Sujet Précédent Sujet Suivant

Virus et trojan "Vundo" Désinstallation

raphaelle84 Messages postés 8 Statut Membre -  
raphaelle84 Messages postés 8 Statut Membre -
Bonjour à tous,

je viens de découvrir ce forum...c'est génial !

Je pourrais venir en aide à certains si vous avez des questions concernant les logiciels "Web" et "Graphisme" malheureusement je ne comprend absolument rien en informatique pure :-(

Bref j'ai un souci :

J'ai apparament un sérieux problème avec un trojan !

Si quelqu'un peut m'aider ! D'avance merci

Voici le rapport Hijack

Logfile of HijackThis v1.99.1
Scan saved at 09:15:09, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PVSW\Bin\WGE_SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Raphaëlle\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [a48020ac] rundll32.exe "C:\WINDOWS\system32\axaqrmmf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - C:\PVSW\Bin\WGE_SRV.EXE
A voir également:

10 réponses

Réponse 1 / 10
^^Marie^^
 
Bonjour,

1/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaitra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

ET

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse

Ensuite,

télécharge combofix (par sUBs)ici :
Combofix est un programme qui supprime des trojans/backdoor connues et rootkits
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
2/ double-clique sur combofix.exe et suis les instructions
3/ à la fin, il va produire un rapport C:\ComboFix.txt
4/ copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Poste aussi un nouveau rapport Hijackthis.


Bon courage

A++
0
Réponse 2 / 10
raphaelle84 Messages postés 8 Statut Membre
 
bonjour Marie
Tout d'abard, merci pour votre réponse, je me sens moins seule :-)

1/ Voici le rapport Vundofix

VundoFix V6.5.11

Checking Java version...

Scan started at 14:51:01 11/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\fhqcurtw.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fhqcurtw.dll
C:\WINDOWS\system32\fhqcurtw.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Scan started at 14:56:51 11/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\dwddhvoj.dll

Beginning removal...

VundoFix V6.5.11

Checking Java version...

Scan started at 15:06:40 11/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\dwddhvoj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dwddhvoj.dll
C:\WINDOWS\system32\dwddhvoj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dwddhvoj.dll
C:\WINDOWS\system32\dwddhvoj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Scan started at 15:16:44 11/11/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.11

Checking Java version...

Scan started at 09:59:03 12/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\fagqbqbc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fagqbqbc.dll
C:\WINDOWS\system32\fagqbqbc.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fagqbqbc.dll
C:\WINDOWS\system32\fagqbqbc.dll Has been deleted!

Performing Repairs to the registry.
Done!

-----------------------------------------------
2/ Le rapport VBG :

[11/12/2007, 10:17:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Raphaëlle\Bureau\VirtumundoBeGone.exe" )
[11/12/2007, 10:17:26] - Detected System Information:
[11/12/2007, 10:17:26] - Windows Version: 5.1.2600, Service Pack 2
[11/12/2007, 10:17:26] - Current Username: Raphaëlle (Admin)
[11/12/2007, 10:17:26] - Windows is in NORMAL mode.
[11/12/2007, 10:17:26] - Searching for Browser Helper Objects:
[11/12/2007, 10:17:26] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} ()
[11/12/2007, 10:17:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:26] - Checking for HKLM\...\Winlogon\Notify\khfgfcy
[11/12/2007, 10:17:26] - Found: HKLM\...\Winlogon\Notify\khfgfcy - This is probably Virtumundo.
[11/12/2007, 10:17:26] - Assigning {01CD0B31-9154-45F2-9414-F5D64B74EAF6} MSEvents Object
[11/12/2007, 10:17:26] - BHO list has been changed! Starting over...
[11/12/2007, 10:17:26] - BHO 1: {01CD0B31-9154-45F2-9414-F5D64B74EAF6} (MSEvents Object)
[11/12/2007, 10:17:26] - ALERT: Found MSEvents Object!
[11/12/2007, 10:17:26] - BHO 2: {284C8662-5F8A-4DB1-B3D0-CB39DC890416} ()
[11/12/2007, 10:17:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:26] - No filename found. Continuing.
[11/12/2007, 10:17:26] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 10:17:26] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 10:17:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:26] - No filename found. Continuing.
[11/12/2007, 10:17:26] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/12/2007, 10:17:26] - BHO 6: {A517244E-416C-4C5B-889E-12124182B9E1} ()
[11/12/2007, 10:17:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:26] - Checking for HKLM\...\Winlogon\Notify\gebcd
[11/12/2007, 10:17:26] - Key not found: HKLM\...\Winlogon\Notify\gebcd, continuing.
[11/12/2007, 10:17:26] - BHO 7: {BCC73622-F72D-4277-803C-D65565A0947F} ()
[11/12/2007, 10:17:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:26] - No filename found. Continuing.
[11/12/2007, 10:17:26] - BHO 8: {D2A6CC50-4577-467C-86D9-504C7B8AEC15} ()
[11/12/2007, 10:17:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:26] - No filename found. Continuing.
[11/12/2007, 10:17:26] - BHO 9: {f3df73c5-5d4f-44d7-94e4-01bd0ad996db} ()
[11/12/2007, 10:17:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:26] - Checking for HKLM\...\Winlogon\Notify\irxlspix
[11/12/2007, 10:17:27] - Key not found: HKLM\...\Winlogon\Notify\irxlspix, continuing.
[11/12/2007, 10:17:27] - Finished Searching Browser Helper Objects
[11/12/2007, 10:17:27] - *** Detected MSEvents Object
[11/12/2007, 10:17:27] - Trying to remove MSEvents Object...
[11/12/2007, 10:17:28] - Terminating Process: IEXPLORE.EXE
[11/12/2007, 10:17:28] - Terminating Process: RUNDLL32.EXE
[11/12/2007, 10:17:28] - Disabling Automatic Shell Restart
[11/12/2007, 10:17:28] - Terminating Process: EXPLORER.EXE
[11/12/2007, 10:17:28] - Suspending the NT Session Manager System Service
[11/12/2007, 10:17:28] - Terminating Windows NT Logon/Logoff Manager
[11/12/2007, 10:17:28] - Re-enabling Automatic Shell Restart
[11/12/2007, 10:17:28] - File to disable: C:\WINDOWS\system32\khfgfcy.dll
[11/12/2007, 10:17:28] - Renaming C:\WINDOWS\system32\khfgfcy.dll -> C:\WINDOWS\system32\khfgfcy.dll.vir
[11/12/2007, 10:17:29] - File successfully renamed!
[11/12/2007, 10:17:29] - Removing HKLM\...\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
[11/12/2007, 10:17:29] - Removing HKCR\CLSID\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
[11/12/2007, 10:17:29] - Adding Kill Bit for ActiveX for GUID: {01CD0B31-9154-45F2-9414-F5D64B74EAF6}
[11/12/2007, 10:17:29] - Deleting ATLEvents/MSEvents Registry entries
[11/12/2007, 10:17:29] - Removing HKLM\...\Winlogon\Notify\khfgfcy
[11/12/2007, 10:17:29] - Searching for Browser Helper Objects:
[11/12/2007, 10:17:29] - BHO 1: {284C8662-5F8A-4DB1-B3D0-CB39DC890416} ()
[11/12/2007, 10:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:29] - No filename found. Continuing.
[11/12/2007, 10:17:29] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/12/2007, 10:17:29] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[11/12/2007, 10:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:29] - No filename found. Continuing.
[11/12/2007, 10:17:29] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/12/2007, 10:17:29] - BHO 5: {A517244E-416C-4C5B-889E-12124182B9E1} ()
[11/12/2007, 10:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:29] - Checking for HKLM\...\Winlogon\Notify\gebcd
[11/12/2007, 10:17:29] - Key not found: HKLM\...\Winlogon\Notify\gebcd, continuing.
[11/12/2007, 10:17:29] - BHO 6: {BCC73622-F72D-4277-803C-D65565A0947F} ()
[11/12/2007, 10:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:29] - No filename found. Continuing.
[11/12/2007, 10:17:29] - BHO 7: {D2A6CC50-4577-467C-86D9-504C7B8AEC15} ()
[11/12/2007, 10:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:29] - No filename found. Continuing.
[11/12/2007, 10:17:29] - BHO 8: {f3df73c5-5d4f-44d7-94e4-01bd0ad996db} ()
[11/12/2007, 10:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/12/2007, 10:17:29] - Checking for HKLM\...\Winlogon\Notify\irxlspix
[11/12/2007, 10:17:29] - Key not found: HKLM\...\Winlogon\Notify\irxlspix, continuing.
[11/12/2007, 10:17:29] - Finished Searching Browser Helper Objects
[11/12/2007, 10:17:29] - Finishing up...
[11/12/2007, 10:17:29] - A restart is needed.
[11/12/2007, 10:17:35] - Attempting to Restart via STOP error (Blue Screen!)

------------------------------------------------------
3/ Le rappot ComboFix

ComboFix 07-11-08.1 - Raphaëlle 2007-11-12 10:24:34.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.569 [GMT 1:00]
Running from: C:\Documents and Settings\Raphaëlle\Local Settings\Temporary Internet Files\Content.IE5\3SLMN2N9\ComboFix[1].exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe.ren
C:\WINDOWS\b111.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dwddhvoj.dllbox
C:\WINDOWS\system32\fagqbqbc.dllbox
C:\WINDOWS\system32\fhqcurtw.dllbox
C:\WINDOWS\system32\gebcd.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-12 to 2007-11-12 ))))))))))))))))))))))))))))))))))))
.

2007-11-12 10:33 <REP> C:\WINDOWS\X38DINSX27CHMRW1
2007-11-12 10:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-12 09:00 87,104 --a------ C:\WINDOWS\system32\axaqrmmf.dll
2007-11-12 08:57 216,160 --a------ C:\WINDOWS\system32\tasmvlfv.dll
2007-11-12 08:56 36,352 --a------ C:\WINDOWS\system32\khfgfcy.dll.vir
2007-11-12 08:55 78,400 --a------ C:\WINDOWS\system32\irxlspix.dll
2007-11-11 14:55 216,160 --a------ C:\WINDOWS\system32\fcmtsicq.dll
2007-11-11 14:51 <REP> d-------- C:\VundoFix Backups
2007-11-11 14:42 <REP> d-------- C:\Program Files\Navilog1
2007-11-11 01:43 <REP> d-------- C:\Program Files\MSXML 6.0
2007-11-11 01:35 <REP> d-------- C:\Program Files\RegCleaner
2007-11-11 01:31 <REP> d-------- C:\Program Files\MSXML 4.0
2007-11-11 01:30 87,104 --a------ C:\WINDOWS\system32\pktabmmo.dll
2007-11-11 01:30 294 --a------ C:\WINDOWS\system32\ommbatkp.ini.ren
2007-11-11 01:28 78,400 --a------ C:\WINDOWS\system32\hvllxgmx.dll
2007-11-11 01:16 78,400 --a------ C:\WINDOWS\system32\trfcdmyc.dll
2007-11-11 01:14 584,416 --a------ C:\WINDOWS\system32\oecgydww.ini.ren
2007-11-11 01:14 87,104 --a------ C:\WINDOWS\system32\wwdygceo.dll
2007-11-11 01:00 216,160 --a------ C:\WINDOWS\system32\qmhthnfu.dll
2007-11-11 01:00 78,400 --a------ C:\WINDOWS\system32\twexueqb.dll
2007-11-11 00:58 584,476 --a------ C:\WINDOWS\system32\pepppiuv.ini.ren
2007-11-11 00:58 87,104 --a------ C:\WINDOWS\system32\vuipppep.dll.ren
2007-11-11 00:52 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-11 00:49 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-11 00:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-11 00:49 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-11 00:49 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-11 00:49 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-11 00:49 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-11 00:49 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-11 00:48 36,352 --a------ C:\WINDOWS\system32\ddcdecy.dll
2007-11-10 23:40 584,716 --a------ C:\WINDOWS\system32\fodfbowc.ini.ren
2007-11-10 23:40 87,104 --a------ C:\WINDOWS\system32\cwobfdof.dll.ren
2007-11-10 23:40 78,400 --a------ C:\WINDOWS\system32\imbktcfa.dll
2007-11-10 23:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-11-10 22:55 <REP> d-------- C:\Program Files\a-squared Free
2007-11-10 21:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 20:05 <REP> d-------- C:\Program Files\Lavasoft
2007-11-10 11:40 36,352 --a------ C:\WINDOWS\system32\tuvwwtt.dll
2007-11-10 07:13 216,160 --a------ C:\WINDOWS\system32\cankvxyp.dll
2007-11-10 07:07 78,400 --a------ C:\WINDOWS\system32\jabmwtnc.dll
2007-11-09 19:04 7,555 --a------ C:\WINDOWS\system32\dcbeg.ini2.ren
2007-11-09 19:03 7,555 --ahs---- C:\WINDOWS\system32\dcbeg.ini.ren
2007-11-09 19:02 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-09 18:59 <REP> d-------- C:\Program Files\vso
2007-11-09 18:58 35,328 --a------ C:\WINDOWS\system32\efccywu.dll.ren
2007-10-24 12:59 <REP> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 09:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 23:42 --------- d-----w C:\Program Files\LogMeIn
2007-11-10 10:59 --------- d-----w C:\Program Files\Ahead
2007-10-27 15:42 --------- d-----w C:\Program Files\BitLord2
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-22 07:02 --------- d-----w C:\Program Files\Java
2007-10-19 16:38 --------- d-----w C:\Program Files\Loto des Associations
2007-10-10 19:41 --------- d-----w C:\Program Files\One-click Tag Editor
2007-10-10 19:11 --------- d-----w C:\Program Files\Audacity
2007-10-10 18:09 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-10-10 18:09 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-10-10 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-10-10 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-10-10 18:08 --------- d-----w C:\Program Files\Sony Ericsson
2007-10-10 17:48 --------- d-----w C:\Program Files\Disc2Phone
2007-10-01 11:15 839,692 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,691 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-28 15:43 --------- d-----w C:\Program Files\Altiris
2007-09-28 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 15:27 --------- d-----w C:\Program Files\Philips Flat Panel Adjust
2007-09-19 07:09 --------- d-----w C:\Program Files\MSN Messenger
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{284C8662-5F8A-4DB1-B3D0-CB39DC890416}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A6CC50-4577-467C-86D9-504C7B8AEC15}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3df73c5-5d4f-44d7-94e4-01bd0ad996db}]
2007-11-12 08:55 78400 --a------ C:\WINDOWS\system32\irxlspix.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 15:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-03 18:42]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-08 18:18]
"a48020ac"="C:\WINDOWS\system32\axaqrmmf.dll" [2007-11-12 09:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe" [2005-01-05 14:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\yayayaa.dll [2007-11-12 10:34 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayayaa]
yayayaa.dll 2007-11-12 10:34 36352 C:\WINDOWS\system32\yayayaa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
"C:\Program Files\LogMeIn\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\RaInfo.sys
R2 Pervasive.SQL Workgroup;EBP - Pervasive.SQL Workgroup;C:\PVSW\Bin\WGE_SRV.EXE
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c48ec5a-24ae-11dc-8160-000c76edef06}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-10 21:20:06 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 10:33:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\yayayaa.dll 36352 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-11-12 10:35:18 - machine was rebooted
.
--- E O F ---

------------------------------------------------------

Et enfin le nouveau rapport Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 10:41:59, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PVSW\Bin\WGE_SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\17PHolmes1188.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Raphaëlle\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [a48020ac] rundll32.exe "C:\WINDOWS\system32\axaqrmmf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - C:\PVSW\Bin\WGE_SRV.EXE

J'attends ton commentaire... merci
0
Réponse 3 / 10
^^Marie^^
 
Bonjour,

Fais un clic droit sur hijackthis, choisis "renommer" marque : abcde.exe
Puis remet un rapport stp
0
Réponse 4 / 10
raphaelle84 Messages postés 8 Statut Membre
 
Voici le nouveau rapport :

Logfile of HijackThis v1.99.1
Scan saved at 11:32:41, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PVSW\Bin\WGE_SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\17PHolmes1188.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Raphaëlle\Bureau\abcde.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {284C8662-5F8A-4DB1-B3D0-CB39DC890416} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D2A6CC50-4577-467C-86D9-504C7B8AEC15} - (no file)
O2 - BHO: {bd699da0-db10-4e49-7d44-f4d55c37fd3f} - {f3df73c5-5d4f-44d7-94e4-01bd0ad996db} - C:\WINDOWS\system32\irxlspix.dll
O2 - BHO: (no name) - {FE4373FB-82C7-4A56-AAEF-1F4DC14FA5DD} - C:\WINDOWS\system32\ssqpm.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [a48020ac] rundll32.exe "C:\WINDOWS\system32\axaqrmmf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayayaa - C:\WINDOWS\SYSTEM32\yayayaa.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - C:\PVSW\Bin\WGE_SRV.EXE
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
^^Marie^^
 
Bonjour,

Télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
(de Old_Timer) sur ton Bureau.

