Sujet Précédent Sujet Suivant

PC infecté

Résolu/Fermé
Ant - 23 juil. 2009 à 12:53
 Utilisateur anonyme - 27 juil. 2009 à 23:17
Bonjour à tous.
Voilà, j'ai récemment été infecté par le logiciel-espion "XP Deluxe Protector" qui consiste à vous faire croire qu'il peut nettoie votre PC de tous virus et vous pousse à l'achat de la version complète en ouvrant de nombreuses fenêtres toutes les 1 à 2 minutes sans que l'on puisse quitter l'application. Bref. J'ai finalement réussi à me débarrasser de ce logiciel grâce à diverses recherches sur internet. Cependant, mon PC est depuis infecté.

En effet, j'ai pu relever de nombreux bugs, plantages... Premièrement, j'ai de nombreux processus svchost.exe dont beaucoup occupe une part considérable de mon processeur. Ceci est accompagné d'un message d'erreur svchost.exe dont je vous fournirais une capture d'écran dès que celui-ci réapparait. De plus, j'ai un nombre important de pubs qui s'affichent de manière récurrente. A cela, s'ajoute les plantages de nombreuses applications (jeux, internet, messenger...). Et, au bout d'un moment, le son ne fonctionne plus et je dois donc redémarrer...
Alors, j'ai tenter bien entendu de faire une restauration du système mais ceci est impossible: je ne peux ni restaurer mon ordinateur à partir d'un ancien point de restauration ni en créer un nouveau. De même, je ne peux procéder à une défragmentation du disque.

Vous pensez bien que tout ceci est assez gênant c'est pour cela que je fais appelle à vous et à votre aide qui me serait précieuse.
Merci d'avoir pris la peine de lire et merci à ceux qui pourront m'aider.
Bonne journée.
A voir également:

30 réponses

  • 1
  • 2
Réponse 1 / 30
Utilisateur anonyme
23 juil. 2009 à 14:55
Bonjour,
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur RSIT.exe pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : Disclaimer of warranty .

* Devant l'option List files/folders created ... , tu choisis : 2 months

* clique ensuite sur Continue pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de log.txt (c'est celui qui apparait à l'écran), ainsi que de info.txt (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
1
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
23 juil. 2009 à 15:26
Je suis toujours "Ant", l'auteur de ce topic mais je suis maintenant inscrit sur CCM, d'où le pseudo "Gaboule". Je t'envoi les résultats de l'analyse par MP. Merci à toi
0
Utilisateur anonyme > Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
23 juil. 2009 à 15:29
je ne t'ai jamais dit de les mettre en mp
poste les ici stp
0
Réponse 2 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
24 juil. 2009 à 00:17
Ok donc voici le rapport du fichier log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-07-23 15:15:52
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 31 GB (20%) free of 153 GB
Total RAM: 1014 MB (24% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5025BCF0-771F-4997-8BA3-659D89393348}.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFre1.dll [2009-07-16 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3113c6d7-d1bf-4096-94fe-5df265ac881d}]
VMware Class - C:\WINDOWS\system32\gdi32lib.dll [2009-07-18 29184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
XML Class - C:\WINDOWS\system32\msxml71.dll [2009-07-18 141828]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-14 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-19 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFre1.dll [2009-07-16 2215960]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-19 148888]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"au"=C:\Program Files\Dealio\DealioAU.exe [2008-05-26 595296]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-06-12 17887232]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-07-20 1107848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"exec"=C:\WINDOWS\system32\mstgiafa.exe [2008-04-14 128512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-14 39408]
"Widget LEquipe.fr"=C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe [2009-04-15 435728]
"oqwssye"=c:\documents and settings\propriétaire\local settings\application data\oqwssye.exe [2009-07-16 255488]
"Cognac"=C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\b.exe [2009-07-18 161280]
"xpprotect"=C:\Documents and Settings\Propriétaire\XP Deluxe Protector\xpdeluxe.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-30 1829712]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage
Alertes uefa.com.lnk - C:\Documents and Settings\Propriétaire\Local Settings\Temp\Rar$EX10.985\uefa-alerts.exe
Notification de cadeaux MSN.lnk - C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\43922031838mmx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Zattoo\zattood.exe"="C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Cyanide\[Demo] Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe"="C:\Program Files\Cyanide\[Demo] Pro Cycling Manager - Season 2008\Autorun\Exe\Autorun.exe:*:Enabled:[Demo] Pro Cycling Manager - Season 2008 - AutoRun"
"C:\Program Files\Cyanide\[Demo] Pro Cycling Manager - Season 2008\PCMDemo.exe"="C:\Program Files\Cyanide\[Demo] Pro Cycling Manager - Season 2008\PCMDemo.exe:*:Enabled:pcm"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Ubisoft\XIII\system\XIII.exe"="C:\Program Files\Ubisoft\XIII\system\XIII.exe:*:Enabled:XIII"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\WINDOWS\fonts\services.exe"="C:\WINDOWS\fonts\services.exe:*:Enabled:services.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======File associations======

.exe - open - C:\WINDOWS\system32\mstqsqc.exe "%1" %*
.bat - open - C:\WINDOWS\system32\mstqsqc.exe "%1" %*
.bat - edit -
.com - open - C:\WINDOWS\system32\mstqsqc.exe "%1" %*

======List of files/folders created in the last 2 months======

2009-07-23 15:15:52 ----D---- C:\rsit
2009-07-23 15:15:52 ----D---- C:\Program Files\trend micro
2009-07-22 00:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\{dd9a9e7625afb6d9307f2cd8e4c1abd8}
2009-07-22 00:06:14 ----D---- C:\Program Files\Slayers Online
2009-07-21 12:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-07-20 21:11:23 ----D---- C:\Program Files\Spyware Doctor
2009-07-20 21:11:23 ----D---- C:\Documents and Settings\Propriétaire\Application Data\PC Tools
2009-07-19 22:29:55 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Windows Search
2009-07-19 22:29:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-19 22:29:10 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-07-19 22:29:10 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Windows Desktop Search
2009-07-19 22:28:49 ----D---- C:\Program Files\Windows Desktop Search
2009-07-19 22:28:48 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-07-19 22:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-07-19 22:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-19 22:27:32 ----D---- C:\WINDOWS\system32\URTTEMP
2009-07-19 22:22:20 ----H---- C:\WINDOWS\system32\msymfaup.exe
2009-07-19 22:22:20 ----H---- C:\WINDOWS\system32\msnqyuc.exe
2009-07-19 22:20:23 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-19 22:01:42 ----H---- C:\WINDOWS\system32\msxexlg.exe
2009-07-19 22:01:42 ----H---- C:\WINDOWS\system32\mschtal.exe
2009-07-19 16:26:40 ----A---- C:\WINDOWS\system32\tasklist.exe
2009-07-19 15:17:28 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-19 14:57:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-19 14:29:58 ----D---- C:\Program Files\Lopxp
2009-07-18 18:10:21 ----D---- C:\WINDOWS\Minidump
2009-07-18 18:08:30 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-07-18 18:08:29 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-18 18:08:29 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-18 16:37:42 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Desktopicon
2009-07-18 16:37:41 ----D---- C:\Program Files\Unlocker
2009-07-18 15:45:37 ----D---- C:\Program Files\Enigma Software Group
2009-07-18 15:13:04 ----A---- C:\WINDOWS\Freecorder Toolbar Uninstall Log.txt
2009-07-18 14:43:57 ----A---- C:\WINDOWS\msb.exe
2009-07-18 13:06:18 ----A---- C:\WINDOWS\system32\gdi32lib.dll
2009-07-18 13:05:15 ----A---- C:\WINDOWS\msa.exe
2009-07-18 13:05:02 ----A---- C:\WINDOWS\system32\msxml71.dll
2009-07-18 13:04:42 ----A---- C:\WINDOWS\system32\mobsyn.exe
2009-07-16 01:20:01 ----D---- C:\Program Files\Lavalys
2009-07-16 01:14:39 ----D---- C:\Program Files\Driver-Soft
2009-07-15 23:22:24 ----A---- C:\WINDOWS\IsUn040c.exe
2009-07-15 20:41:40 ----D---- C:\Program Files\Ubisoft
2009-07-13 22:34:22 ----D---- C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2009-07-13 22:34:08 ----D---- C:\Program Files\BitTorrent
2009-07-10 19:42:41 ----D---- C:\Documents and Settings\Propriétaire\Application Data\CyberLink
2009-07-10 19:42:36 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-07-06 21:23:34 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Pro Cycling Manager 2008 - Demo
2009-07-06 20:13:50 ----A---- C:\WINDOWS\system32\appdrvrem01.exe
2009-07-06 18:09:18 ----D---- C:\Program Files\Cyanide
2009-07-02 21:10:13 ----D---- C:\WINDOWS\system32\Adobe
2009-06-29 14:50:06 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-06-17 20:56:27 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-16 16:10:56 ----D---- C:\Program Files\VirtualDJ
2009-06-01 22:34:44 ----D---- C:\Program Files\Aimersoft
2009-06-01 22:31:40 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Broad Intelligence
2009-06-01 22:31:15 ----D---- C:\Program Files\MediaCoder
2009-05-31 11:11:11 ----A---- C:\WINDOWS\system32\muweb.dll
2009-05-31 11:11:11 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-05-31 11:11:11 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-05-30 15:47:29 ----D---- C:\Program Files\Microsoft Sync Framework
2009-05-30 15:46:45 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

======List of files/folders modified in the last 2 months======

2009-07-23 15:15:54 ----D---- C:\WINDOWS\system32
2009-07-23 15:15:52 ----RD---- C:\Program Files
2009-07-23 15:02:11 ----D---- C:\WINDOWS\Prefetch
2009-07-23 15:02:09 ----D---- C:\Program Files\Mozilla Firefox
2009-07-23 15:02:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-23 15:00:01 ----SD---- C:\WINDOWS\Tasks
2009-07-23 14:38:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-23 14:14:47 ----D---- C:\WINDOWS\Temp
2009-07-23 11:36:15 ----D---- C:\WINDOWS
2009-07-23 11:33:30 ----D---- C:\WINDOWS\system32\drivers
2009-07-23 02:53:04 ----SHD---- C:\WINDOWS\Installer
2009-07-23 02:42:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-23 01:07:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 18:42:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-21 13:47:50 ----D---- C:\Program Files\Everest Poker
2009-07-21 12:26:06 ----HD---- C:\WINDOWS\inf
2009-07-21 12:25:49 ----D---- C:\WINDOWS\Registration
2009-07-19 23:40:38 ----D---- C:\WINDOWS\WinSxS
2009-07-19 22:35:15 ----D---- C:\WINDOWS\security
2009-07-19 22:29:20 ----A---- C:\WINDOWS\imsins.BAK
2009-07-19 22:29:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-19 22:29:19 ----D---- C:\Program Files\Internet Explorer
2009-07-19 22:29:18 ----D---- C:\WINDOWS\ie8updates
2009-07-19 22:28:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-19 22:28:50 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-19 22:28:48 ----D---- C:\WINDOWS\system32\wbem
2009-07-19 22:28:26 ----RSD---- C:\WINDOWS\assembly
2009-07-19 15:46:48 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-19 15:17:17 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-19 15:17:17 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-19 15:17:17 ----A---- C:\WINDOWS\system32\java.exe
2009-07-19 15:17:14 ----D---- C:\Program Files\Java
2009-07-18 21:06:58 ----D---- C:\Program Files\Free Easy Burner
2009-07-18 16:30:46 ----D---- C:\Program Files\Fichiers communs
2009-07-18 15:10:07 ----SHD---- C:\System Volume Information
2009-07-18 15:10:07 ----D---- C:\WINDOWS\system32\Restore
2009-07-18 13:05:46 ----RSD---- C:\WINDOWS\Fonts
2009-07-18 12:56:23 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-18 02:30:41 ----D---- C:\Temp
2009-07-16 01:32:54 ----D---- C:\WINDOWS\system32\RTCOM
2009-07-16 01:32:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-15 20:41:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-15 02:17:17 ----D---- C:\Documents and Settings\Propriétaire\Application Data\dvdcss
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 18:13:23 ----D---- C:\WINDOWS\system32\DirectX
2009-07-02 21:10:24 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Adobe
2009-07-02 21:10:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-01 17:05:19 ----SD---- C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2009-06-17 07:44:42 ----D---- C:\WINDOWS\system32\UEFA 2008 (fr) dir
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 16:40:01 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-12 18:19:59 ----D---- C:\Program Files\Frets on Fire
2009-06-12 11:10:46 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-06-09 16:28:36 ----D---- C:\Documents and Settings\Propriétaire\Application Data\DivX
2009-06-09 14:43:08 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-06-03 21:10:33 ----A---- C:\WINDOWS\system32\quartz.dll
2009-06-03 14:02:24 ----A---- C:\WINDOWS\RtlUpd.exe
2009-06-02 08:01:07 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-30 15:48:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-30 15:47:59 ----D---- C:\Program Files\Windows Live
2009-05-29 21:11:23 ----D---- C:\Program Files\SopCast
2009-05-25 00:24:06 ----A---- C:\WINDOWS\system32\mssph.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2009-07-06 2915944]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-03 75096]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-16 5095936]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-09-07 21920]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
S3 ale4mzuh;ale4mzuh; C:\WINDOWS\system32\drivers\ale4mzuh.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbewt;usbewt; \??\C:\WINDOWS\system32\usbewt.sys []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mc24.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-19 152984]
R2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-18 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-07-20 337800]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-20 1017224]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2008-04-14 97792]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 6to4;6to4; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2009-07-06 304528]
S2 gupdate1c9bd22bd8a8c62;Service Google Update (gupdate1c9bd22bd8a8c62); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 183280]
S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
0
Utilisateur anonyme
24 juil. 2009 à 14:13
Bonjour Gaboule
Il m'aurai fallu le deuxième rapport
Il y a des infections

Désactiver l'anti-virus pour que l'outil puisse bien s'exécuter normalement
Désactiver le TeaTimer de Spybot (Merci à Nico):
Pour désactiver le TeaTimer :
=> Ouvrir Spybot S&D
=> Dans le menu "Mode", séléctionner le mode avancé.
=> Une fenêtre demande confirmation cliquer sur "oui".
=> Une fois le mode avancé actif, ouvrir l'onglet "Outils".
=> Cliquer sur Résident.
=> La partie Résident comporte deux lignes qui sont normalement cochées :
*Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.
* Résident "TeaTimer" (Protection des réglages système fondamentaux) actif
=> Décocher la ligne TeaTimer.
=> Redémarrer Spybot (le fermer et le réouvrir)
=> Retourner dans le menu Résident et vérifier qu'il soit bien désactivé.

Télécharge Toolbar-S&D (Eric_71, Angeldark, Sham_Rock et XmichouX) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis valide avec la touche "Entrée".
* Choisis l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 3 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
24 juil. 2009 à 21:22
Merci pour ta réponse voici le rapport:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Default System BIOS
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:33 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 24/07/2009|21:16 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127\temp\ws-14446.log
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127\temp\ws-14447.log
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127\temp\ws-14448.log
C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127\temp\ws-14449.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp

-----------\\ Extensions

(Propri‚taire) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Propri‚taire) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer
(Propri‚taire) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye.dat
C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye_nav.dat
C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye_navps.dat
[b]==> EGDACCESS <==/b


1 - "C:\ToolBar SD\TB_1.txt" - 24/07/2009|21:20 - Option : [1]

-----------\\ Fin du rapport a 21:20:11,18
0
Utilisateur anonyme
24 juil. 2009 à 21:25
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
*** Ne ferme pas la fenêtre lors de la suppression ***
Un rapport sera créé, poste son contenu ici.

Puis tu me reposte un nouveau rapport RSIT, car j'ai vu une autre infection à traiter
0
Réponse 4 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
24 juil. 2009 à 21:39
Ok donc voici le rapport créer par Toolbar-S&D:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Default System BIOS
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:33 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 24/07/2009|21:33 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar
Supprime! - C:\DOCUME~1\PROPRI~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Propri‚taire) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Propri‚taire) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer
(Propri‚taire) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye.dat
C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye_nav.dat
C:\DOCUME~1\PROPRI~1\LOCALS~1\APPLIC~1\oqwssye_navps.dat
[b]==> EGDACCESS <==/b



1 - "C:\ToolBar SD\TB_1.txt" - 24/07/2009|21:20 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 24/07/2009|21:37 - Option : [2]

-----------\\ Fin du rapport a 21:37:19,35
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
24 juil. 2009 à 21:41
Et voici le rapport log.txt de RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-07-24 21:32:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 34 GB (22%) free of 153 GB
Total RAM: 1014 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:05, on 23/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\fonts\services.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\b.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msb.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\propriétaire\local settings\application data\oqwssye.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\fonts\services.exe
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Propriétaire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.fcnantes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
R3 - URLSearchHook: (no name) - E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\msjptjuo.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\mswykg.exe
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O2 - BHO: VMware Class - {3113c6d7-d1bf-4096-94fe-5df265ac881d} - C:\WINDOWS\system32\gdi32lib.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Widget LEquipe.fr] "C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe" /winstartup
O4 - HKCU\..\Run: [oqwssye] "c:\documents and settings\propriétaire\local settings\application data\oqwssye.exe" oqwssye
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [xpprotect] C:\Documents and Settings\Propriétaire\XP Deluxe Protector\xpdeluxe.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mstgiafa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alertes uefa.com.lnk = ?
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Propriétaire\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: leq - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - AppInit_DLLs: ,C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\43922031838mmx.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Service Google Update (gupdate1c9bd22bd8a8c62) (gupdate1c9bd22bd8a8c62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sopidkc Service (sopidkc) - CoreCodec, In - C:\WINDOWS\system32\sopidkc.exe
0
Utilisateur anonyme
24 juil. 2009 à 21:48
Tu as fait le rapport RSIT avant toolbar SD
Ton PC a d'autres infections
Tu as une infection Magic Control/EGD ACCESS. Je te donne la liste des programmes qui installent cette infection, et qu'il faut éviter:
* go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* [b]Instant Access[/b] qui est présent sur ton PC
* InternetGameBox
* Officiale Emule (Version d'Emule modifiée)
* Original Solitaire
* Super Sex Player
* Speed Downloading
* Sudoplanet
* Webmediaplayer

Télécharge Navilog [ http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe ] Désactiver l'anti-virus pour que l'outil puisse bien s'exécuter normalement
Une fois Navilog téléchargé, enregistrer la cible ( du lien ) sous... et l'enregistrer sur le bureau,
clic droit sur navilog.zip, et clic sur "tout extraire", double-clic sur Navilog.exe pour lancer
l'installation. Clic droit sur le raccourci de Navilog 1 et clic sur "exécuter en tant qu'administrateur
Au menu principal, faire le choix 1, puis entrée. Appuyer sur une touche, le bloc-note va s'ouvrir,
coller le rapport, fermer le bloc-note. Le rapport fixnavi.txt est sauvegardé dans la racine C du disque dur
0
Réponse 6 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
24 juil. 2009 à 22:29
Je n'ai pas eu de rapport fixnavi.txt mais un rapport cleanavi.txt enfin je le poste tout de même:

Fix Navipromo version 4.0.1 commencé le 24/07/2009 22:13:34,37

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Default System BIOS
USER : Propriétaire ( Administrator )
BOOT : Fail-safe boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)


C:\ (Local Disk) - NTFS - Total:149 Go (Free:33 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)


Recherche executée en mode sans échec

Nettoyage executé en mode sans échec


C:\Documents and Settings\Propri‚taire\locals~1\applic~1\oqwssye.exe supprimé !
C:\Documents and Settings\Propri‚taire\locals~1\applic~1\oqwssye.dat supprimé !
C:\Documents and Settings\Propri‚taire\locals~1\applic~1\oqwssye_nav.dat supprimé !
C:\Documents and Settings\Propri‚taire\locals~1\applic~1\oqwssye_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Propri‚taire\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok





*** Scan terminé 24/07/2009 22:20:36,76 ***
0
Utilisateur anonyme
24 juil. 2009 à 22:47
Fait moi un nouveau rapport RSIT, et poste moi les 2 rapports
0
Réponse 7 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
24 juil. 2009 à 23:29
Rapport log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-07-24 23:29:53
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 34 GB (22%) free of 153 GB
Total RAM: 1014 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:57, on 24/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\fonts\services.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Nosibay\Widget LEquipe.fr\Widget LEquipe.fr.exe
C:\WINDOWS\fonts\services.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\WINDOWS\system32\msehwss.exe
C:\Program Files\trend micro\Propriétaire.exe
C:\WINDOWS\fonts\services.exe
C:\WINDOWS\fonts\services.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\msohtw.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msspjkj.exe
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: VMware Class - {3113c6d7-d1bf-4096-94fe-5df265ac881d} - C:\WINDOWS\system32\gdi32lib.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Widget LEquipe.fr] "C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe" /winstartup
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msdgwuse.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: leq - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - AppInit_DLLs: ,C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\43922031838mmx.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Service Google Update (gupdate1c9bd22bd8a8c62) (gupdate1c9bd22bd8a8c62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)
0
Réponse 8 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
24 juil. 2009 à 23:31
Le rapport info.txt ne s'est pas affiché, je ne comprend pas pourquoi... ?
0
Utilisateur anonyme
24 juil. 2009 à 23:35
il y a encore des infections, certaines ont disparu
Les toolbars c'est pas obligatoire, tu avais des toolbars néfastes
On va essayer ceci, et on verra après

télécharges malwarebytes' anti-malware
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
L'enregistrer sur le bureau
Double-clic sur l'icône "Download_mbam-setup.exe" pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepter
Il va se mettre à jour une fois faite
Se rendre dans l'onglet "recherche"
Sélectionner "exécuter un examen complet"
Cliquer sur "rechercher"
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Cliquer sur "afficher les résultats" pour afficher les objets trouvés
Cliquer sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur "afficher les résultats"
Sélectionner tout (ou laisser coché)
Cliquer sur "supprimer la sélection"
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarrer le PC
Une fois redémarré, double-cliquer sur Malewarebytes
Se rendre dans l'onglet rapport/log
Cliquer dessus pour l'afficher une fois affiché, cliquer sur "édition" en haut du
bloc-note puis sur "sélectionner tout"
Recliquer sur "édition", puis sur "copier" et revenir sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
0
Réponse 9 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
25 juil. 2009 à 00:42
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2494
Windows 5.1.2600 Service Pack 3

25/07/2009 00:27:33
mbam-log-2009-07-25 (00-27-32).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 231496
Temps écoulé: 34 minute(s), 38 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 13
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1416

Processus mémoire infecté(s):
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
\\?\globalroot\systemroot\system32\geyekruyybimlo.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3113c6d7-d1bf-4096-94fe-5df265ac881d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3113c6d7-d1bf-4096-94fe-5df265ac881d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vmwareapp.vmware (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vmwareapp.vmware.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b360243e-09e8-402f-8721-00b6798089ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3113c6d7-d1bf-4096-94fe-5df265ac881d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Dropper) -> Data: c:\windows\system32\msdrmhsp.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Dropper) -> Data: system32\msdrmhsp.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Dropper) -> Data: c:\windows\system32\msobjik.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run (Trojan.Dropper) -> Data: system32\msobjik.exe -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
\\?\globalroot\systemroot\system32\geyekruyybimlo.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mseyitwm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\2HEBM2RY\RecordTheRadio Setup[1].exe (Adware.Navipromo) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\cooecp.tlb (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\logcde.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\windef.Log (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\winpaged.ocx (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscdunim.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscgrc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscimu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscnhwsr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscnmm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscpdhs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscqjgpe.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscvaqze.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscvos.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscvsxfe.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscwlrb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscwoh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mscxcvcs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdafvq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdbbdc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdcqhii.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdcv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msddu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdgwuse.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdiaxpq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdpchmo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdrmhsp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdsbmy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdsbv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdwivmd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdwzw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msdxbr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msecdll.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msecek.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseda.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msedj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msehor.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msehwss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mselp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msenywzu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mseopt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msesvuw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msewkirh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msexb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msezjh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfamq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfbfl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfcctk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfclrxp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfcoi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msffjgiz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfhlsp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfiqo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfktr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msflzk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfpf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfpua.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfpxcbq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfscse.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfsjtir.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfwaz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfwh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfxkayc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfzo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msfzpsn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgbk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgbxhu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgeld.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msggpgjd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msglqvlw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgoz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgprs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgqff.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgrjl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgrkyy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgtoqr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgue.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgwdnsl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgwi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msgxyho.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshcgxqn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshcjh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msheut.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshgv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshhbau.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshkkczn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshlmvkb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshmj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshoa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msholicw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshrn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshuw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshvx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshypd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshzoxgr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msidxkj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiebrup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msifonz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiiwyi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msijjqeu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msimsqf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msimucr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msinno.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msipzl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msirm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msiuy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msixf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjdz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjextw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjikbq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjkkw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjnfi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjnho.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjovh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjtxh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjutw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjwodsq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjxbv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msjxzwe.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskcct.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskdbga.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskdera.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskdmvoo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskfhkb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskmsbmx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskoyuvv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskqcdus.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskqd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskqj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msksz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskudsvl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskwvol.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mskzxww.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslahiu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslajh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslccwfk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslcd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslcttb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msljlu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslpfcil.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslquad.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslrzeg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msltiatq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslukgf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msluv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslwux.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslxyh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mslzgcc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmdnzk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmjenn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmjwza.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmqj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmqtzh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmsqarq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmuqkd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmwcf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmwyu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmxc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msmzlb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msncnkb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msngv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnhdw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnjjx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnksscm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnlumt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnmx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnnlwd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnnq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnqjbt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnra.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnudoe.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnumvq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnvmjru.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnxi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnyaa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnyioa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnzzlr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoaxw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msobfmte.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msobjik.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msobldq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msobnjm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msochn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msodwpkt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoehtxz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msofi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msofim.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msogdf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msohcc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msohj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msohtjx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msohtw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msohv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msohx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msojhzh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msokgj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msomno.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msoondqe.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msopimd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msorqo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msotl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msovgl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msovnxle.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msozl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspcd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msple.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspllb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msploto.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msplz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspmd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspmen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspmib.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspmjq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspmjth.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspmlku.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspmwh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspnav.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspnb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspnht.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspnj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspnzq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspoasc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspovmpt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspoz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msppea.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspplc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msppnne.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msppnoae.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msppo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspppwp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspqg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspqnm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspqw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprdiif.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprnsoq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprpgta.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprsp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspscm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspseqf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspsnhzs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspswrie.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspsxpom.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspszgf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msptdy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msptk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msptxckf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspubah.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspuha.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspum.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspuoms.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspuqj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspurxga.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspusz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspuz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvaat.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvbh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvdgh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvgeue.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvhhh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvjuk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvlfy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspvzdji.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspwcxr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspwelz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspwsezh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspwyar.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspwzlt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspxk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspxp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspxung.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspxvcir.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspygqd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspyl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspyne.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspyss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspyw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspzdc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspzgi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspzkvkk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspzq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mspzyvnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqah.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqanehq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqar.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqaucc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqbfr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqbg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqbgpg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqbm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqbqks.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqbze.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqce.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqcqaso.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdaazi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdfgx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdrc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdxkgx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdxq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdyzef.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdziv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqdzlc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqei.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqejfgk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqeqvm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqeu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqfh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqfrrty.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqfwcjs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqfwj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqgk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqglgqj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqhc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqhfnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqhzzui.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqic.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqido.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqifa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqikjl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqiv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqjpzz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqjqh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqjy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqkds.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqkhrif.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqkhrmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqklw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqko.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqlfx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqlkmsi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqls.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmarb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmcqtn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmdk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmdyv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmrafh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmxvx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqmzyv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqnepsr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqnjarc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqnuvi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqolnd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqoml.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqoonmy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqoqjfq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqoryof.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqout.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqow.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqpebn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqpmqb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqpoiu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqemuk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqewvx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqfje.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqqskci.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqrat.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqrgxp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqrqx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqrup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqrvg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqrxwz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqsj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqsjqg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqswjl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqtbnk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqtgf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msquf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msquknvq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msquoxmz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqvdde.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqvfups.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqvqnti.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqvsj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqvt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqvz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqwcg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqwpx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqwu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqwvwwn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqww.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqxksgn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqxvcrk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqyacda.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqykmt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqyngu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqyo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqyzaq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqzdd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqzn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqztwm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msqzvgco.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msraf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrakth.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msral.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrayqzm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrbfl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrbhgnr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrbxp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrcn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrcw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrdh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrdu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msree.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrejsc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msreusc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrexoxy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrfbl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrfe.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrfm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrfuhib.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrfwlxq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrgyr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhjnes.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhnlu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhqz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhvr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhwie.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhwoba.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrhx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrih.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrihu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrii.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrio.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrip.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjiw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjjdt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjmic.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjpst.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjsr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrjytl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrkmmag.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrkprs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrkywk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrkz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrldjeu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrlijp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrlvmk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrlzn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrmb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrmbs.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrmhoj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrmutr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrnkai.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrnmile.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrnpxdu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrnwhzk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msroa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrobtb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrobw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrocel.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrodlje.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msroduu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msroep.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrog.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrpc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrpddc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrpmfm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrprfz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrpv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrqbxl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrqmzbv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrqnfd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrqqpq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrqv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrqzvhv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrrlo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrrpu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrrpy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrsd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrsfu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrsk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrstowh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrsyatz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrtdx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrthy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrtimem.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrtnl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrtsbg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrtuur.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msruada.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msruboji.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrunq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msruprgh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrvt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrwdat.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrwecx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrwmn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrwredp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxaw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxirbf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxjjj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxnaa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrxz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msryfrjc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msryicxy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msryjtdi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msryv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msryvugv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msryyf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrzljkr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msrzsb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssacrnj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssage.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssazds.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssbbas.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssbcp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssbdeyy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssbzdsf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msschlw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msscik.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msscls.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msscm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msscvl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssdlk.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssdp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssdxiyb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssefxv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msseixw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msseyr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssfd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssff.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssfkiv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssfvnq.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssfwf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssghi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssgic.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssgm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssgop.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssgqhx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssgssl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssgutkr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssgxu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshdy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshjmbu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshloxm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshlx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshmvvw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshook.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshpfn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshplf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msshzsrb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssid.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssihp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssixgsa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssjb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssjwwow.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssjxt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssjy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssjzbb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msskhrqz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssksvy.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssktfi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msskwiee.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslka.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssllkf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssllwpx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslmg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssln.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslqlt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslqto.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslvlz.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msslxx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssmllw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssmmchw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssnbbhd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssnru.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssnw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssoqt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msspjkj.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssprqml.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssqej.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssqh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssqhl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssqi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssqt.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssqvna.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssrecyv.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssrg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mssrgsoh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\
0
Utilisateur anonyme
25 juil. 2009 à 11:20
Bonjour
ouah ton pc est très infecté,
continuons
Ton PC a aussi une infection LOP/Swizzor:
Evite ces programmes qui installent cette infection:
● Le sponsor de Messenger Plus!
● Bittorent
● BitDownload
● BitGrabber
● NetPumper
● BitRoll
● TorrentQ
● Torrent101
On va traiter cette infection

Télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

Tu me postes le rapport

Ensuite

double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option "Suppression + Hosts"
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
Tu me postes le rapport

Ensuite,
Tu me posteras un nouveau rapport RSIT pour voir où on en ai

Surtout tu vides la quarantaine de malwarebytes
0
Réponse 10 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
25 juil. 2009 à 12:57
Bonjour, merci à toi une nouvelle fois. Dois-je désinstaller manuellement les programmes présents sur mon PC et qui sont présents dans cette liste de programmes à éviter?

Voci donc le rapport après la recherche Lop S&D.exe:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : Default System BIOS
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:31 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25/07/2009|12:39 )

--------------------\\ Listing des dossiers dans APPLIC~1

[24/07/2009|00:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[22/07/2009|00:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{dd9a9e7625afb6d9307f2cd8e4c1abd8}
[02/04/2009|10:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[10/07/2009|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[13/04/2009|23:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
[02/04/2009|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[29/06/2009|14:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[13/04/2009|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[25/07/2009|12:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[24/07/2009|00:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[02/04/2009|10:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[30/04/2009|23:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[19/07/2009|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/04/2009|00:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sports Interactive
[24/07/2009|02:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[25/07/2009|00:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[02/04/2009|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[18/05/2009|13:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/04/2009|17:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[10/04/2009|12:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[19/07/2009|00:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[19/07/2009|22:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[18/07/2009|16:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[18/07/2009|20:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[01/07/2009|17:05] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft


[02/07/2009|21:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[06/04/2009|02:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[16/07/2009|03:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\BitTorrent
[01/06/2009|22:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Broad Intelligence
[10/07/2009|19:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[13/04/2009|23:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\DAEMON Tools
[13/04/2009|23:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\DAEMON Tools Lite
[13/04/2009|23:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\DAEMON Tools Pro
[18/07/2009|16:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\Desktopicon
[09/06/2009|16:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
[15/07/2009|02:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[07/04/2009|13:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\FLV Extract
[02/05/2009|12:55] C:\DOCUME~1\PROPRI~1\APPLIC~1\fretsonfire
[14/04/2009|19:03] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[01/04/2009|17:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[16/04/2009|18:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[02/04/2009|10:16] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[01/07/2009|17:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[02/04/2009|18:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[30/04/2009|16:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nosibay
[02/04/2009|10:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\OpenOffice.org
[25/07/2009|00:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\Pro Cycling Manager 2008 - Demo
[03/04/2009|23:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Screaming Bee
[03/04/2009|20:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Scribus
[12/04/2009|15:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[14/04/2009|00:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sports Interactive
[02/04/2009|10:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[04/04/2009|15:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\vlc
[19/07/2009|22:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Windows Desktop Search
[19/07/2009|22:29] C:\DOCUME~1\PROPRI~1\APPLIC~1\Windows Search
[04/04/2009|15:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[24/07/2009 00:43][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[25/07/2009 02:20][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[25/07/2009 12:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[25/07/2009 12:33][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{5025BCF0-771F-4997-8BA3-659D89393348}.job
[25/07/2009 12:29][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[25/07/2009 12:28][--ah-----] C:\WINDOWS\tasks\SA.DAT
[14/04/2008 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[02/04/2009|10:14] C:\Program Files\Ahead
[01/06/2009|22:34] C:\Program Files\Aimersoft
[03/04/2009|23:32] C:\Program Files\AV Vcs 7.0 DIAMOND
[08/04/2009|11:50] C:\Program Files\AVG
[02/04/2009|10:36] C:\Program Files\Avira
[13/07/2009|22:34] C:\Program Files\BitTorrent
[24/07/2009|00:39] C:\Program Files\CCleaner
[01/04/2009|17:28] C:\Program Files\ComPlus Applications
[24/07/2009|01:04] C:\Program Files\Conduit
[06/07/2009|18:09] C:\Program Files\Cyanide
[02/04/2009|10:15] C:\Program Files\CyberLink
[14/04/2009|00:21] C:\Program Files\DAEMON Tools Lite
[02/04/2009|19:19] C:\Program Files\DivX
[16/07/2009|01:14] C:\Program Files\Driver-Soft
[12/04/2009|15:04] C:\Program Files\EA Sports
[14/04/2009|13:46] C:\Program Files\Eidos Interactive
[23/07/2009|23:54] C:\Program Files\eMule
[18/07/2009|15:45] C:\Program Files\Enigma Software Group
[13/04/2009|01:41] C:\Program Files\EPSON
[06/04/2009|01:31] C:\Program Files\Equipe
[24/07/2009|03:02] C:\Program Files\Everest Poker
[20/05/2009|16:07] C:\Program Files\ffdshow
[18/07/2009|16:30] C:\Program Files\Fichiers communs
[02/04/2009|10:14] C:\Program Files\Foxit Software
[23/07/2009|21:20] C:\Program Files\Free Easy Burner
[12/06/2009|18:19] C:\Program Files\Frets on Fire
[23/07/2009|23:57] C:\Program Files\GlobFX Technologies
[18/05/2009|13:24] C:\Program Files\Google
[03/04/2009|20:54] C:\Program Files\gs
[15/07/2009|20:41] C:\Program Files\InstallShield Installation Information
[01/04/2009|17:50] C:\Program Files\Intel
[23/07/2009|20:10] C:\Program Files\Internet Explorer
[19/07/2009|15:17] C:\Program Files\Java
[02/04/2009|10:16] C:\Program Files\JRE
[16/07/2009|01:20] C:\Program Files\Lavalys
[24/07/2009|00:42] C:\Program Files\Lavasoft
[19/07/2009|14:47] C:\Program Files\Lopxp
[25/07/2009|00:41] C:\Program Files\Malwarebytes' Anti-Malware
[01/06/2009|22:31] C:\Program Files\MediaCoder
[02/04/2009|10:17] C:\Program Files\Messenger
[23/07/2009|23:19] C:\Program Files\Messenger Plus! Live
[02/04/2009|20:02] C:\Program Files\Microsoft
[01/04/2009|17:30] C:\Program Files\microsoft frontpage
[02/06/2009|08:01] C:\Program Files\Microsoft Silverlight
[30/05/2009|15:46] C:\Program Files\Microsoft SQL Server Compact Edition
[30/05/2009|15:47] C:\Program Files\Microsoft Sync Framework
[04/04/2009|10:59] C:\Program Files\Movie Maker
[25/07/2009|12:32] C:\Program Files\Mozilla Firefox
[07/04/2009|14:09] C:\Program Files\MSBuild
[02/04/2009|19:47] C:\Program Files\MSN
[01/04/2009|17:27] C:\Program Files\MSN Gaming Zone
[11/04/2009|12:54] C:\Program Files\MSXML 4.0
[24/07/2009|22:20] C:\Program Files\Navilog1
[01/04/2009|17:28] C:\Program Files\NetMeeting
[30/04/2009|16:58] C:\Program Files\Nosibay
[01/04/2009|17:27] C:\Program Files\Online Services
[02/04/2009|10:15] C:\Program Files\OpenOffice.org 3
[04/04/2009|10:59] C:\Program Files\Outlook Express
[03/04/2009|23:14] C:\Program Files\PhotoFiltre
[02/04/2009|19:50] C:\Program Files\QuickZip4
[02/04/2009|10:28] C:\Program Files\Realtek
[07/04/2009|14:09] C:\Program Files\Reference Assemblies
[03/04/2009|23:44] C:\Program Files\Screaming Bee
[03/04/2009|20:48] C:\Program Files\Scribus 1.3.4
[01/04/2009|17:29] C:\Program Files\Services en ligne
[22/07/2009|13:34] C:\Program Files\Slayers Online
[04/04/2009|16:47] C:\Program Files\Snowball
[29/05/2009|21:11] C:\Program Files\SopCast
[14/04/2009|00:35] C:\Program Files\Sports Interactive
[25/07/2009|12:35] C:\Program Files\Spybot - Search & Destroy
[25/07/2009|12:28] C:\Program Files\Spyware Doctor
[02/04/2009|10:11] C:\Program Files\SuperCopier2
[24/07/2009|23:29] C:\Program Files\trend micro
[19/04/2009|18:00] C:\Program Files\TVAnts
[15/07/2009|20:41] C:\Program Files\Ubisoft
[01/04/2009|17:35] C:\Program Files\Uninstall Information
[18/07/2009|16:37] C:\Program Files\Unlocker
[04/04/2009|15:36] C:\Program Files\VideoLAN
[02/04/2009|22:02] C:\Program Files\VirginMega
[16/06/2009|16:11] C:\Program Files\VirtualDJ
[21/07/2009|12:26] C:\Program Files\Windows Desktop Search
[07/05/2009|23:54] C:\Program Files\Windows Journal Viewer
[30/05/2009|15:47] C:\Program Files\Windows Live
[05/07/2009|23:27] C:\Program Files\Windows Live Safety Center
[02/04/2009|20:02] C:\Program Files\Windows Live SkyDrive
[02/04/2009|19:01] C:\Program Files\Windows Media Connect 2
[02/04/2009|19:01] C:\Program Files\Windows Media Player
[01/04/2009|17:27] C:\Program Files\Windows NT
[01/04/2009|17:29] C:\Program Files\WindowsUpdate
[04/04/2009|15:21] C:\Program Files\WinRAR
[01/04/2009|17:30] C:\Program Files\xerox
[13/04/2009|23:39] C:\Program Files\Zero G Registry

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/04/2009|10:14] C:\Program Files\Fichiers communs\Ahead
[02/04/2009|19:19] C:\Program Files\Fichiers communs\DivX Shared
[02/04/2009|10:27] C:\Program Files\Fichiers communs\InstallShield
[02/04/2009|10:15] C:\Program Files\Fichiers communs\Java
[07/05/2009|23:54] C:\Program Files\Fichiers communs\Microsoft Shared
[01/04/2009|17:28] C:\Program Files\Fichiers communs\MSSoap
[30/04/2009|16:58] C:\Program Files\Fichiers communs\Nosibay
[01/04/2009|19:18] C:\Program Files\Fichiers communs\ODBC
[01/04/2009|17:28] C:\Program Files\Fichiers communs\Services
[01/04/2009|19:18] C:\Program Files\Fichiers communs\SpeechEngines
[01/04/2009|17:28] C:\Program Files\Fichiers communs\System
[02/04/2009|19:59] C:\Program Files\Fichiers communs\Windows Live

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 12:46:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections


[F:74][D:16]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:29][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:1776][D:11]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 25/07/2009|12:49 - Option : [1]

--------------------\\ Fin du rapport a 12:49:10
0
Réponse 11 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
25 juil. 2009 à 13:09
Mes postes ne s'affichent plus!

Est-ce du à la longueur du rapport?
0
Utilisateur anonyme
25 juil. 2009 à 15:06
As tu fait la seconde partie de LOP SD ?

héberge les rapports sur ci-joint.com, et donne moi les liens
0
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 2 230
25 juil. 2009 à 15:09
Bonjour

Problème de mot blacklisté.

Quand cela arrive, fais une alerte pour qu'on restaure.
0
Utilisateur anonyme > toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010
25 juil. 2009 à 15:11
il faut restaurer, je juste d'arriver, je n'étais pas au courant
Pardon toptitbal, je manque à tous mes devoirs bonjour
0
Réponse 12 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
25 juil. 2009 à 15:28
1er rapport fait ce midi: https://www.cjoint.com/?hzpljDDkvH
Et donc le rapport après la suppression fait à l'instant: https://www.cjoint.com/?hzpBUgDlWe
0
Utilisateur anonyme
25 juil. 2009 à 15:30
fait moi un nouveau rapport RSIT
0
Réponse 13 / 30
Utilisateur anonyme
25 juil. 2009 à 15:49
Dois-je désinstaller manuellement les programmes présents sur mon PC et qui sont présents dans cette liste de programmes à éviter?
Excuse moi, j'ai oublié de te répondre, on verra après
0
Réponse 14 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
25 juil. 2009 à 17:25
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-07-25 17:24:59
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 53 GB (35%) free of 153 GB
Total RAM: 1014 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:02, on 25/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Nosibay\Widget LEquipe.fr\Widget LEquipe.fr.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Program Files\trend micro\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\msuurei.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msgeld.exe
O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Widget LEquipe.fr] "C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe" /winstartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: leq - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - AppInit_DLLs: C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\43922031838mmx.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Service Google Update (gupdate1c9bd22bd8a8c62) (gupdate1c9bd22bd8a8c62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Utilisateur anonyme
25 juil. 2009 à 17:31
Attention, avant de commencer, lit attentivement la procédure, et imprime là

Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Place le sur le bureau et renomme le jacobin.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
---> Double-clique sur jacobin.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie...
Accepte en cliquant sur Oui
SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien tant que le scan n'est pas terminé

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 15 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
25 juil. 2009 à 17:45
Merci une nouvelle fois. Cependant, avant que je lance la procédure je voudrais savoir qu'est ce que tu appelles "console de récupération"?
0
Utilisateur anonyme
25 juil. 2009 à 17:49
C'est au cas où Combo Fix supprimerai un fichier légitime, et qu'on peut le restaurer avec la console de récupération, c'est pour cela qu'il faut l'installer, c'est un filet de sécurité
0
Réponse 16 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
25 juil. 2009 à 17:53
Ok merci.
Bon je ne serais pas sur le PC de la soirée, je ferais donc tout ça demain.
Merci encore une fois à demain!
0
Utilisateur anonyme
25 juil. 2009 à 17:57
D'accord à demain, car la désinfection n'est pas terminée
Bonne soirée
0
Réponse 17 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
26 juil. 2009 à 13:28
Bonjour! Voici donc le rapport après la procédure avec ComboFix:

ComboFix 09-07-25.04 - Propriétaire 26/07/2009 13:00.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.668 [GMT 2:00]
Running from: c:\documents and settings\Propriétaire\Bureau\jacobin.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\geyekrwniqclga.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\geyekrkypjnkdh.dll
c:\windows\system32\geyekrmpkkfhxd.dat
c:\windows\system32\geyekrspveockj.dat
c:\windows\system32\geyekruyybimlo.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrshgxmboe
-------\Legacy_6TO4
-------\Legacy_MSNCACHE
-------\Legacy_SOPIDKC
-------\Legacy_USBEWT
-------\Service_6to4
-------\Service_usbewt


((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 10:52 . 2009-07-26 10:54 -------- d-----w- C:\ComboFix
2009-07-25 10:38 . 2009-07-25 13:26 -------- d-----w- C:\Lop SD
2009-07-24 19:53 . 2009-07-24 20:20 -------- d-----w- c:\program files\Navilog1
2009-07-24 19:16 . 2009-07-24 19:37 -------- d-----w- C:\ToolBar SD
2009-07-24 01:19 . 2009-07-23 22:43 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-23 22:43 . 2009-07-23 22:43 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-23 22:42 . 2009-07-23 22:42 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-23 22:42 . 2009-07-23 22:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-23 22:42 . 2009-07-23 22:42 -------- d-----w- c:\program files\Lavasoft
2009-07-23 22:39 . 2009-07-23 22:39 -------- d-----w- c:\program files\CCleaner
2009-07-23 13:15 . 2009-07-25 15:24 -------- d-----w- c:\program files\trend micro
2009-07-23 13:15 . 2009-07-23 13:15 -------- d-----w- C:\rsit
2009-07-21 22:11 . 2009-07-21 22:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{dd9a9e7625afb6d9307f2cd8e4c1abd8}
2009-07-21 22:06 . 2009-07-22 11:34 -------- d-----w- c:\program files\Slayers Online
2009-07-20 19:11 . 2009-07-25 10:28 -------- d-----w- c:\program files\Spyware Doctor
2009-07-19 20:29 . 2009-07-23 18:10 -------- d--h--w- c:\windows\$hf_mig$
2009-07-19 20:28 . 2009-07-21 10:26 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-19 20:28 . 2009-07-19 20:28 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-19 20:27 . 2009-07-19 20:27 -------- d-----w- c:\windows\system32\URTTEMP
2009-07-19 14:26 . 2009-07-19 14:26 72192 ----a-w- c:\windows\system32\tasklist.exe
2009-07-19 13:17 . 2009-07-19 13:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-19 12:29 . 2009-07-19 12:47 -------- d-----w- c:\program files\Lopxp
2009-07-19 10:03 . 2009-07-19 10:03 -------- d-s---w- c:\documents and settings\LocalService\Favoris
2009-07-18 16:08 . 2009-07-18 16:08 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-18 16:08 . 2009-07-18 16:08 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-18 16:08 . 2009-07-18 16:08 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-18 16:08 . 2009-07-18 16:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-18 14:37 . 2009-07-18 14:37 -------- d-----w- c:\program files\Unlocker
2009-07-18 13:45 . 2009-07-18 13:45 -------- d-----w- c:\program files\Enigma Software Group
2009-07-15 23:20 . 2009-07-15 23:20 -------- d-----w- c:\program files\Lavalys
2009-07-15 23:14 . 2009-07-15 23:14 -------- d-----w- c:\program files\Driver-Soft
2009-07-15 21:22 . 1998-11-13 09:16 308224 ----a-w- c:\windows\IsUn040c.exe
2009-07-15 21:13 . 2003-04-18 22:32 4736 ----a-w- c:\windows\system32\drivers\tandpl.sys
2009-07-15 21:13 . 2003-03-02 15:44 7552 ----a-w- c:\windows\system32\drivers\enodpl.sys
2009-07-15 18:41 . 2009-07-15 18:41 -------- d-----w- c:\program files\Ubisoft
2009-07-13 20:34 . 2009-07-13 20:34 -------- d-----w- c:\program files\BitTorrent
2009-07-10 17:42 . 2009-07-10 17:42 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\CyberLink
2009-07-06 18:13 . 2009-07-06 18:13 2915944 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-07-06 18:13 . 2009-07-06 18:13 304528 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-07-06 16:09 . 2009-07-06 16:09 -------- d-----w- c:\program files\Cyanide
2009-07-02 19:10 . 2009-07-02 19:10 -------- d-----w- c:\windows\system32\Adobe
2009-06-29 12:50 . 2009-06-29 12:53 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 10:58 . 2009-04-02 08:11 -------- d-----w- c:\program files\SuperCopier2
2009-07-25 11:53 . 2009-04-02 08:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 10:35 . 2009-04-02 08:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-25 10:28 . 2009-04-14 17:01 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-24 22:40 . 2009-04-30 19:56 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-24 01:02 . 2009-04-09 21:09 -------- d-----w- c:\program files\Everest Poker
2009-07-24 00:45 . 2009-04-02 08:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-23 23:04 . 2009-04-07 00:07 -------- d-----w- c:\program files\Conduit
2009-07-23 21:57 . 2009-04-04 14:52 -------- d-----w- c:\program files\GlobFX Technologies
2009-07-23 21:54 . 2009-04-03 22:26 -------- d-----w- c:\program files\eMule
2009-07-23 21:19 . 2009-04-02 18:14 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-23 19:20 . 2009-04-10 18:37 -------- d-----w- c:\program files\Free Easy Burner
2009-07-22 23:07 . 2008-04-14 12:00 94426 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-22 23:07 . 2008-04-14 12:00 533126 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-19 13:17 . 2009-04-02 08:15 -------- d-----w- c:\program files\Java
2009-07-15 18:41 . 2009-04-02 08:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-13 11:36 . 2009-04-02 08:16 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-04-02 08:16 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 21:27 . 2009-06-17 18:56 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-16 16:15 . 2009-04-02 08:28 5095936 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-06-16 14:40 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:11 . 2009-06-16 14:10 -------- d-----w- c:\program files\VirtualDJ
2009-06-12 16:19 . 2009-05-02 10:30 -------- d-----w- c:\program files\Frets on Fire
2009-06-12 09:10 . 2009-04-02 08:28 17887232 ----a-w- c:\windows\RTHDCPL.EXE
2009-06-09 12:43 . 2009-04-02 08:28 37376 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-06-03 19:10 . 2008-04-14 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 12:02 . 2009-04-02 08:28 1482752 ----a-w- c:\windows\RtlUpd.exe
2009-06-03 10:41 . 2009-04-02 08:36 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-02 06:01 . 2009-04-02 17:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-01 20:34 . 2009-06-01 20:34 -------- d-----w- c:\program files\Aimersoft
2009-06-01 20:31 . 2009-06-01 20:31 -------- d-----w- c:\program files\MediaCoder
2009-05-30 13:47 . 2009-04-02 18:02 -------- d-----w- c:\program files\Windows Live
2009-05-30 13:47 . 2009-05-30 13:47 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-30 13:46 . 2009-05-30 13:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-29 19:11 . 2009-04-07 09:29 -------- d-----w- c:\program files\SopCast
2009-05-24 22:24 . 2008-05-26 20:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-13 05:04 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2009-04-02 08:17 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:33 . 2008-04-14 12:00 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-27 17:20 . 2009-04-27 17:20 520192 ----a-w- c:\windows\system32\UEFA 2008 (fr).scr
2009-07-22 16:09 . 2009-04-02 08:14 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 12:00 979968 3EFE912DD25D2586E6A0341DB0A66F69 c:\windows\explorer.exe
[-] 2008-04-14 12:00 979968 3EFE912DD25D2586E6A0341DB0A66F69 c:\windows\system32\dllcache\explorer.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Widget LEquipe.fr"="c:\program files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe" [2009-04-15 435728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-19 148888]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-23 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-06-12 17887232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Propri‚taire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-2 135680]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Alertes uefa.com.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Alertes uefa.com.lnk
backup=c:\windows\pss\Alertes uefa.com.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Cyanide\\[Demo] Pro Cycling Manager - Season 2008\\PCMDemo.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\XIII\\system\\XIII.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Cyanide\\[Demo] Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/07/2009 00:43 64160]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [06/07/2009 20:13 2915944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [30/05/2009 15:48 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [07/09/2008 20:02 21920]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [03/04/2009 23:30 17792]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1c9bd22bd8a8c62;Service Google Update (gupdate1c9bd22bd8a8c62);c:\program files\Google\Update\GoogleUpdate.exe [14/04/2009 19:02 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02/04/2009 10:28 1684736]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 16:59 15152]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Supplementary Scan -------
.
mWindow Title =
FF - ProfilePath - c:\docume~1\PROPRI~1\APPLIC~1\Mozilla\Firefox\Profiles\5igsnmxd.Antoine\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fcnantes.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 13:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\mc24.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\SHDOCVW.dll
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\searchprotocolhost.exe
c:\program files\Nosibay\Widget LEquipe.fr\Widget LEquipe.fr.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-07-26 13:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 11:24

Pre-Run: 55 627 583 488 octets libres
Post-Run: 56 572 960 768 octets libres

285 --- E O F --- 2009-07-23 00:53
0
Utilisateur anonyme
26 juil. 2009 à 14:53
Bonjour,
Combo Fix a bien nettoyé, mais tu n'as pas installé la console de récupération, il faut faire attention avec ce genre d'outil

Tu me faits un nouveau scan RSIT, et tu me postes les rapports
0
Réponse 18 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
26 juil. 2009 à 15:03
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2009-07-26 15:03:48
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 54 GB (35%) free of 153 GB
Total RAM: 1014 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:56, on 26/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Nosibay\Widget LEquipe.fr\Widget LEquipe.fr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Propriétaire.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Widget LEquipe.fr] "C:\Program Files\Nosibay\Widget LEquipe.fr\LWidget LEquipe.fr.exe" /winstartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: leq - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Service Google Update (gupdate1c9bd22bd8a8c62) (gupdate1c9bd22bd8a8c62) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Utilisateur anonyme
26 juil. 2009 à 15:19
Télécharge Ad-remover (sur le bureau) : http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

Désactiver l'anti-virus

/!\ Déconnectes toi et fermes toutes applications en cours

Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
Lance AD Remover qui est sur le bureau
Choisit l'option L
Poste le rapport qui apparait à la fin .


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall
0
Réponse 19 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
26 juil. 2009 à 16:41
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:32:56, 26/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: JOGUET-747F5345 | Utilisateur actuel: Propri‚taire
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: Propriétaire
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
.
C:\Program Files\Everest Poker\data
C:\Program Files\Everest Poker\history
C:\Program Files\Everest Poker\data\fonts
C:\Program Files\Everest Poker\data\mp-lobby
C:\Program Files\Everest Poker\data\mp-poker
C:\Program Files\Everest Poker\data\shared
C:\Program Files\Everest Poker\data\startup
C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf
C:\Program Files\Everest Poker\data\mp-lobby\fr.gvt
C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt
C:\Program Files\Everest Poker\data\mp-poker\background
C:\Program Files\Everest Poker\data\mp-poker\fr
C:\Program Files\Everest Poker\data\mp-poker\shared.gvt
C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt
C:\Program Files\Everest Poker\data\mp-poker\fr\bitmaps.gvt
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt
C:\Program Files\Everest Poker\data\shared\fr
C:\Program Files\Everest Poker\data\shared\shared
C:\Program Files\Everest Poker\data\shared\fr\country.txt
C:\Program Files\Everest Poker\data\shared\fr\language.txt
C:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
C:\Program Files\Everest Poker\data\shared\shared\bitmaps
C:\Program Files\Everest Poker\data\shared\shared\sounds
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
C:\Program Files\Everest Poker\data\startup\en
C:\Program Files\Everest Poker\data\startup\fr
C:\Program Files\Everest Poker\data\startup\shared
C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt
C:\Program Files\Everest Poker\data\startup\fr\cstart.txt
C:\Program Files\Everest Poker\data\startup\fr\startup_strings.txt
C:\Program Files\Everest Poker\data\startup\shared\bitmaps
C:\Program Files\Everest Poker\data\startup\shared\icons
C:\Program Files\Everest Poker\data\startup\shared\sounds
C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
C:\Program Files\Everest Poker\history\10.txt
C:\Program Files\Everest Poker\history\12.txt
C:\Program Files\Everest Poker\history\19.txt
C:\Program Files\Everest Poker\history\25.txt
C:\Program Files\Everest Poker\history\26.txt
C:\Program Files\Everest Poker\history\29.txt
C:\Program Files\Everest Poker\history\30.txt
C:\Program Files\Everest Poker\history\32.txt
C:\Program Files\Everest Poker\history\34.txt
C:\Program Files\Everest Poker\history\38.txt
C:\Program Files\Everest Poker\history\39.txt
C:\Program Files\Everest Poker\history\4.txt
C:\Program Files\Everest Poker\history\43.txt
C:\Program Files\Everest Poker\history\5.txt
C:\Program Files\Everest Poker\history\8.txt
C:\Program Files\Everest Poker
C:\WINDOWS\Installer\1f7a1f9.msi

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.12 *

Nom du profil: 8msjuy7k.default (Propri‚taire)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fcnantes.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.11");
.
.

* Internet Explorer Version 8.0.6001.18702 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\Propri‚taire\Application Data\Mozilla\Firefox\Profiles\5igsnmxd.Antoine\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
C:\Documents and Settings\Propri‚taire\Application Data\Nosibay\Widget LEquipe.fr\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\bspatch.exe
C:\Documents and Settings\Propri‚taire\Application Data\Nosibay\Widget LEquipe.fr\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Antoine\Jeux\Fifa 2008\fifa_08_patch_2_multi-langues_218200.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Antoine\Jeux\Fifa 2008\fifa_08_patch_3_multi-langues_218202.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Antoine\Logiciels\patch-3.rar
C:\Documents and Settings\Propri‚taire\Mes documents\Azureus Downloads\Patch Valbuena PES 2009 - Platinum Version.zip
C:\Documents and Settings\Propri‚taire\Mes documents\Downloads\Driver.Genius.2007.Professional.Edition.7.1.622.Incl.Keymaker-EMBRACE\Embrance\keygen.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Downloads\PC XIII + Parche [Multi5] [www.torrentspain.com]\Parche XIII\xiii_codegame_patch.exe
.
===================================
.
6403 Octet(s) - C:\Ad-Report-CLEAN.log
.
0 Fichier(s) - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
1 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
16 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 16:40:53 | 26/07/2009
.
============== E.O.F ==============
.
0
Utilisateur anonyme
26 juil. 2009 à 17:01
je te donne la liste des programmes à éviter à tout prix pour ne pas réinfecter ton PC

Bingo Day
Boonty
BoontyGames
Casino DelRio
Casino Lux
Casino Nederland
Casino Tropez
Casino-On-Net
Casino.com
EmpirePoker
EoCalendar
EoClock
EoComputer
EoDesk3d
EoMail
EoMap
EoNet
EoPhoto
EoProgrammeTele
EoRss
EoSudoku
EoTraduction
EoWeather
EoWiki
Europa Casino
Everest Casino
Everest Poker
Flamingo Club Casino
Fun Web Products
Golden Palace Casino
Golden Casino
GV Luxe
It's TV
MySpeedyAlert
MyTotalSearch
MyGlobalSearch
MyQuickSearch
MySearch
MyWay
My Way Speedbar
MyWebSearch
Pacific Poker
PartyPoker
Poker Mile
Poker 770
RoxyPalace
SweetIM
Titan Poker
Vegas Red Casino
888poker


Comment va ton PC ?



C:\Documents and Settings\Propri‚taire\Application Data\Mozilla\Firefox\Profiles\5igsnmxd.Antoine\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
C:\Documents and Settings\Propri‚taire\Application Data\Nosibay\Widget LEquipe.fr\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\bspatch.exe
C:\Documents and Settings\Propri‚taire\Application Data\Nosibay\Widget LEquipe.fr\modules\nosibox\id21a2d915f7bf4f20b493ced59dddd267\patch.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Antoine\Jeux\Fifa 2008\fifa_08_patch_2_multi-langues_218200.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Antoine\Jeux\Fifa 2008\fifa_08_patch_3_multi-langues_218202.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Antoine\Logiciels\patch-3.rar
C:\Documents and Settings\Propri‚taire\Mes documents\Azureus Downloads\Patch Valbuena PES 2009 - Platinum Version.zip
C:\Documents and Settings\Propri‚taire\Mes documents\Downloads\Driver.Genius.2007.Professional.Edition.7.1.622.Incl.Keymaker-EMBRACE\Embrance\keygen.exe
C:\Documents and Settings\Propri‚taire\Mes documents\Downloads\PC XIII + Parche [Multi5] [www.torrentspain.com]\Parche XIII\xiii_codegame_patch.exe

tous ces fichiers sont suspects, il va falloir les supprimer

Affiche d'abord les fichiers et dossiers cachés:

Démarrer, poste de travail
Clique sur outils, et sélectionne options de dossiers
Va dans l'onglet affichage
Coche afficher les fichiers et dossiers cachés, puis OK
Essaye de trouver tous ces fichiers que je t'indique, met les dans la corbeille, et vide la


Ces fichiers te servent-ils?
0
Réponse 20 / 30
Gaboule Messages postés 38 Date d'inscription jeudi 23 juillet 2009 Statut Membre Dernière intervention 29 décembre 2009
26 juil. 2009 à 17:56
J'ai supprimé tous les fichiers que tu m'as listé.

J'ai vérifier tous les bugs que j'avais listé lors de mon premier post et tout refonctionne à merveilles! Merci beaucoup à toi pour ta disponibilité et ton aide!

Juste une chose, je ne trouve pas où réactiver mon Antivirus Avira Antivir?
0
Utilisateur anonyme
26 juil. 2009 à 18:19
C'est pas finit

Ouvre Antivir
A gauche, clique sur aperçu, puis sur état
dans antivir guard, clique sur activer

Evites de télécharger des crack, keylogger, et évites les logiciels de téléchargement (limewire, Emule, shaeraza)
car tu as de fortes chances de télécharger des virus, suis tous les conseils que je t'ai donné pour éviter de réinfecter ton PC

Refait un scan malwarebytes pour vérifications, met le à jour d'abord

fait ceci, car sinon, tu risques de réinfecter to PC avec les points de restauration, il faut les supprimer


Purge de la restauration système


*Désactive ta restauration :
Clique droit sur Poste de travail, clique sur Propriétés, puis sur Restauration système Coche la case désactiver la restauration Clique sur appliquer, puis sur OK
---> Redémarre ton PC ...

*Réactive ta restauration :
Clique droit sur Poste de travail, clique sur Propriétés, puis sur Restauration système Décoche la case désactiver la restauration Clique sur appliquer, puis sur OK
--->Redémarre ton PC ...

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).
0