Trojan:Win32/Sefnit.G aide svp Résolu

Question

Bonjour, voila, j'ai un petit soucis de virus, le trojan Sefnit.G qui ne cesse de réapparaitre (même après désinfection, clean CCleaner, et re analyse complète vierge, au reboot, il revient)


LOG Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:48, on 28/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Explorer.EXE
C:\windows\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\system32\wuauclt.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Utilisateur\Mes documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://freed-world.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Windows Internet Name Service - Unknown owner - C:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe

Malekal_morte- · Answer

Salut,

Envioie C:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe 
sur http://upload.malekal.com

~~

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 
Mets le à jour, fais un scan, supprime tout et poste le rapport ici. 



puis : 

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/ 

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau. 
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur) 

* Lance OTL 
* Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous : 
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE\%Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
nslookup www.google.fr /c 
* Clique sur le bouton Analyse. 
* Quand le scan est fini, utilise le site http://www.cijoint.fr/ pour me donner les deux rapports : OTL.Txt et Extras.Txt.

Freedfreed · Answer

Déjà un grand merci, dslé ça a pris un moment :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5630

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/01/2011 17:59:06
mbam-log-2011-01-28 (17-59-06).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|S:\|)
Elément(s) analysé(s): 197535
Temps écoulé: 1 heure(s), 38 minute(s), 3 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 51
Fichier(s) infecté(s): 136

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{50AD41D2-B1F0-47CC-9EA7-395355EAEEBD} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8CEB185E-81A5-46D3-BC20-C555D605AFBD} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A72522BA-9FF3-4C83-ABC6-9B476728A396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C5762628-AE15-4ca6-96C4-B00DD17F3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D062E03E-65CA-49E4-9B15-31938BA98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Internet System Controller (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Live Content Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Web Search Assistant (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet System Controller (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Live Content Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Assistant (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software\Internet Content Updater (Adware.DoubleD) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Value: {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Value: {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Value: {E63605FC-D583-4C81-867F-9457BDB3EA1B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} (Adware.DoubleD) -> Value: {E63605FC-D583-4C81-867F-9457BDB3EA1B} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Value: {8141440E-08F0-4339-9959-5C31C6A69F23} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} (Adware.DoubleD) -> Value: {8141440E-08F0-4339-9959-5C31C6A69F23} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Value: {E889F097-B0BE-471B-89AD-B86B6F04B506} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} (Adware.DoubleD) -> Value: {E889F097-B0BE-471B-89AD-B86B6F04B506} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8} (Adware.DoubleD) -> Value: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8} -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\program files\context management controller (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\Chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\Chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\Chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Chrome\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\bin (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet connection wizard\1.8.0.2650 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet content updater (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet system controller (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet system controller\5.8.0.3240 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\web search assistant (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\web search assistant\5.8.0.3310 (Adware.DoubleD) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\program files\context management controller\2.8.0.4360\cmcsh.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\Chrome\cmcchromeaddon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\isccommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\wsacommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Chrome\wsacommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\Favoris\myfastsearcher.url (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\data.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\exclude.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\matchingdata.zd5 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\pxtmpdata.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360unning.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\Chrome\background.html (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\Chrome\contentscript.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\Chrome\manifest.json (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\chrome\content\AddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\chrome\content\AddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\context management controller\2.8.0.4360\FF\components\cmcffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\internettoday.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\internettoday.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\mfc80.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\microsoft.vc80.mfc.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\skincrafterdll.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet content updater\1.8.0.2650\data\itcfg.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\Chrome\background.html (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\Chrome\manifest.json (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\Chrome
ewtab.html (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\chrome\ISCAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\chrome\content\ISCAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\chrome\content\ISCAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\components\iscffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet system controller\5.8.0.3240\FF\components\iscffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\Chrome\background.html (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\Chrome\manifest.json (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\chrome\LCAAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\chrome\content\LCAAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\chrome\content\LCAAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\components\lcaffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\live content advancer\5.8.0.7460\FF\components\lcaffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Chrome\background.html (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Chrome\manifest.json (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Chrome\script.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Chrome\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\chrome\WSAAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\chrome\content\WSAAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\chrome\content\WSAAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\components\wsaffaddon.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\web search assistant\5.8.0.3310\FF\components\wsaffhelpercomponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_rss.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_smiley_config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_webdropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_webdropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_webdropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_webdropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_webdropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\module_webdropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\productinfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\searchenginelist.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data	bcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data	oolbarlayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\updatecentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Data\updatecentrebk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\component_combobox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_option_menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_rss.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_rss.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_rss_menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_rss_menu.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Icons\module_webdropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\gamieplay toolbar\3.7.1.8090\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet connection wizard\1.8.0.2650\itcfg.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet system controller\5.8.0.3240\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet system controller\5.8.0.3240\hjhp_20100718-011411.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\internet system controller\5.8.0.3240\hjhp_20100718-012142.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-011350.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-011359.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-012143.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-122039.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-122411.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-122413.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-122557.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-122652.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460
p_20100718-122658.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\live content advancer\5.8.0.7460\State.ini (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\web search assistant\5.8.0.3310\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\web search assistant\5.8.0.3310State.ini (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\utilisateur\local settings\application data\web search assistant\5.8.0.3310\sState.ini (Adware.DoubleD) -> Quarantined and deleted successfully.

je reboot et je fais la suite :)

Freedfreed · Answer

OTL: http://www.cijoint.fr/cjlink.php?file=cj201101/cijAlQYJYg.txt
Extras: http://www.cijoint.fr/cjlink.php?file=cj201101/cijorOMj2N.txt

merci

Malekal_morte- · Answer

Relance OTL. 
o sous Personnalisation, copie_colle le contenu du cadre ci dessous et clic Correction, un rapport apparraitra suite à l'operation que tu conserveras sur clé usb par exemple afin d'en coller le resultat: 

:OTL
PRC - [2010/12/30 19:57:27 | 005,358,080 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
:files
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\ 

* redemarre le pc sous windows et poste le rapport ici 


~~~

Refais un scan OTL et poste le rapport ici.

Freedfreed · Answer

ok, log de la correction:
========== OTL ==========
Process wins.exe killed successfully!
========== FILES ==========
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service	emp folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\pacman\bspatch folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\pacman\archive folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\pacman folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\mtemp folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\incoming folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\cache folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service folder moved successfully.
 
OTL by OldTimer - Version 3.2.20.6 log created on 01282011_190446


reboot et re scan apres.... (avc les mêmes parametres que précedent)

merci

Freedfreed · Answer

voila le scan OTL, cette fois ci il ne m'a pas donné d'extras! bon signe?

http://www.cijoint.fr/cjlink.php?file=cj201101/cijVIaXOMi.txt

Malekal_morte- · Answer

il couine encore ton antivirus ?

Freedfreed · Answer

pas pour l'instant, je vais reboot voir et lancer un scan complet :)

en tout cas un gros merci!!!! <3

je reviens après l'analyse etc

namour62129 · Answer

bonjour à tous

je suis nouvelle inscrite sur votre site .
je connais bien le site et je sais que vous me serai d'une grande aide .

j'ai lu pas mal de post sur mon probléme et je ne vois que vous pour m'aider .

j'ai mon syst32 qui est infecté .

j'ai télécharger malwarebyte anti-malware et voici le rapport :
( bien evidemment je ne sais pas le déchiffré lol )
Pouvez-vous m'aider à supprimer ce virus .
mes donnés sur le disque dur data sont accessible mais quand j'ouvre le disque C: ben c vide alors ca fait peur 

merci d'avance cordialement

=>  Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6752

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

02/06/2011 13:16:06
mbam-log-2011-06-02 (13-16-06).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 267262
Temps écoulé: 48 minute(s), 33 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\mozilla firefoxk_quarantine\39313144.exe.vir (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\program files\mozilla firefoxk_quarantine\iwtqjsalxi.exe.vir (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\iwtqjsalxi.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\sophie\AppData\Local\microsoft\Windows	emporary internet files\Content.IE5\VZ2E37LZ\calc[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\sophie\downloads\vlc-fr(2).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\sophie\downloads\vlc-fr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Trojan:Win32/Sefnit.G aide svp

9 réponses

Votre réponse

Discussions similaires

Newsletters