4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

O2 - BHO: (no name) - {284C8662-5F8A-4DB1-B3D0-CB39DC890416} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {bd699da0-db10-4e49-7d44-f4d55c37fd3f} - {f3df73c5-5d4f-44d7-94e4-01bd0ad996db} - C:\WINDOWS\system32\irxlspix.dll
O2 - BHO: (no name) - {FE4373FB-82C7-4A56-AAEF-1F4DC14FA5DD} - C:\WINDOWS\system32\ssqpm.dll
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe

Double-clique sur OTMoveIt.exe pour lancer le programme,

Copie la liste de fichiers ou de dossiers ci-dessous et
colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Program Files\WinAble\winable.exe

Clique sur MoveIt! pour lancer la suppression,
Le résultat appraraîtra dans le cadre Results.
Clique sur Exit pour fermer le programme.
Poste le rapport qui est situé ici : C:\\\\_OTMoveIt\MovedFiles
Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

Supprime Avast (pas mal de failles) et installe Antivir

ANTIVIR
https://www.avira.com/
Tuto
http://speedweb1.free.fr/frames2.php?page=tuto5

télécharger la version gratuite de Avast
Vous pouvez télécharger Avast sur le site suivant
https://www.avast.com/free-antivirus-download
Tuto ->
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/questions-avast-sujet_176199_1.htm

Installe un pare-feu

télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
SITE de Kerio
https://kerio.probb.fr/
0
Réponse 6 / 10
raphaelle84 Messages postés 8 Statut Membre
 
Voila, j'ai suivi la procédure et voici donc le rapport de OtMoveit :

File/Folder C:\Program Files\WinAble\winable.exe not found.

Created on 11/12/2007 12:49:39

J'ai aussi installé antivir, maintenant je vais redemarrer mon poste en mode sans echec pour un premier test de scan antivirus...

... Je croise les doigts
0
Réponse 7 / 10
raphaelle84 Messages postés 8 Statut Membre
 
Marie, voici le resultat Antivir.... Il a trouvé un tas de trucs... je ne sais meme pas d'où ça vient !
Quelques éléments étaient en quarantaine, je les ai supprimé...
Je suis en train de refaire un scan avec Avast, penses-tu qu'il faut que je fasse autre chose ? Comment puis-je savoir si mon ordi est "propre" ?

En tout cas mille fois merci pour ta précieuse aide...

-------------------------------------------------------------------------
AntiVir PersonalEdition Classic
Report file date: lundi 12 novembre 2007 13:22

Scanning for 926065 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Raphaëlle
Computer name: RAPHAELLE

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:00:41
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 12:00:41
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 12:00:41
ANTIVIR3.VDF : 7.0.0.203 14336 Bytes 12/11/2007 12:00:41
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 12/11/2007 12:00:42
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: lundi 12 novembre 2007 13:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
C:\WINDOWS\system32\axaqrmmf.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\axaqrmmf.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

The registry was scanned ( '34' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47a14743.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47a64749.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47b24751.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4633233a.qua'!
C:\Documents and Settings\Raphaëlle\Bureau\VirtumundoBeGone.exe
[DETECTION] Contains detection pattern of the application APPL/Processor
[INFO] The file was moved to '47aa478e.qua'!
C:\Documents and Settings\Raphaëlle\Bureau\backups\backup-20071112-124609-326.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '479b4787.qua'!
C:\Documents and Settings\Raphaëlle\Local Settings\Temporary Internet Files\Content.IE5\8ZI49SCD\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4788477e.qua'!
C:\Documents and Settings\Raphaëlle\Local Settings\Temporary Internet Files\Content.IE5\8ZI49SCD\a8f5a020e4b833865a1034489887c8b9[1].zip
[0] Archive type: ZIP
--> b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '479e477f.qua'!
C:\Documents and Settings\Raphaëlle\Mes documents\applications\file21.zip
[0] Archive type: ZIP
--> pcytrkg.com
[DETECTION] Contains detection pattern of the DOS virus DOS/NRLG-based.5
[INFO] The file was moved to '47a44879.qua'!
C:\Program Files\Navilog1\reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '479a53eb.qua'!
C:\qoobox\Quarantine\catchme2007-11-12_103244.46.zip
[0] Archive type: ZIP
--> gebcd.dll
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AS
[INFO] The file was moved to '47ac5459.qua'!
C:\qoobox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a7546a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gebcd.dll.vir
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AS
[INFO] The file was moved to '479a545e.qua'!
C:\VundoFix Backups\dwddhvoj.dll.bad
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AS
[INFO] The file was moved to '479c5471.qua'!
C:\VundoFix Backups\fagqbqbc.dll.bad
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AS
[INFO] The file was moved to '479f545b.qua'!
C:\VundoFix Backups\fhqcurtw.dll.bad
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AS
[INFO] The file was moved to '47a95463.qua'!
C:\WINDOWS\b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '476a542d.qua'!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a75473.qua'!
C:\WINDOWS\NirCmd.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
[INFO] The file was moved to '47aa546b.qua'!
C:\WINDOWS\Fonts\a.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b255d7.qua'!
C:\WINDOWS\Fonts\Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47995634.qua'!
C:\WINDOWS\Fonts\svchost.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479b5658.qua'!
C:\WINDOWS\Fonts\'\00jj99uuii66ddxxqqq.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a25618.qua'!
C:\WINDOWS\Fonts\'\101 Jukebox Classics Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47695619.qua'!
C:\WINDOWS\Fonts\'\101 Jukebox Classics Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46160f42.qua'!
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4758561a.qua'!
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4758561b.qua'!
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4758561c.qua'!
C:\WINDOWS\Fonts\'\30 Days Of Night Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270f45.qua'!
C:\WINDOWS\Fonts\'\88 Minutes (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47585625.qua'!
C:\WINDOWS\Fonts\'\88 Minutes (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47585626.qua'!
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a45651.qua'!
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46db0f0a.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5652.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5653.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5654.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a75657.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d80f00.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a75658.qua'!
C:\WINDOWS\Fonts\'\Aerial Mahjong Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa565a.qua'!
C:\WINDOWS\Fonts\'\Aerial Mahjong Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa565b.qua'!
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47995662.qua'!
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47995664.qua'!
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47995665.qua'!
C:\WINDOWS\Fonts\'\All Ditz And Jumbo Tits 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a45665.qua'!
C:\WINDOWS\Fonts\'\All Ditz And Jumbo Tits 2 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a45666.qua'!
C:\WINDOWS\Fonts\'\Apex Video Converter Super v5.93 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479d566b.qua'!
C:\WINDOWS\Fonts\'\Apex Video Converter Super v5.93 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479d566c.qua'!
C:\WINDOWS\Fonts\'\Apex Video Converter Super v5.93 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479d566d.qua'!
C:\WINDOWS\Fonts\'\ASCII Generator v0.8.2b Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477b5651.qua'!
C:\WINDOWS\Fonts\'\ASCII Generator v0.8.2b Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46040f0a.qua'!
C:\WINDOWS\Fonts\'\Aspect Tools v5.3.0.76 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a85672.qua'!
C:\WINDOWS\Fonts\'\Aspect Tools v5.3.0.76 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a85673.qua'!
C:\WINDOWS\Fonts\'\Aspect Tools v5.3.0.76 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a85674.qua'!
C:\WINDOWS\Fonts\'\AVG Internet Security 7.5.446a965 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477f5658.qua'!
C:\WINDOWS\Fonts\'\AVG Internet Security 7.5.446a965 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477f5659.qua'!
C:\WINDOWS\Fonts\'\AVG Internet Security 7.5.446a965 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46000f02.qua'!
C:\WINDOWS\Fonts\'\Babylon 7.0.0 r13 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479a5665.qua'!
C:\WINDOWS\Fonts\'\Babylon 7.0.0 r13 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479a5666.qua'!
C:\WINDOWS\Fonts\'\Babylon 7.0.0 r13 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479a5667.qua'!
C:\WINDOWS\Fonts\'\BackStreet Boys Unbreakable (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479b5668.qua'!
C:\WINDOWS\Fonts\'\BackStreet Boys Unbreakable (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479b5669.qua'!
C:\WINDOWS\Fonts\'\Basshunter-LOL Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5669.qua'!
C:\WINDOWS\Fonts\'\Basshunter-LOL Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab566a.qua'!
C:\WINDOWS\Fonts\'\Battlefield Vietnam Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac566b.qua'!
C:\WINDOWS\Fonts\'\Battlefield Vietnam Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac566c.qua'!
C:\WINDOWS\Fonts\'\Best Of Boob Bangers Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5671.qua'!
C:\WINDOWS\Fonts\'\Best Of Boob Bangers Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5672.qua'!
C:\WINDOWS\Fonts\'\BitDefender Antivirus Plus v10.247 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac5676.qua'!
C:\WINDOWS\Fonts\'\BitDefender Antivirus Plus v10.247 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac5677.qua'!
C:\WINDOWS\Fonts\'\BitDefender Antivirus Plus v10.247 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac5678.qua'!
C:\WINDOWS\Fonts\'\Blood and Chocolate (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7567c.qua'!
C:\WINDOWS\Fonts\'\Blood and Chocolate (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7567d.qua'!
C:\WINDOWS\Fonts\'\Bridge to Terabithia (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a15684.qua'!
C:\WINDOWS\Fonts\'\Bridge to Terabithia (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46de0fdd.qua'!
C:\WINDOWS\Fonts\'\Britney Spears - Blackout 2007 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a15685.qua'!
C:\WINDOWS\Fonts\'\Britney Spears - Blackout 2007 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a15686.qua'!
C:\WINDOWS\Fonts\'\Bubble Butt Bonanza 10 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479a568a.qua'!
C:\WINDOWS\Fonts\'\Bubble Butt Bonanza 10 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479a568b.qua'!
C:\WINDOWS\Fonts\'\Chm To Pdf Converter Professional v3.6.2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a5567e.qua'!
C:\WINDOWS\Fonts\'\Chm To Pdf Converter Professional v3.6.2 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a5567f.qua'!
C:\WINDOWS\Fonts\'\Convert Ppt To Pdf For Powerpoint V3.50 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a65687.qua'!
C:\WINDOWS\Fonts\'\Convert Ppt To Pdf For Powerpoint V3.50 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a65688.qua'!
C:\WINDOWS\Fonts\'\Corel Paint Shop Pro X2 12.00 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa5689.qua'!
C:\WINDOWS\Fonts\'\Counterstrike Condition Zero Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad568a.qua'!
C:\WINDOWS\Fonts\'\Counterstrike Condition Zero Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad568b.qua'!
C:\WINDOWS\Fonts\'\Counterstrike Condition Zero Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d20fd4.qua'!
C:\WINDOWS\Fonts\'\Crashday Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47995690.qua'!
C:\WINDOWS\Fonts\'\Crashday Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46e60fc9.qua'!
C:\WINDOWS\Fonts\'\Crashday Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47995691.qua'!
C:\WINDOWS\Fonts\'\CSI Miami Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47815673.qua'!
C:\WINDOWS\Fonts\'\CSI Miami Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47815674.qua'!
C:\WINDOWS\Fonts\'\CSI Miami Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47815675.qua'!
C:\WINDOWS\Fonts\'\Culpa Innata Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a45698.qua'!
C:\WINDOWS\Fonts\'\Culpa Innata Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46db0fc1.qua'!
C:\WINDOWS\Fonts\'\DDFileCatcher Ver.2.5019.1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477e5668.qua'!
C:\WINDOWS\Fonts\'\DDFileCatcher Ver.2.5019.1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477e5669.qua'!
C:\WINDOWS\Fonts\'\DDFileCatcher Ver.2.5019.1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477e566a.qua'!
C:\WINDOWS\Fonts\'\Dead Mans Shoes Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4799568b.qua'!
C:\WINDOWS\Fonts\'\Dead Mans Shoes Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4799568c.qua'!
C:\WINDOWS\Fonts\'\Delta Force Black Hawk Down Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a4568d.qua'!
C:\WINDOWS\Fonts\'\Diskeeper 2008 Pro Premier Edition v12.0 Build 758 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5692.qua'!
C:\WINDOWS\Fonts\'\Diskeeper 2008 Pro Premier Edition v12.0 Build 758 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab5693.qua'!
C:\WINDOWS\Fonts\'\DJ Finesse - RB Dedication 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47585675.qua'!
C:\WINDOWS\Fonts\'\DJ Finesse - RB Dedication 2 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47585676.qua'!
C:\WINDOWS\Fonts\'\Dogma (DVDRip) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f569c.qua'!
C:\WINDOWS\Fonts\'\Dogma (DVDRip) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46e00fc5.qua'!
C:\WINDOWS\Fonts\'\Dogma (DVDRip) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f569d.qua'!
C:\WINDOWS\Fonts\'\Dryft - Cell Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b156a1.qua'!
C:\WINDOWS\Fonts\'\Dryft - Cell Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46ce0ffa.qua'!
C:\WINDOWS\Fonts\'\Dryft - Cell Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b156a2.qua'!
C:\WINDOWS\Fonts\'\Eagles - Hotel California Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f5692.qua'!
C:\WINDOWS\Fonts\'\Eagles - Hotel California Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f5693.qua'!
C:\WINDOWS\Fonts\'\Eagles - The Long Run Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f5694.qua'!
C:\WINDOWS\Fonts\'\Eagles - The Long Run Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f5695.qua'!
C:\WINDOWS\Fonts\'\Eagles Long Road out of Eden (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46e00fce.qua'!
C:\WINDOWS\Fonts\'\Eagles Long Road out of Eden (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f5696.qua'!
C:\WINDOWS\Fonts\'\Eagles Long Road out of Eden (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f5697.qua'!
C:\WINDOWS\Fonts\'\Evan Almighty 2007 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479956ad.qua'!
C:\WINDOWS\Fonts\'\Evan Almighty 2007 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46e60ff6.qua'!
C:\WINDOWS\Fonts\'\Fantastic Flame Screensaver 4.00.358 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a65699.qua'!
C:\WINDOWS\Fonts\'\Fantastic Flame Screensaver 4.00.358 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a6569a.qua'!
C:\WINDOWS\Fonts\'\Fantastic Flame Screensaver 4.00.358 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a6569b.qua'!
C:\WINDOWS\Fonts\'\FIBA Basketball Manager 2008 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477a5683.qua'!
C:\WINDOWS\Fonts\'\FIBA Basketball Manager 2008 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477a5684.qua'!
C:\WINDOWS\Fonts\'\FIBA Basketball Manager 2008 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477a5685.qua'!
C:\WINDOWS\Fonts\'\FIFA 2008 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477e5686.qua'!
C:\WINDOWS\Fonts\'\FIFA 2008 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46010fdf.qua'!
C:\WINDOWS\Fonts\'\Fire Department 3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa56a7.qua'!
C:\WINDOWS\Fonts\'\Fire Department 3 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa56a8.qua'!
C:\WINDOWS\Fonts\'\Fire Department 3 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa56a9.qua'!
C:\WINDOWS\Fonts\'\Fix-It Utilities 8.0 Pro Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b056a9.qua'!
C:\WINDOWS\Fonts\'\Fix-It Utilities 8.0 Pro Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b056aa.qua'!
C:\WINDOWS\Fonts\'\Fracture (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479956b4.qua'!
C:\WINDOWS\Fonts\'\Frank Zappa - Fillmore East June 1971 [Live] Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479956b5.qua'!
C:\WINDOWS\Fonts\'\Frank Zappa - Fillmore East June 1971 [Live] Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46e60fee.qua'!
C:\WINDOWS\Fonts\'\Frank Zappa - Frank Zappa Meets the Mothers of Prevention Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479956b6.qua'!
C:\WINDOWS\Fonts\'\Frank Zappa - Frank Zappa Meets the Mothers of Prevention Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479956b7.qua'!
C:\WINDOWS\Fonts\'\Fraps Registered 2.9.2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479956b8.qua'!
C:\WINDOWS\Fonts\'\Fraps Registered 2.9.2 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46e60fe1.qua'!
C:\WINDOWS\Fonts\'\Fraps Registered 2.9.2 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479956b9.qua'!
C:\WINDOWS\Fonts\'\G-Force 3.1.2 Platinum Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477e5675.qua'!
C:\WINDOWS\Fonts\'\G-Force 3.1.2 Platinum Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477e5676.qua'!
C:\WINDOWS\Fonts\'\G-Force 3.1.2 Platinum Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477e5677.qua'!
C:\WINDOWS\Fonts\'\Gangbang Auditions #10 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656ac.qua'!
C:\WINDOWS\Fonts\'\Gangbang Auditions #10 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d90ff5.qua'!
C:\WINDOWS\Fonts\'\Gangbang Auditions #10 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656ad.qua'!
C:\WINDOWS\Fonts\'\Good Luck Chuck 2007 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a756bc.qua'!
C:\WINDOWS\Fonts\'\Gridiron Gang (2006) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a156bf.qua'!
C:\WINDOWS\Fonts\'\Half-Life 2 Episode Two Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a456af.qua'!
C:\WINDOWS\Fonts\'\Half-Life 2 Episode Two Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a456b0.qua'!
C:\WINDOWS\Fonts\'\HiDownload Pro 7.06 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477c56b9.qua'!
C:\WINDOWS\Fonts\'\HiDownload Pro 7.06 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477c56ba.qua'!
C:\WINDOWS\Fonts\'\HiDownload Pro 7.06 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '477c56bb.qua'!
C:\WINDOWS\Fonts\'\Homegrown Video # 717 The Porn Ultimatum Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a556c1.qua'!
C:\WINDOWS\Fonts\'\Homegrown Video # 717 The Porn Ultimatum Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a556c2.qua'!
C:\WINDOWS\Fonts\'\Hot Fuzz (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56c3.qua'!
C:\WINDOWS\Fonts\'\HotDog Pro 7.3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56c4.qua'!
C:\WINDOWS\Fonts\'\HotDog Pro 7.3 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56c5.qua'!
C:\WINDOWS\Fonts\'\HotDog Pro 7.3 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d30f9e.qua'!
C:\WINDOWS\Fonts\'\Hunting Unlimited 2008 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656cc.qua'!
C:\WINDOWS\Fonts\'\Hunting Unlimited 2008 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656cd.qua'!
C:\WINDOWS\Fonts\'\Hunting Unlimited 2008 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656ce.qua'!
C:\WINDOWS\Fonts\'\I Scored A Soccer Mom 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478b5679.qua'!
C:\WINDOWS\Fonts\'\I Scored A Soccer Mom 2 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478b567a.qua'!
C:\WINDOWS\Fonts\'\I Scored A Soccer Mom 2 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478b567b.qua'!
C:\WINDOWS\Fonts\'\I Scored A Soccer Mom 3 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478b567c.qua'!
C:\WINDOWS\Fonts\'\Illegal Aliens (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a456c9.qua'!
C:\WINDOWS\Fonts\'\Illegal Aliens (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46db0f92.qua'!
C:\WINDOWS\Fonts\'\Illegal Aliens (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a456ca.qua'!
C:\WINDOWS\Fonts\'\In 15Out 1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856cd.qua'!
C:\WINDOWS\Fonts\'\In 15Out 1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856ce.qua'!
C:\WINDOWS\Fonts\'\In 19Out 4 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856cf.qua'!
C:\WINDOWS\Fonts\'\In 19Out 4 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270f88.qua'!
C:\WINDOWS\Fonts\'\In 1Out 0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d0.qua'!
C:\WINDOWS\Fonts\'\In 1Out 0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d1.qua'!
C:\WINDOWS\Fonts\'\In 1Out 0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270f8a.qua'!
C:\WINDOWS\Fonts\'\In 1Out 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d2.qua'!
C:\WINDOWS\Fonts\'\In 22Out 4 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d3.qua'!
C:\WINDOWS\Fonts\'\In 24Out 1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d4.qua'!
C:\WINDOWS\Fonts\'\In 2Out 0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270f8d.qua'!
C:\WINDOWS\Fonts\'\In 2Out 0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d5.qua'!
C:\WINDOWS\Fonts\'\In 2Out 0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d6.qua'!
C:\WINDOWS\Fonts\'\In 2Out 1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d7.qua'!
C:\WINDOWS\Fonts\'\In 2Out 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d8.qua'!
C:\WINDOWS\Fonts\'\In 3Out 0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270f81.qua'!
C:\WINDOWS\Fonts\'\In 3Out 1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856d9.qua'!
C:\WINDOWS\Fonts\'\In 3Out 1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856da.qua'!
C:\WINDOWS\Fonts\'\In 3Out 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856db.qua'!
C:\WINDOWS\Fonts\'\In 4Out 1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856dc.qua'!
C:\WINDOWS\Fonts\'\In 4Out 1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270f85.qua'!
C:\WINDOWS\Fonts\'\In 4Out 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856dd.qua'!
C:\WINDOWS\Fonts\'\In 4Out 3 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856de.qua'!
C:\WINDOWS\Fonts\'\In 4Out 3 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856df.qua'!
C:\WINDOWS\Fonts\'\In 5Out 1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e0.qua'!
C:\WINDOWS\Fonts\'\In 5Out 1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270fb9.qua'!
C:\WINDOWS\Fonts\'\In 5Out 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e1.qua'!
C:\WINDOWS\Fonts\'\In 6Out 1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e2.qua'!
C:\WINDOWS\Fonts\'\In 6Out 1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e3.qua'!
C:\WINDOWS\Fonts\'\In 6Out 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e4.qua'!
C:\WINDOWS\Fonts\'\In 7Out 3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e5.qua'!
C:\WINDOWS\Fonts\'\In 9Out 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46270fbe.qua'!
C:\WINDOWS\Fonts\'\In 9Out 2 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e6.qua'!
C:\WINDOWS\Fonts\'\In 9Out 2 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '475856e7.qua'!
C:\WINDOWS\Fonts\'\India Arie - Voyage to India Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479c56e7.qua'!
C:\WINDOWS\Fonts\'\India Arie - Voyage to India Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479c56e8.qua'!
C:\WINDOWS\Fonts\'\Intelore RAR Password Recovery v1.1 RC16-Lz0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56e9.qua'!
C:\WINDOWS\Fonts\'\Intelore RAR Password Recovery v1.1 RC16-Lz0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56ea.qua'!
C:\WINDOWS\Fonts\'\Intensitivity #4 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56eb.qua'!
C:\WINDOWS\Fonts\'\Intensitivity #4 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56ec.qua'!
C:\WINDOWS\Fonts\'\Intensitivity #6 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d30fb5.qua'!
C:\WINDOWS\Fonts\'\Intensitivity #6 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56ed.qua'!
C:\WINDOWS\Fonts\'\Jacked (PS2) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479b56e1.qua'!
C:\WINDOWS\Fonts\'\Jacked (PS2) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479b56e2.qua'!
C:\WINDOWS\Fonts\'\Jimmy Eat World - Futures Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a556eb.qua'!
C:\WINDOWS\Fonts\'\Jimmy Eat World - Futures Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a556ec.qua'!
C:\WINDOWS\Fonts\'\Jimmy Eat World - Stay on My Side Tonight EP Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46da0fb5.qua'!
C:\WINDOWS\Fonts\'\Jimmy Eat World - Stay on My Side Tonight EP Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a556ed.qua'!
C:\WINDOWS\Fonts\'\Kanye West - Late Orchestration (2005) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656e6.qua'!
C:\WINDOWS\Fonts\'\Kanye West - Late Orchestration (2005) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656e7.qua'!
C:\WINDOWS\Fonts\'\Kanye West - Late Orchestration (2005) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656e8.qua'!
C:\WINDOWS\Fonts\'\Kanye West - Stronger (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656e9.qua'!
C:\WINDOWS\Fonts\'\Kanye West - Stronger (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656ea.qua'!
C:\WINDOWS\Fonts\'\Kanye West-College Dropout Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656eb.qua'!
C:\WINDOWS\Fonts\'\Kanye West-College Dropout Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a656ec.qua'!
C:\WINDOWS\Fonts\'\Kaspersky Internet Security 7.00.125 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab56ed.qua'!
C:\WINDOWS\Fonts\'\Kaspersky Internet Security 7.00.125 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d40fb6.qua'!
C:\WINDOWS\Fonts\'\Katie Melua - Piece by Piece Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56ee.qua'!
C:\WINDOWS\Fonts\'\Katie Melua - Piece by Piece Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac56f0.qua'!
C:\WINDOWS\Fonts\'\Kylie Minogue Confide in Me The Irresistible Kylie (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a45708.qua'!
C:\WINDOWS\Fonts\'\Kylie Minogue Confide in Me The Irresistible Kylie (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a45709.qua'!
C:\WINDOWS\Fonts\'\Kylie Minogue Confide in Me The Irresistible Kylie (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a4570a.qua'!
C:\WINDOWS\Fonts\'\LastBit MD5 Password Pro v1.0.533 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab56f3.qua'!
C:\WINDOWS\Fonts\'\LastBit MD5 Password Pro v1.0.533 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab56f4.qua'!
C:\WINDOWS\Fonts\'\LastBit MD5 Password Pro v1.0.533 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab56f5.qua'!
C:\WINDOWS\Fonts\'\Lavasoft Ad-aware 2007 Pro v7.0.2.3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae56f5.qua'!
C:\WINDOWS\Fonts\'\Lavasoft Ad-aware 2007 Pro v7.0.2.3 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae56f6.qua'!
C:\WINDOWS\Fonts\'\Legal At Last # 5 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479f56fb.qua'!
C:\WINDOWS\Fonts\'\Life Support (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479e5700.qua'!
C:\WINDOWS\Fonts\'\Life Support (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479e5701.qua'!
C:\WINDOWS\Fonts\'\Limewire Pro 4.14.10 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55702.qua'!
C:\WINDOWS\Fonts\'\Limewire Pro 4.14.10 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55703.qua'!
C:\WINDOWS\Fonts\'\Limewire Pro 4.14.10 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55704.qua'!
C:\WINDOWS\Fonts\'\LimeWire Pro Version 5.0.01 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55705.qua'!
C:\WINDOWS\Fonts\'\LimeWire Pro Version 5.0.01 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55706.qua'!
C:\WINDOWS\Fonts\'\LimeWirePro 4.14.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55707.qua'!
C:\WINDOWS\Fonts\'\LimeWirePro 4.14.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55708.qua'!
C:\WINDOWS\Fonts\'\LimeWirePro 4.14.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a55709.qua'!
C:\WINDOWS\Fonts\'\Limo Secrets # 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a5570a.qua'!
C:\WINDOWS\Fonts\'\Limo Secrets # 2 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a5570b.qua'!
C:\WINDOWS\Fonts\'\Live Free of Die Hard (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae570c.qua'!
C:\WINDOWS\Fonts\'\Live Free of Die Hard (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae570d.qua'!
C:\WINDOWS\Fonts\'\Live Free or Die (2006) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae570e.qua'!
C:\WINDOWS\Fonts\'\Live Free or Die (2006) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae570f.qua'!
C:\WINDOWS\Fonts\'\Loki Heroes OBet On Soldier Blackout On Saigonf Mythology Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a35716.qua'!
C:\WINDOWS\Fonts\'\Loki Heroes OBet On Soldier Blackout On Saigonf Mythology Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a35717.qua'!
C:\WINDOWS\Fonts\'\Mae - The Everglow Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479d570a.qua'!
C:\WINDOWS\Fonts\'\Mae - The Everglow Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479d570b.qua'!
C:\WINDOWS\Fonts\'\Mae - The Everglow Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479d570c.qua'!
C:\WINDOWS\Fonts\'\Marc Dorcel - Hardcore Paradise Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa570e.qua'!
C:\WINDOWS\Fonts\'\Marc Dorcel - Hardcore Paradise Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa570f.qua'!
C:\WINDOWS\Fonts\'\Marvin Gaye - In Our Lifetime (REMASTERED) 2007 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d50e48.qua'!
C:\WINDOWS\Fonts\'\Marvin Gaye - In Our Lifetime (REMASTERED) 2007 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa5710.qua'!
C:\WINDOWS\Fonts\'\Medal of Honor Airborne Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479c5715.qua'!
C:\WINDO
0
Réponse 8 / 10
^^Marie^^
 
Bonjour,

Je suis en train de refaire un scan avec Avast

NON Avast ==> poubelle

Dis moi, tu as des logiciels pirates ?????
0
Réponse 9 / 10
raphaelle84 Messages postés 8 Statut Membre
 
Oups.... dans ton precedent post j'ai cru comprendre qu'il fallait que je le réinstalle... je le vire de suite !

et non je n'ai pas de logiciel pirate, c'est ce qui m'inquiète. J'ai juste voulu retrouver la version gratuite de dvxtodvd sur Limewire et au téléchargement du soit disant logiciel une fenetre est apparue et je n'ai jamais pu la refermer ! pas plus ...
0
Réponse 10 / 10
raphaelle84 Messages postés 8 Statut Membre
 
Bonjour Marie,

A mon grand désarroi, je suis toujours vérolée... j'ai des pubs qui apparaissent lorsque je vais sur IE et Antivir me détecte régulièrement des fichiers infectueux... je désespère de retrouver la vie calme et paisible que j'avais il y a à peine quelques jours....

Voici le rapport Hijack, si tu peux me donner ton avis ... merci encore...

----------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 09:39:54, on 13/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PVSW\Bin\WGE_SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\VADERE~1.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Raphaëlle\Bureau\abcde.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\yayayaa.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D2A6CC50-4577-467C-86D9-504C7B8AEC15} - (no file)
O2 - BHO: (no name) - {D5EA5840-1EBA-4362-AA94-426D4F9AA52E} - C:\WINDOWS\system32\ssqpm.dll
O2 - BHO: {7c145e8c-868b-11eb-ec54-00f758912d4e} - {e4d21985-7f00-45ce-be11-b868c8e541c7} - C:\WINDOWS\system32\qobcwrqb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a48020ac] rundll32.exe "C:\WINDOWS\system32\wktisrxy.dll",b
O4 - HKLM\..\Run: [VadeRetro Outlook Express & Windows Mail] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_Oe.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: yayayaa - C:\WINDOWS\SYSTEM32\yayayaa.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Avira GmbH - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - C:\PVSW\Bin\WGE_SRV.EXE
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses