Cependant, celui-ci se dissimule sous une extension de fichier inoffensive (HIDDENEXT/Worm.Gen)
    [REMARQUE]  Le résultat positif a été classé comme suspect.
    [REMARQUE]  Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '499aace4.qua' !


Fin de la recherche : dimanche 28 décembre 2008  17:53
Temps nécessaire: 26:50 Minute(s)

La recherche a été effectuée intégralement

   3881 Les répertoires ont été contrôlés
 151765 Des fichiers ont été contrôlés
      2 Des virus ou programmes indésirables ont été trouvés
     20 Des fichiers ont été classés comme suspects
      0 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
     12 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
      2 Impossible de contrôler des fichiers
 151741 Fichiers non infectés
    796 Les archives ont été contrôlées
      2 Avertissements
     12 Consignes
  32653 Des objets ont été contrôlés lors du Rootkitscan
      0 Des objets cachés ont été trouvés

Pwiincesse-224 · Answer

Search Navipromo version 3.7.0 commencé le 28/12/2008 à 18:01:11,09

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP )
BIOS : Version 1.00
USER : admin ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 000000-0] 4.8.1296 (Not Activated)


C:\ (Local Disk) - NTFS - Total:76 Go (Free:65 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\admin\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\FASHI0~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\admin\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\FASHI0~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\admin\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\FASHI0~1\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\admin\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\FASHI0~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\admin\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\FASHI0~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 28/12/2008 à 18:06:22,23 ***

Destrio5 · Answer

---> Relance Navilog1, fais l'option 2 et poste le rapport.

Pwiincesse-224 · Answer

Clean Navipromo version 3.7.0 commencé le 28/12/2008 à 18:09:19,17

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP )
BIOS : Version 1.00
USER : admin ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 000000-0] 4.8.1296 (Not Activated)


C:\ (Local Disk) - NTFS - Total:76 Go (Free:65 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\admin\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\FASHI0~1\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\admin\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\FASHI0~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\admin\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\FASHI0~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\admin\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\FASHI0~1\menudm~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\admin\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\admin\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\FASHI0~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 28/12/2008 à 18:13:06,17 ***

Destrio5 · Answer

1/

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Désinstalle Navilog1.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Logiciel qui s'installe tout seul !

67 réponses

Discussions similaires

Newsletters