Comment suprimer un cheval de troie?

lionel -  
 Utilisateur anonyme -
Bonjour,
j'ai un gros probléme j'ai un cheval de troie répété qui m'ouvre internet-explorerde plus mon processeur tourne à 100%! je le suprime a chaque menaces détécté mais il reviens toujours!
merci de bien vouloir m'aidé!
PS: j'ai avg comme anti virus


A voir également:

50 réponses

Précédent
Réponse 41 / 50
lionel
 
http://www.cijoint.fr/cjlink.php?file=cj201007/cijLHyyOTj.txt
0
Réponse 42 / 50
Utilisateur anonyme
 
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :


C:\WINDOWS\System32\nwscript.exe
C:\WINDOWS\System32\Crusher.dll
C:\WINDOWS\System32\iissuba.dll
C:\WINDOWS\System32\leon3_32.dll
C:\WINDOWS\System32\LOADSERV.DLL

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :
*
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0
Réponse 43 / 50
lionel
 
Fichier nwscript.exe reçu le 2010.07.15 13:33:56 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.15 -
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
AVG 9.0.0.836 2010.07.15 -
BitDefender 7.2 2010.07.15 -
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5437 2010.07.15 -
DrWeb 5.0.2.03300 2010.07.15 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 -
F-Prot 4.6.1.107 2010.07.15 -
F-Secure 9.0.15370.0 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 -
Ikarus T3.1.1.84.0 2010.07.15 -
Jiangmin 13.0.900 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 -
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.14 -
nProtect 2010-07-15.02 2010.07.15 -
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 -
Sunbelt 6585 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -

Information additionnelle
File size: 129024 bytes
MD5...: d6c3581932665be7eff97e814b47ff8f
SHA1..: a2d70c33bdf27b5c23025ea7d53fe8fe0d43d7e3
SHA256: 981c26e25662e76bf870ca8ee7917f84ae42870e233dfd503858843ac1c5dc1f
ssdeep: 3072:jY6I93/sQRlkp5g5zRJPxB+ftGMpHjZDcTDdPUsV:jY1lblGg5FJPsGMXeF<br>Ua<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xf198<br>timedatestamp.....: 0x3b7d845b (Fri Aug 17 20:53:47 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1a144 0x1a200 6.69 447caf3393230dfbd66e3f096b23327c<br>.data 0x1c000 0x43bc 0x1400 3.68 c6027affa9567bac5843addcff8a4225<br>.rsrc 0x21000 0x3d78 0x3e00 3.56 36d739ce942b10d484361d84fde774b7<br><br>( 7 imports ) <br>> NWPROVAU.dll: NwEnumConnections, NwSetLogonScript, NwQueryInfo, NPOpenEnum<br>> ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExA, RegCloseKey, RegQueryValueExW, RegSetValueExA, RegCreateKeyExW<br>> KERNEL32.dll: IsValidCodePage, GetLastError, LocalFree, LocalAlloc, GetEnvironmentVariableA, MultiByteToWideChar, WideCharToMultiByte, WriteConsoleW, GetStdHandle, CloseHandle, IsDBCSLeadByte, SetConsoleCursorPosition, ScrollConsoleScreenBufferA, GetConsoleScreenBufferInfo, CreateFileW, GetTimeFormatW, GetDateFormatW, ReadFile, GetSystemDefaultLCID, FileTimeToSystemTime, DosDateTimeToFileTime, GetTimeZoneInformation, SetConsoleCtrlHandler, GetDriveTypeA, SetFilePointer, CreateFileA, GetModuleHandleA, GetCommandLineA, GetVersionExA, ExitProcess, GetProcAddress, HeapFree, GetCurrentDirectoryA, SetCurrentDirectoryA, HeapAlloc, GetSystemTimeAsFileTime, Beep, ReadConsoleInputA, SetConsoleMode, GetConsoleMode, PeekConsoleInputA, GetNumberOfConsoleInputEvents, SetEnvironmentVariableA, GetFullPathNameA, WriteFile, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, GetCPInfo, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetProcessHeap, GetStringTypeA, GetStringTypeW, VirtualAlloc, HeapReAlloc, VirtualProtect, GetSystemInfo, VirtualQuery, LCMapStringA, LCMapStringW, SetEnvironmentVariableW, GetFileAttributesA, LoadLibraryA, GetACP, GetOEMCP, SetStdHandle, FlushFileBuffers, CompareStringA, CompareStringW, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, RtlUnwind, GetLocaleInfoW, SetEndOfFile<br>> USER32.dll: LoadStringA, CharPrevA, wsprintfW, LoadStringW<br>> MPR.dll: WNetOpenEnumW, WNetEnumResourceA, WNetGetConnection2A, WNetGetConnectionA, WNetCloseEnum, WNetAddConnection2A, WNetCancelConnection2A, WNetGetLastErrorW<br>> ntdll.dll: NtClose, RtlInitUnicodeString, _strcmpi, RtlUnicodeStringToOemString, RtlOemStringToUnicodeString, NtFsControlFile, NtOpenFile<br>> NWAPI32.dll: NWDetachFromFileServer, NWGetFileServerVersionInfo, NwNdsReadObjectInfo, NwNdsOpenGenericHandle, NWGetObjectName, NwlibMakeNcp, NWAttachToFileServer, NWReadPropertyValue, NwNdsOpenStream, NwNdsReadAttribute, NwNdsOpenTreeHandle, NwNdsSetTreeContext, NwNdsGetTreeContext, NwNdsResolveName<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
pdfid.: -
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. Tous droits r_serv_s.<br>product......: Syst_me d_exploitation Microsoft_ Windows_<br>description..: Utilitaire de script de connexion NetWare<br>original name: nwscript.exe<br>internal name: nwscript<br>file version.: 5.1.2600.0 (xpclient.010817-1148)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 44 / 50
lionel
 
Fichier Crusher.dll reçu le 2010.07.15 13:42:12 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.15 -
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
AVG 9.0.0.836 2010.07.15 -
BitDefender 7.2 2010.07.15 -
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5437 2010.07.15 -
DrWeb 5.0.2.03300 2010.07.15 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 -
F-Prot 4.6.1.107 2010.07.15 -
F-Secure 9.0.15370.0 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 -
Ikarus T3.1.1.84.0 2010.07.15 -
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 -
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.14 -
nProtect 2010-07-15.02 2010.07.15 -
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 -
Sunbelt 6585 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -

Information additionnelle
File size: 778240 bytes
MD5...: dfb157ab5f916eeec5778944d9a285f6
SHA1..: 1f2b53693d5bde0d021c431989e6960c27acbb42
SHA256: 2679acd106fe0fb9d59e4562819ef75d02dcc061491bad3934fb5ff0af7388e2
ssdeep: 12288:n0AKpXC1yOAl/I9EgrMauUBev3/wCMsDOrTaBXIayfXoVayhExl25o:n03<br>gxo/IWgrMauUBeJfBtE6zE4<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1b913<br>timedatestamp.....: 0x41e6e165 (Thu Jan 13 21:00:21 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x268d3 0x27000 6.56 0e1cd7119b05963295ac2f67ff8a1372<br>.rdata 0x28000 0x6224 0x7000 5.02 5ef431f500c2e8c9b8f36766cac704a2<br>.data 0x2f000 0x2b6c 0x2000 2.24 62ba2d9cee093fd274b1b7152b18acbe<br>.rsrc 0x32000 0x88b08 0x89000 5.87 cc730781e0a79e4e73adbfecd169a9e3<br>.reloc 0xbb000 0x3088 0x4000 3.81 44b3a7afffd55159545893a44631cb4f<br><br>( 7 imports ) <br>> KERNEL32.dll: GlobalUnlock, GlobalSize, GlobalLock, CompareStringA, CompareStringW, EnterCriticalSection, GlobalFree, DeleteFileA, MulDiv, GetCurrentThreadId, HeapAlloc, GetProcessHeap, HeapFree, GetCurrentProcess, FlushInstructionCache, FindResourceExA, LockResource, GetModuleHandleA, SetEndOfFile, SetEnvironmentVariableA, SetStdHandle, SetFilePointer, IsBadCodePtr, IsBadReadPtr, FlushFileBuffers, UnhandledExceptionFilter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, GetCPInfo, GetOEMCP, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, SetUnhandledExceptionFilter, GetSystemTimeAsFileTime, LoadLibraryExA, FindResourceA, LoadResource, SizeofResource, FreeLibrary, InterlockedDecrement, InterlockedIncrement, IsDBCSLeadByte, lstrcatA, GetModuleFileNameA, lstrcpyA, lstrcpynA, lstrcmpiA, lstrlenA, GetLastError, DeleteCriticalSection, InitializeCriticalSection, RaiseException, LeaveCriticalSection, lstrlenW, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, IsBadWritePtr, VirtualFree, HeapCreate, WriteFile, TerminateProcess, GetCommandLineA, ExitProcess, RtlUnwind, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, MoveFileA, GetTempFileNameA, GetTempPathA, HeapReAlloc, HeapSize, FreeResource, ReadFile, GetFileSize, GlobalAlloc, CloseHandle, CreateFileA, GetSystemDirectoryA, GetProcAddress, LoadLibraryA, GetFileAttributesA, GlobalHandle, HeapDestroy<br>> USER32.dll: CharNextA, UnregisterClassA, SetWindowLongA, SetCursor, LoadCursorA, DefWindowProcA, DestroyWindow, EndPaint, BeginPaint, FillRect, GetClientRect, GetClassInfoExA, RegisterClassExA, CreateWindowExA, KillTimer, SetTimer, GetCursorPos, SetWindowTextA, GetDlgItem, SetCapture, MapWindowPoints, EndDialog, GetActiveWindow, MessageBoxA, wsprintfA, GetParent, SetFocus, ShowWindow, GetFocus, IsChild, GetKeyState, InvalidateRect, IsWindow, GetDC, ReleaseDC, IntersectRect, EqualRect, OffsetRect, SetWindowRgn, SetWindowPos, UnionRect, PtInRect, DialogBoxParamA, ReleaseCapture, CallWindowProcA, GetWindowLongA<br>> GDI32.dll: CreateDCA, GetDeviceCaps, LPtoDP, SaveDC, SetMapMode, SetWindowOrgEx, SetViewportOrgEx, DeleteDC, RestoreDC, CreateRectRgnIndirect, GetClipRgn, CreateRectRgn, SelectClipRgn, Rectangle, SetTextAlign, TextOutA, CreateSolidBrush, GetPixel, CreateCompatibleDC, CreateDIBSection, SelectObject, DeleteObject, SetBkMode, SetStretchBltMode, SetPolyFillMode, GetStockObject, CreateICA<br>> ADVAPI32.dll: RegQueryInfoKeyA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, RegEnumKeyExA<br>> ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoTaskMemRealloc, StringFromGUID2, CoCreateInstance, CLSIDFromProgID, OleRegGetUserType, CreateOleAdviseHolder, OleRegGetMiscStatus, OleLoadFromStream, WriteClassStm, OleSaveToStream, GetHGlobalFromStream, CreateStreamOnHGlobal, OleRegEnumVerbs<br>> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<br>> SHLWAPI.dll: PathFindExtensionA<br><br>( 4 exports ) <br>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: DirectShow filter (53.7%)<br>Windows OCX File (32.9%)<br>Win32 Executable MS Visual C++ (generic) (10.0%)<br>Win32 Executable Generic (2.2%)<br>Generic Win/DOS Executable (0.5%)
sigcheck:<br>publisher....: AmericanGreetings.com<br>copyright....: Copyright (c) 2005 AG.com, Inc.<br>product......: Spell Check and Photo eCards 1.1.5012<br>description..: Spell Check and Photo eCards Copyright (c) 2005 AG.com, Inc.<br>original name: Crusher.dll<br>internal name: n/a<br>file version.: 1.1.5012<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 50
lionel
 
