Probléme win 32

Résolu/Fermé
Signaler
Messages postés
10
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
17 avril 2014
-
 Utilisateur anonyme -
Bonjour, je suis embêter avec se message "Host process for generic win32 ne répond plus et dois se fermer" j'ai windows xp sp2 voilà mon rapport:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:26, on 23/10/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\saad\Application Data\dadvmgr32.exe
C:\WINDOWS\jodrive32.exe
C:\WINDOWS\aadrive32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\saad\Mes documents\Téléchargements\Ekinx.exe
C:\WINDOWS\system32\smsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=bf3&s={searchTerms}&f=4
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cpv.onlinelivesearch.com/cpv.jsp?p=113890&aid=10036145&partnerMin=0.00&ron=on&ronMin=0.00&url=&context=&default=http://cpvback.onlinelivesearch.com/ads.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ac32] C:\WINDOWS\system32\ac32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Config Setup] C:\WINDOWS\jodrive32.exe
O4 - HKLM\..\Run: [c9mgr] C:\WINDOWS\system32\c9mgr.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\aadrive32.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tnaww] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
O4 - HKCU\..\Run: [Firewall Security Service] c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [dadv] C:\Documents and Settings\saad\Application Data\dadvmgr32.exe
O4 - HKCU\..\Run: [ef25] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Config Setup] C:\WINDOWS\jodrive32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\aadrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{01782EE2-7996-45FC-A820-14AE5CD1584E}: NameServer = 62.251.229.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{01782EE2-7996-45FC-A820-14AE5CD1584E}: NameServer = 62.251.229.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{01782EE2-7996-45FC-A820-14AE5CD1584E}: NameServer = 62.251.229.237
O17 - HKLM\System\CS3\Services\Tcpip\..\{01782EE2-7996-45FC-A820-14AE5CD1584E}: NameServer = 62.251.229.237
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Print Spooler Monitor (PrtSmanm) - Unknown owner - C:\WINDOWS\system32\smsc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: tficvavvfhyh - EasyPHP - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ctfmon.exe

10 réponses

Salut,
je vois que personne encore t'as répondu...
Hijackthis commence à être dépassé. Néanmoins, ton ordinateur est infecté de malwares, virus, cheval de troie...
ex:C:\WINDOWS\jodrive32.exe
C:\WINDOWS\aadrive32.exe
[c9mgr] C:\WINDOWS\system32\c9mgr.exe
C:\Documents and Settings\saad\Application Data\dadvmgr32.exe
C:\WINDOWS\system32\smsc.exe

télecharge Malware anti Malware (lien ci dessous), met le à jour, et fait une analyse complète

voici le lien:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

tiens moi au courant
0
surtout ne supprime pas les programmes manuellement, après l'analyse approfondie de Malware antiMalware, le programme te proposera de supprimer les spywares trouvés
0
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 644
Alexkander le lien que tu donnes est pas utilisable car tu est pas inscrit et ton lien est donc pas cliquable !! tu voulais lui proposer malwarebytes ??

dans ce cas saadboss tu fais cela !!


!! ATTENTION !!! près de 2 heures de scan !!!

Télécharge Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

si problème essais avec celui ci : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installation, alors télécharge le ici :COMCTL32.OCX

. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Une fois la mise à jour terminée
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Sélectionnes tous les disques si proposés
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc si il le fait pas lui même
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Messages postés
10
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
17 avril 2014

voilà:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8000

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23/10/2011 17:18:52
mbam-log-2011-10-23 (17-18-52).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 203119
Temps écoulé: 18 minute(s), 36 seconde(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 225

Processus mémoire infecté(s):
c:\WINDOWS\system32\smsc.exe (Backdoor.IRCBot.H) -> 1432 -> Unloaded process successfully.
c:\WINDOWS\jodrive32.exe (Backdoor.Bot) -> 1684 -> Unloaded process successfully.
c:\WINDOWS\aadrive32.exe (Backdoor.Bot) -> 1052 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PrtSmanm (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tficvavvfhyh (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Config Setup (Backdoor.Bot) -> Value: Microsoft Config Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Config Setup (Backdoor.Bot) -> Value: Microsoft Config Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Backdoor.Bot) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Backdoor.Bot) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c9mgr (Trojan.Downloader) -> Value: c9mgr -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tnaww (Backdoor.Bot) -> Value: Tnaww -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Firewall Security Service (Trojan.Agent.H) -> Value: Firewall Security Service -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.AutoRun) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ef25 (Worm.AutoRun.Gen) -> Value: ef25 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac32 (Trojan.Agent) -> Value: ac32 -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent.H) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe) Good: () -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,Explorer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) -> Delete on reboot.

Fichier(s) infecté(s):
c:\WINDOWS\system32\smsc.exe (Backdoor.IRCBot.H) -> Delete on reboot.
c:\Documents and Settings\Administrateur\Local Settings\Temp\ctfmon.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\WINDOWS\jodrive32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\aadrive32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\c9mgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe (Trojan.Agent.H) -> Delete on reboot.
c:\documents and settings\administrateur\application data\14.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\2.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\4F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\76.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\60.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\62.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\64.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\67.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\69.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\6D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\6F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\56.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\OHAB816B\logo[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\056JWLYF\xx[2].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\056JWLYF\y[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0D2V0DUR\d[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0D2V0DUR\p[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\0D2V0DUR\tyf[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\C9U3CPQF\p[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\C9U3CPQF\y[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\CTEZ45A3\JJ44[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\10.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\11.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\12.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\14.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\15.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\16.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\17.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\18.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\19.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\1B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\1C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\1D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\1E.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\1F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\2.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\20.tmp (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\21.tmp (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\22.tmp (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\23.tmp (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\24.tmp (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\25.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\28.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\29.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\2A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\2C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\2D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\2F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\scfx.bcxsa (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\30.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\31.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\32.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\33.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\34.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\35.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\36.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\37.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\38.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\39.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\3A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\3C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\3D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\4.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\40.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\41.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\42.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\44.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\45.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\46.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\47.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\48.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\49.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\4A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\4B.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\4C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\4D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\5.tmp (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\51.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\52.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\54.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\55.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\57.tmp (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\58.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\59.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\5B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\5C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\62.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\66.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\67.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\7.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\77.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\78.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\8.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\9.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\C.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\3.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\43.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\63.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\saad\local settings\temporary internet files\Content.IE5\05EBKXYR\624523371[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\saad\local settings\temporary internet files\Content.IE5\05EBKXYR\857239834[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\saad\local settings\temporary internet files\Content.IE5\S1YZSDMJ\624134347[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0016910.cmd (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0016975.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0016996.cmd (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0018127.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0018154.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0018159.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0018177.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0019184.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0019206.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0019208.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0019221.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0019223.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0019225.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP18\A0018133.cmd (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019918.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019920.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019923.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019924.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019927.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019931.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019933.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019936.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019938.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019945.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019966.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019967.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019968.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019973.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019974.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019975.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019983.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019984.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019986.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0019987.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0020024.exe (Backdoor.Bot.WPMH) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0020020.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP24\A0020021.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020051.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020056.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020649.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020651.cmd (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020653.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020655.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020660.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020667.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020670.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020712.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020714.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020679.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0020681.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0021714.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0021717.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0021719.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0022718.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0022720.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0022729.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0022743.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0022758.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP26\A0022775.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP26\A0022779.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP26\A0022788.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP26\A0023788.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0023791.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0023805.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0023809.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0023815.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0023819.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0023829.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0023831.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0024027.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0024041.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0024053.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0025052.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP27\A0025055.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0025105.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0025107.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0025111.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0030136.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0030140.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0030156.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0030167.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0030171.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0030175.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\06.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\10.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\11.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\16.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\24.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\26.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lpdd.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\42.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\53.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\54.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\55.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\55.scr (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\62.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\78.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\81.scr (VirTool.VBInject) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrateur\application data\5C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\53.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\56.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\5A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\saad\application data\5D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
c:\WINDOWS\logfile32.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\ winfixer c a r d .cmd (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.AutoRun.Gen) -> Quarantined and deleted successfully.
0

bonsoir,
tu as un bot sur le pc !!!

pas cool comme infection :D

on verra si MBAM fait le travail ;)


0
Merci ,jacques.gache, je ne savais pas, je voulais proposer malwarebytes, et puis je vais m'inscrire sur ce forum ;)
0
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 644
alexkander oui cela sera plus simpa pour ccm !! et puis on pourra discuter en MP passe nous dire quand tu seras inscrit !!
0
Messages postés
228
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
31 octobre 2014
14
Ca y est , je suis inscrit,un nouveau membre de plus!
0
Messages postés
33442
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 644
saadboss as tu redémarré le pc suite malwarebytes afin de finir le nettoyage ??

la tu vas poster un zhpdiag pour voir se qu'il reste sur le pc , merci à Electricien 69 de continuer à suivre le sujet au cas ou !!

Ouvre ce lien et télécharge ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

cliques sur télécharger "celui du bas"

ou directement ici: ftp://zebulon.fr/ZHPDiag2.exe



Enregistres le sur ton Bureau.

Une fois le téléchargement achevé

pour XP, double-clique sur ZHPDiag

pour Vista,et seven tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.

N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.

Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!

Cliques sur la loupe pour lancer l'analyse.

si tu as un message te demandant la validation pour SIGCHECK acceptes avec OK cela est pour nous faire un rapport plus complet et pouvoir en faire une lecture plus approfondis

Laisses l'outil travailler, il peut être assez long

A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.


Fermes ZHPDiag en fin d'analyse.


Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/index.php


Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt

ou directement en choisissant bureau et ZHPDiag.txt clique dessus

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.


et si problème passe par celui ci : https://www.cjoint.com/
0
Messages postés
10
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
17 avril 2014

http://www.cijoint.fr/cjlink.php?file=cj201110/cijIOS9PsX.txt
0
Messages postés
228
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
31 octobre 2014
14
Malwarebyte a fait un grand ménage, et tu as toujours ce problème avec Win32?
0
salut jaco :D

si tu veux, je reste dans le coin, sinon, tu es bien parti là dessus ;)

@ ++
O.o°*??? Membre, Contributeur sécurité CCMo°.Oø¤º°'°º¤ø

O.o°* ??? Réspire à fond, Rédige ton message en bon français et de manière claire.Ca va bien se passer, tu verras, enfin on essaie !!! o°.Oø¤º°'°º¤ø
0
Messages postés
228
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
31 octobre 2014
14
SadBoss,

fais aussi les mises à jour à travers de windows Update, et (conseil),choisis les mises à jour automatique, du moins si tu ne veux pas de cette option, choisis l'option" laisse télecharger les mises à jour mais laissez moi choisir celle s'il convient de les installer".
En effet, windows update propose des mises à jour, généralement pour combler les failles de sécurité existantes du système considéré. Et pour les personnes n'ayant pas effectué leurs mises à jour, certains peuvent utiliser les failles de sécurité pour prendre contrôle de ton ordinateur. Si ta version Xp n'est pas authentique, je ne te conseille pas de faire les mises à jour, et si c'est le cas, de mettre un windows authentique.
0
Messages postés
228
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
31 octobre 2014
14
Ton ordinateur est toujours infesté, mais je laisse la main à d'autres personnes,je n'ai pas envie de faire une gaffe
0

@ alexkander ;

je te l'avais dit, je suis au courant :D

@ Sasboss :

il y a un tas de fichier qui ne correspondent à rien !


on ne prend pas de risques !



* /!\Avertissement :
Ce logiciel n'est à utiliser que prescrit par un helper qualifié.
Ne pas utiliser en dehors de ce cas de figure : dangereux!




► Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
ou ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :

► ferme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

- il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.


- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\ComboFix\ComboFix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.




0
Messages postés
10
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
17 avril 2014

ComboFix 11-10-21.06 - saad 23/10/2011 19:44:39.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503.218 [GMT 0:00]
Lancé depuis: c:\documents and settings\saad\Mes documents\TÚlÚchargements\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-09-23 au 2011-10-23 ))))))))))))))))))))))))))))))))))))
.
.
2011-10-23 17:32 . 2011-10-23 17:35 -------- d-----w- C:\ZHP
2011-10-08 17:46 . 2011-10-08 17:46 -------- d-----w- C:\swsetup
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-20 15:04 . 2004-08-19 16:10 14336 ----a-w- c:\windows\system32\svchost.exe
2011-09-29 07:16 . 2011-10-07 21:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . A3886230C2B22BF4D3C452B90B1C45CB . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2010-07-10 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2011-10-6 962661]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"MaxUserPort"= 63000 (0xf618)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [23/10/2011 16:44 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23/10/2011 16:44 22216]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;"c:\program files\LogMeIn Hamachi\hamachi-2.exe" -s --> c:\program files\LogMeIn Hamachi\hamachi-2.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://cpv.onlinelivesearch.com/cpv.jsp?p=113890&aid=10036145&partnerMin=0.00&ron=on&ronMin=0.00&url=&context=&default=http://cpvback.onlinelivesearch.com/ads.php
FF - ProfilePath - c:\documents and settings\saad\Application Data\Mozilla\Firefox\Profiles\bcbggpd4.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Ibmqmy - c:\documents and settings\saad\Application Data\Ibmqmy.exe
HKCU-Run-Odmqme - c:\documents and settings\saad\Application Data\Odmqme.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 19:50
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Ibmqmy = c:\documents and settings\saad\Application Data\Ibmqmy.exe
Odmqme = c:\documents and settings\saad\Application Data\Odmqme.exe
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ibmqmy"="c:\\Documents and Settings\\saad\\Application Data\\Ibmqmy.exe"
"Odmqme"="c:\\Documents and Settings\\saad\\Application Data\\Odmqme.exe"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1988)
c:\windows\system32\msi.dll
.
Heure de fin: 2011-10-23 19:54:59
ComboFix-quarantined-files.txt 2011-10-23 19:54
ComboFix2.txt 2011-10-23 19:37
.
Avant-CF: 33 166 417 920 octets libres
Après-CF: 33 154 678 784 octets libres
.
- - End Of File - - 150918D7123132CF0079AE7A2BF4EB9B
0

bonjour,

redemarre ton pc,

relance MBAM, vide sa quarantaine, lance une nouvelle mise à jour,

passe un scan complet de nouvea !

je sais, tu vas me dire que ça va prendre 3h00 :P

0
Messages postés
10
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
17 avril 2014

Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\qoobox\quarantine\c\documents and settings\saad\application data\15.tmp.vir (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\saad\application data\16.tmp.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\qoobox\quarantine\c\windows\system32\smsc.exe.vir (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0022741.exe (Backdoor.Bot.WPMH) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP25\A0022742.exe (Backdoor.Bot.WPMH) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0032196.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\rp28\a0032198.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0034220.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP28\A0034222.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\rp28\a0034223.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\rp29\a0034231.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\RP29\A0034489.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\rp29\a0034492.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\rp29\a0034532.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fd7fb635-4637-4b65-b79d-1a4c525941cb}\rp29\a0035217.exe (Backdoor.IRCBot.H) -> Quarantined and deleted successfully.
0

relance MBAM, vide sa quarantaine, refais à nouveau une mise à jour et un nouveau scan,

tu as eu in Bot, il est dans la resturation système, il faut le chasser :D

par contre, tes points de restauration sont infectés, on les vire à la fin de désinfection et on en crée un nouveau propre :D

0
Messages postés
10
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
17 avril 2014

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8004

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

24/10/2011 17:22:19
mbam-log-2011-10-24 (17-22-18).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 210514
Temps écoulé: 27 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0

redemarre ton pc et donne moi des nouvelles de son fonctionnement avant de tout finalier :D

0
Messages postés
10
Date d'inscription
samedi 22 octobre 2011
Statut
Membre
Dernière intervention
17 avril 2014

Ce jour je n'ai pas eu le message je crois que c'est résolu!! Merci pour tout!
0

ok,
on términe :

* pour supprimer les outils de désinfection
:

Télecharge Delfix sur ton bureau :



*Clique sur le bouton « Suppression » et poste son rapport sur ton prochain message
**Pour le désinstaller, il suffit de le relancer et cliquer sur le bouton de désinstallation.






. télécharges Ccleaner à partir de cette adresse et enregistres le sur le bureau

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

.double-cliques sur le fichier pour lancer l'installation

.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner

tuto installation & nettoyage :
https://www.donnemoilinfo.com/tuto/CCleaner/



* Désactivation, puis Réactivation de la restauration système après désinfection :

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :

Pour XP :
https://www.commentcamarche.net/faq/5097-virus-system-volume-information



* fais une mise à jour de ton antivirus, lance un scan complet de ton pc, tiens moi au courant du résultat :-)

0