Fichier iissuba.dll reçu le 2010.07.15 13:47:27 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.15 -
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
AVG 9.0.0.836 2010.07.15 -
BitDefender 7.2 2010.07.15 -
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5437 2010.07.15 -
DrWeb 5.0.2.03300 2010.07.15 -
eSafe 7.0.17.0 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 -
F-Prot 4.6.1.107 2010.07.15 -
F-Secure 9.0.15370.0 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 -
Ikarus T3.1.1.84.0 2010.07.15 -
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 -
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.14 -
nProtect 2010-07-15.02 2010.07.15 -
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 -
Sunbelt 6585 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -

Information additionnelle
File size: 9216 bytes
MD5...: 907279207e972ed9a25454ecd9d4a4ef
SHA1..: dee0c168dcdc781cfa09dc514768a8e78dab4f8a
SHA256: afedfc3f3f76ff8ce1b5193b6b8d4c7bcd7b479b0e6dae74a63f368960110664
ssdeep: 96:HQTOZwOSNyGFmHqE6EC39YBfLMiV/pFss7li6S0YBKUc44c433REW32+Jgw:H<br>FZjGFPvizfsYU6S0133SW3B1<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x0<br>timedatestamp.....: 0x3b853368 (Thu Aug 23 16:46:32 2001)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x168f 0x1800 6.58 ca2fa5d49cbfc50c596a483f4d41868d<br>.data 0x3000 0x58 0x200 0.17 ea1d0a97502f213fe1aebacc24a86e8f<br>.rsrc 0x4000 0x3f8 0x400 3.33 1a56ceae4e0e6c6774ba379e1ab05607<br>.reloc 0x5000 0xa8 0x200 1.04 631fb058bbd7b693446184e5a243a8f2<br><br>( 4 imports ) <br>> msvcrt.dll: _except_handler3, wcslen<br>> ntdll.dll: RtlUnicodeStringToAnsiString, RtlFreeHeap, RtlAppendAsciizToString, RtlAllocateHeap<br>> KERNEL32.dll: GetSystemTime, SystemTimeToFileTime, SetLastError<br>> SAMSRV.dll: SamIRetrievePrimaryCredentials, SamrQueryInformationUser, SamIFree_SAMPR_USER_INFO_BUFFER<br><br>( 1 exports ) <br>Msv1_0SubAuthenticationRoutineEx<br>
RDS...: NSRL Reference Data Set<br>-
trid..: Win32 Dynamic Link Library (generic) (65.4%)<br>Generic Win/DOS Executable (17.2%)<br>DOS Executable Generic (17.2%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) Microsoft Corporation. All rights reserved.<br>product......: Internet Information Services<br>description..: Microsoft IIS sub-authentication handler<br>original name: iissuba.dll<br>internal name: iissuba.dll<br>file version.: 6.0.2600.0 (xpclient.010817-1148)<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
0
Réponse 46 / 50
lionel
 
ichier leon3_32.dll reçu le 2010.07.15 13:50:17 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 5.0.0.31 2010.07.15 -
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
AVG 9.0.0.836 2010.07.15 -
BitDefender 7.2 2010.07.15 -
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5437 2010.07.15 -
DrWeb 5.0.2.03300 2010.07.15 -
eSafe 7.0.17.0 2010.07.15 Suspicious File
eTrust-Vet 36.1.7710 2010.07.15 -
F-Prot 4.6.1.107 2010.07.15 -
F-Secure 9.0.15370.0 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 -
Ikarus T3.1.1.84.0 2010.07.15 -
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 -
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.14 -
nProtect 2010-07-15.02 2010.07.15 -
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 -
Sunbelt 6585 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -

Information additionnelle
File size: 143360 bytes
MD5...: 951b515cc581a9b42f56e34e4ce95a96
SHA1..: f4bbed2d0fdcacadb6bb86f928042ed2c2f6761b
SHA256: c385f05b912ba13c3e214b87c7c21714e2f4979d2c1dc69849b9d721b5b7ab9a
ssdeep: 3072:X4FOm7mE+nuzMF+Jj4XNw97I8d3nnLBg2WOD/l2DO1:I0E+4Jow908ZnWOD<br>l<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1170<br>timedatestamp.....: 0x3ef8379e (Tue Jun 24 11:35:58 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x16994 0x16a00 6.62 22215cb572882d01d28ee390fd12c2bc<br>.rdata 0x18000 0x236a 0x2400 5.37 ca94fe70d570df2a49af67ba978dadd2<br>.data 0x1b000 0x5eb4 0x4800 2.31 63a00973b7a6f4041aaedd63b4104ebe<br> 0x21000 0x2b0c 0x2c00 4.17 5ca86b69bc32a8d8d35dc16a991f4e8f<br>.rsrc 0x24000 0x12a8 0x1400 3.27 852c9869f1f964966582774471a519a6<br>.reloc 0x26000 0x158a 0x1600 5.30 c514ff75c36bdc367c7929857c0fe231<br><br>( 4 imports ) <br>> KERNEL32.dll: LCMapStringA, HeapFree, LCMapStringW, GetStringTypeW, VirtualAlloc, GetProcAddress, GetStringTypeA, LoadLibraryA, CloseHandle, SetStdHandle, SetFilePointer, GlobalUnlock, MulDiv, GlobalLock, GlobalFree, FlushFileBuffers, HeapAlloc, GlobalSize, lstrcmpA, lstrlenA, lstrcatA, lstrcpyA, GlobalReAlloc, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, lstrcpynA, OpenFile, GetWindowsDirectoryA, FreeLibrary, LeaveCriticalSection, InitializeCriticalSection, EnterCriticalSection, LocalFree, HeapCreate, WriteFile, GetSystemInfo, VirtualFree, GetEnvironmentStringsW, HeapDestroy, WideCharToMultiByte, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetACP, FreeEnvironmentStringsA, GetOEMCP, DeleteCriticalSection, GetCPInfo, GetModuleFileNameA, GetStdHandle, GetStartupInfoA, GetFileType, GetLastError, SetHandleCount, TlsFree, TlsGetValue, SetLastError, GetCurrentThreadId, TlsAlloc, TlsSetValue, ExitProcess, GetCurrentProcess, TerminateProcess, GetVersion, GetCommandLineA, LocalAlloc, GlobalAlloc, GetLocaleInfoA, InterlockedDecrement, RaiseException, InterlockedIncrement, GetLocaleInfoW, GetModuleHandleA<br>> USER32.dll: GetWindowRect, SendMessageA, MessageBeep, SetCursor, GetDC, ReleaseDC, SetRect, CopyRect, SetWindowLongA, MessageBoxA, LoadStringA, UnregisterClassA, DefWindowProcA, GetWindowLongA, TranslateMessage, DestroyWindow, DispatchMessageA, RegisterClassA, GetMessageA, CreateWindowExA, IsRectEmpty, wsprintfA, LoadCursorA, GetDesktopWindow<br>> GDI32.dll: SelectObject, BitBlt, CreateCompatibleBitmap, GetStockObject, GetObjectA, DeleteDC, GetDIBits, PatBlt, GetBitmapDimensionEx, CreatePalette, SelectPalette, SetDIBitsToDevice, CreateBitmap, SetDIBits, RealizePalette, SetBitmapDimensionEx, GetDeviceCaps, CreateDIBitmap, CreateDCA, DeleteObject, CreateCompatibleDC, PlayMetaFileRecord, EnumMetaFile, GetSystemPaletteEntries, SetWindowExtEx, SetWindowOrgEx, CloseMetaFile, CreateMetaFileA, Escape, SetMapMode, LPtoDP, PlayEnhMetaFileRecord, StretchDIBits, GetEnhMetaFileDescriptionA, GetEnhMetaFileHeader, CreateEnhMetaFileA, EnumEnhMetaFile, Polyline, CloseEnhMetaFile<br>> WINMM.dll: mmioSeek, mmioWrite, mmioRead, mmioOpenA, mmioClose<br><br>( 69 exports ) <br>BitmapFromDIB, ConvertDIB, CopyHandle, CreateBIPalette, CreateCompatibleDIB, CreateDIB, CreateDIBPalette, CreateFIRFilteredDIB, CreateSharpenedDIB, DIBAlphaBlend, DIBBlt, DIBCmyk2Rgb, DIBDetectBarCode, DIBFree, DIBFromBitmap, DIBFromRle, DIBInfo, DIBIsCmyk, DIBNumPaletteColors, DIBPaletteSize, DIBPaletteType, DIBPixelPtr, DIBScreenShot, DIBSelectColors, DitherTo1, DitherTo4, DitherTo8, DrawBitmap, GammaCorrectionApplyToDIB, GammaCorrectionGetArray, GetMetaFileWindowExt, GrayDIB, IsPostScriptDC, LeonRegister, LoadDIB, LoadDIBFromFile, LoadDIBResource, RWClose, RWGetLineRGB16, RWGetPixel, RWGetPixelIndex, RWGetPixelRGB16, RWOpenDIB, RWSetLineRGB16, RWSetPixel, RWSetPixelIndex, RWSetPixelRGB16, RotateDIB, RotateEnhMetaFile, RotateMetaFile, SaveDIB, SaveDIBToFile, ScaleToGray, Splineline, StretchDIB, StretchDIB2DIBBlt, StretchDIBBlt, TWAINAquire, TWAINAquireExt, TWAINCallDS, TWAINGetImage, TWAINInitialize, TWAINIsDSMOpen, TWAINIsTwainMessage, TWAINSelectDS, TWAINSetRect, TWAINSetResolution, TWAINTerminate, TransformDIB<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: Herd Software Entwicklung/ Ketteler Str.35/ D-68642 B_rstadt/ http://www.herdsoft.com/ eMail:info@herdsoft.com/ Telefon:_49-6206-707775/ Telefax:_49-6206-707776<br>copyright....: (c)1994-2003 Dipl. Ing B.Herd<br>product......: DAVINCI Grafikbibliothek<br>description..: Grafikbearbeitungsfunktionen<br>original name: LEON3_32.DLL<br>internal name: Leonardo<br>file version.: 3.3.115<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0
Réponse 47 / 50
lionel
 
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.1.8 ¤¤¤¤¤¤¤¤¤¤

User : Client (Administrateurs)
Update on 13/07/2010 by g3n-h@ckm@n ::::: 14.00
Start at: 15:59:36 | 15/07/2010

Intel(R) Celeron(R) CPU 2.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Bitdefender Antivirus 8.0 [ Enabled | Updated ]
FW : Bitdefender Firewall[ (!) Disabled ]8.0

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 74.52 Go (44.96 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)

C:\WINDOWS\System32\smss.exe----400 Ko
C:\WINDOWS\system32\csrss.exe----3392 Ko
C:\WINDOWS\system32\winlogon.exe----4088 Ko
C:\WINDOWS\system32\services.exe----4340 Ko
C:\WINDOWS\system32\lsass.exe----5988 Ko
C:\WINDOWS\system32\svchost.exe----4940 Ko
C:\WINDOWS\system32\svchost.exe----4876 Ko
C:\WINDOWS\System32\svchost.exe----18372 Ko
C:\WINDOWS\system32\svchost.exe----2856 Ko
C:\WINDOWS\system32\logonui.exe----3716 Ko
C:\WINDOWS\system32\svchost.exe----3016 Ko
C:\WINDOWS\system32\spoolsv.exe----4956 Ko
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe----2204 Ko
C:\WINDOWS\Explorer.EXE----10144 Ko
C:\WINDOWS\system32\cmd.exe----1796 Ko
C:\WINDOWS\system32\svchost.exe----3640 Ko
C:\WINDOWS\eHome\ehRecvr.exe----4204 Ko
C:\WINDOWS\eHome\ehSched.exe----2604 Ko
C:\Program Files\Java\jre6\bin\jqs.exe----14500 Ko
C:\WINDOWS\eHome\ehRec.exe----18504 Ko
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe----4556 Ko
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE----2816 Ko
C:\WINDOWS\system32\nvsvc32.exe----4228 Ko
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe----4552 Ko
C:\WINDOWS\system32\svchost.exe----4244 Ko
C:\WINDOWS\system32\wuauclt.exe----6816 Ko
C:\WINDOWS\system32\dllhost.exe----6132 Ko
C:\WINDOWS\System32\alg.exe----3564 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe----6728 Ko
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe----4404 Ko
C:\Program Files\List_Kill'em\ERUNT.EXE----3408 Ko
C:\Program Files\List_Kill'em\pv.exe----2816 Ko

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\GnuHashes.ini

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\system32\MSWINSCK.OCX
Quarantined & Deleted !! : C:\WINDOWS\System32\SysWoW32
Quarantined & Deleted !! : C:\WINDOWS\System32\unrar.exe
Quarantined & Deleted !! : C:\Documents and Settings\Client\Local Settings\Application Data\cseao_navps.dat
Quarantined & Deleted !! : C:\Documents and Settings\Client\LOCAL Settings\Temp\IadHide5.dll
Quarantined & Deleted !! : C:\Documents and Settings\Client\Local Settings\Temporary Internet Files\SuggestedSites.dat

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\.fsharproj
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5}
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 48 / 50
Utilisateur anonyme
 
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge ici :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 49 / 50
lionel
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4318

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

16/07/2010 12:56:43
mbam-log-2010-07-16 (12-56-43).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 309304
Temps écoulé: 1 heure(s), 49 minute(s), 21 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 121

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0090b54b-faeb-4243-86bd-91be225f9b20} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0090b54b-faeb-4243-86bd-91be225f9b20} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326eb05c-385a-f08d-0d96-4b6fa8c4099b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{326eb05c-385a-f08d-0d96-4b6fa8c4099b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Downloads\GoRecord-Setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Downloads\Software\Setup.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Documents and Settings\Client\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Documents and Settings\Client\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Windows Live\Messenger\Riched20.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\OEAddOn.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\CntntCntr.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\CoreSrv.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\HostIE.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\HostOE.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\HostOL.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\Srv.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\Toolbar.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\Wallpaper.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\Weather.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\WeSkin.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\ZangoSA.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\ZangoSAAX.dll.vir (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\ZangoSADF.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\ZangoSAHook.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\ZangoUninstaller.exe.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\Program Files\Zango\bin\10.3.79.0\firefox\extensions\plugins\npclntax_ZangoSA.dll.vir (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20100224-153817-391.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP902\A0124959.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP902\A0124966.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP902\A0124987.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP902\A0124989.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP902\A0124990.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP906\A0127517.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP906\A0127518.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP906\A0127533.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP907\A0127563.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP907\A0128533.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP909\A0128856.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP909\A0128857.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP909\A0128871.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP909\A0128874.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP909\A0128896.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP909\A0128897.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129040.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129074.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129075.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129078.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129081.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129086.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129087.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129089.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129090.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129093.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129094.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129095.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129096.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129097.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129099.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129100.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129101.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129102.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129103.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129104.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129105.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129106.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129107.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129108.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129109.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129110.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129111.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129112.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129113.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129114.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129124.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129125.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129127.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129128.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129129.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129130.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129132.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129098.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129115.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129133.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129134.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129135.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129136.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129137.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129138.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129139.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129140.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129141.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129142.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F85EF6B-F527-4914-BF74-66C8EF1684A7}\RP911\A0129143.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\179.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz846D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
0
Réponse 50 / 50
Utilisateur anonyme
 
hello comment va le pc ?
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
Comment supprimer les messages d'une conversation Discord ?
Hirondellefantastique -
Jean20B -

14 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses