Sujet Précédent Sujet Suivant

Plein de trojan trouvé..comment les eliminer!

jipi -  
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
voici le rapport de Kapersky on line ........7 virus et 197 infected ...

Plien de trojans.principalement celui-ci------ Trojan.Win32.Gorshok.a...
Une aide me serait bien utile .Merci
------------------------------------------------------------------------------------------------------
Wednesday, December 19, 2007 12:42:10 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/12/2007
Kaspersky Anti-Virus database records: 486393

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 109150
Number of viruses found 7
Number of infected objects 197
Number of suspicious objects 0
Duration of the scan process 01:36:43

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\IEDFix.exe Infected: Trojan.Win32.BHO.agh skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_2c4.dat Object is locked skipped

C:\WINDOWS\Debug\WPD\wpdtrace.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3D155E62-6E32-484F-8195-F1664FAC20CF}.crmlog Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{E1E8A0F8-0183-4E0E-8ACC-CA20AC0AE6EF}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\nretcip.exe Infected: not-a-virus:AdWare.Win32.Vapsup.qf skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\jp\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Temp\msn6000.fdr Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Temp\~DFB091.tmp Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Temp\~DFB0A6.tmp Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Temp\~DFBEDB.tmp Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Temp\~DFBF04.tmp Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Temp\BIT95.tmp Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Historique\History.IE5\MSHist012007121820071219\index.dat Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Application Data\Microsoft\Windows Live Contacts\helicotropicalserv@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\jp\Local Settings\Application Data\Microsoft\Windows Live Contacts\helicotropicalserv@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\jp\ntuser.dat Object is locked skipped

C:\Documents and Settings\jp\Bureau\Navilog1.exe/file09 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jp\Bureau\Navilog1.exe Inno: infected - 1 skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix\SmitfraudFix\IEDFix.exe Infected: Trojan.Win32.BHO.agh skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix\IEDFix.exe Infected: Trojan.Win32.BHO.agh skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix.exe/data.rar/SmitfraudFix/IEDFix.exe Infected: Trojan.Win32.BHO.agh skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\jp\Bureau\SmitfraudFix.exe RarSFX: infected - 3 skipped

C:\Documents and Settings\jp\Bureau\mix\Nero-8.1.1.0b_fra_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped

C:\Documents and Settings\jp\Bureau\mix\Nero-8.1.1.0b_fra_trial.exe 7-Zip: infected - 1 skipped

C:\Documents and Settings\jp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jp\Application Data\MSN6\UserData\{9DCE0E8A-35FC-01C7-0300-0000A0D9FE27}\favthumb.dbx Object is locked skipped

C:\Documents and Settings\jp\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt Object is locked skipped

C:\Documents and Settings\jp\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped

C:\Documents and Settings\jp\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped

C:\Documents and Settings\jp\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped

C:\Documents and Settings\jp\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped

C:\Documents and Settings\jp\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\ui.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\market32.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\themedef32.mar Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\storydb.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\prs.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\L0000003.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jp\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped

C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP1\A0000118.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP1\A0000149.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP2\A0000249.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP2\A0000273.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP3\A0000292.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP3\A0001120.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP5\A0001182.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP5\A0001322.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP5\A0002322.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP5\A0002345.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP7\A0002384.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP7\A0002419.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP7\A0002443.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP7\A0002481.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP7\A0002500.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP7\A0002559.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0002595.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0002620.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0002639.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP9\A0002672.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP9\A0002721.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP9\A0002758.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP9\A0002780.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP9\A0002799.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP10\A0002818.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP12\A0002828.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP12\A0003828.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP12\A0003863.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP12\A0003884.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP13\A0003911.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP13\A0003941.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP14\A0003982.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP14\A0004023.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP14\A0005023.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP15\A0006023.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006036.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006108.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006108.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006108.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006108.exe WiseSFX: infected - 3 skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006108.exe WiseSFXDropper: infected - 3 skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006631.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP16\A0006667.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP17\A0006748.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP17\A0007748.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP17\A0007770.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP17\A0007797.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP18\A0007818.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP18\A0007845.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP19\A0007881.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP19\A0008845.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP19\A0008869.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP20\A0008907.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP20\A0009703.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP21\A0010703.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP21\A0010744.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP21\A0010766.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP21\A0010784.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP22\A0010813.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP22\A0010837.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP22\A0010886.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP23\A0012279.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP23\A0013279.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP23\A0014279.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP24\A0014353.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP24\A0014372.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP24\A0014393.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP25\A0014444.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP25\A0014466.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP25\A0015466.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP25\A0015486.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP25\A0015504.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP26\A0016504.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP27\A0016523.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP27\A0016539.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP27\A0016557.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP27\A0016575.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP27\A0016595.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP27\A0016640.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0017640.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0017661.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0017718.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0017741.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0018741.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0019740.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0019772.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0019787.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP28\A0019816.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP29\A0019935.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP29\A0019989.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP30\A0020989.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP30\A0021022.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP31\A0021044.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP31\A0021055.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP32\A0022055.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP32\A0023055.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP33\A0023135.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP33\A0023157.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP33\A0024157.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP34\A0024177.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP34\A0024218.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP35\A0025218.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP35\A0025234.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP35\A0025303.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP35\A0026302.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP35\A0026321.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP35\A0027321.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP36\A0027355.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP36\A0027370.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP36\A0028370.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP36\A0028390.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP36\A0028416.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP36\A0028435.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP37\A0028459.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP37\A0028496.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP38\A0029496.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP38\A0029521.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP39\A0030521.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP40\A0030556.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP40\A0030579.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP41\A0030604.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP42\A0030624.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP42\A0031604.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP42\A0031626.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP43\A0031646.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP44\A0032626.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP46\A0033626.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP46\A0033652.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP46\A0033678.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP47\A0033710.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP47\A0033820.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP47\A0033840.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0033900.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0034900.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0034916.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0034933.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0035933.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0035949.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0035967.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP48\A0036967.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP49\A0037967.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP49\A0038967.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP49\A0039000.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0039050.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0039092.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0039092.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0039092.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0039092.exe RarSFX: infected - 3 skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0039101.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0040101.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP50\A0040126.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP51\A0040237.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP51\A0040283.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP52\A0040339.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP52\A0041338.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP52\A0041383.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP53\A0041401.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP53\A0041422.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP53\A0041471.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP54\A0041499.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qf skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP54\A0041516.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP55\A0042516.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP55\A0042543.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP55\A0042566.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP56\A0042783.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP56\A0042812.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP56\A0044797.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP56\A0044843.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP56\A0044873.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP56\A0044924.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP57\A0045924.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP57\A0045972.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP57\A0046071.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP57\A0046101.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP57\A0047101.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP58\A0047147.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP58\A0047200.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP58\A0048209.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP58\A0048217.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP59\change.log Object is locked skipped

C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP59\A0048277.dll Infected: Trojan.Win32.Gorshok.a skipped

C:\_OTMoveIt\MovedFiles\WINDOWS\jetctrl.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qf skipped

C:\_OTMoveIt\MovedFiles\WINDOWS\vipextmdx.dll Infected: not-a-virus:AdWare.Win32.Vapsup.qf skipped

C:\eDS_PSD_drive.vmdf Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP59\change.log Object is locked skipped

Scan process completed.

15 réponses

Réponse 1 / 15
Utilisateur anonyme
 
Salut,

ha bah didon !

Je regarde...

Commence par poster un rapport HijackThis stp,
Télécharge HiJackThis

> Lance Hijackthis
Puis sélectionne < do a system scan and save a logfile >,
Et envoie, par collier/coller, ton log Hijackthis sur le forum,

A+
0
Réponse 2 / 15
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir

tu as déjà fait du ménage avec smitfraud, SDFix et OTMoveIT

supprime tout ça, et refait un scan, on y verra déjà plus clair
0
Réponse 3 / 15
jipi
 
merci de repondre .........voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00, on 2007-12-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~2\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\UltraDVD\DVDMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\DOCUME~1\jp\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\jp\Bureau\ToolsCleaner2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/forum 7 virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.ca.acer.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\KYE\RF Wireless PowerScroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~2\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UltraDVDMon] "C:\Program Files\UltraDVD\DVDMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
0
Réponse 4 / 15
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
fait ce que je te disais plus haut

tu fais également du téléchargement. Crack etc....pas bon !

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Utilisateur anonyme
 
Et ensuite peux-tu faire un scanne d'un fichier :
> Rends toi ensuite sur ce site virustotal et fais analyser le fichier :

c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

et poste moi le resultat par copier/coller stp.
0
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir

tu prends la suite ?
0
Utilisateur anonyme > philae83 Messages postés 12854 Statut Contributeur sécurité
 
Bonsoir,

Je sais pas...

Non, je vais suivre et je m'exprimerai parfois (si tu n'y vois pas d'objection...).

--
0
Réponse 6 / 15
jipi
 
voila le log .......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:14, on 2007-12-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\a-squared free\a2service.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MSNMES~2\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\UltraDVD\DVDMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\DOCUME~1\jp\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/forum 7 virus securite
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.ca.acer.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\KYE\RF Wireless PowerScroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~2\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UltraDVDMon] "C:\Program Files\UltraDVD\DVDMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe (file missing)
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
0
Réponse 7 / 15
Utilisateur anonyme
 
Peux tu aussi analyser :

> Rends toi ensuite sur ce site virustotal et fais analyser le fichier :
C:\PROGRA~1\LAUNCH~1\LManager.exe
Pour trouver l'emplacement tape LManager.exe dans rechercher (démarrer => rechercher => tous les fichiers ou dossiers)
et poste moi le resultat par copier/coller stp.
--
0
Réponse 8 / 15
jipi
 
v oila , mais rien n est trouve

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.12.19.10 2007.12.18 -
AntiVir 7.6.0.45 2007.12.18 -
Authentium 4.93.8 2007.12.19 -
Avast 4.7.1098.0 2007.12.18 -
AVG 7.5.0.503 2007.12.19 -
BitDefender 7.2 2007.12.18 -
CAT-QuickHeal 9.00 2007.12.18 -
ClamAV 0.91.2 2007.12.18 -
DrWeb 4.44.0.09170 2007.12.18 -
eSafe 7.0.15.0 2007.12.18 -
eTrust-Vet 31.3.5386 2007.12.18 -
Ewido 4.0 2007.12.18 -
FileAdvisor 1 2007.12.19 -
Fortinet 3.14.0.0 2007.12.18 -
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.18 -
Ikarus T3.1.1.15 2007.12.18 -
Kaspersky 7.0.0.125 2007.12.19 -
McAfee 5188 2007.12.18 -
Microsoft 1.3109 2007.12.18 -
NOD32v2 2731 2007.12.18 -
Norman 5.80.02 2007.12.18 -
Panda 9.0.0.4 2007.12.18 -
Prevx1 V2 2007.12.19 -
Rising 20.23.12.00 2007.12.18 -
Sophos 4.24.0 2007.12.18 -
Sunbelt 2.2.907.0 2007.12.19 -
Symantec 10 2007.12.19 -
TheHacker 6.2.9.164 2007.12.18 -
VBA32 3.12.2.5 2007.12.18 -
VirusBuster 4.3.26:9 2007.12.18 -
Webwasher-Gateway 6.6.2 2007.12.19 -
Information additionnelle
File size: 109344 bytes
MD5: 995d0b52870c7a5caf3ea165fd674a35
SHA1: 1d5bf661291f8c534d3c6e36ec9de65d01d2efbf
PEiD: -

ATTENTION: VirusTotal iest un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
0
Réponse 9 / 15
jipi
 
je ne voispas le dernier message No 10 ,,,il arrete a 9 , mon dernier message
0
Réponse 10 / 15
Utilisateur anonyme
 
Ok,
jipi peux tu faire le poste 8 puis suivre les instructions de philae....
0
Réponse 11 / 15
jipi
 
je l ai deja envoyer en numero 9. vous ne l avez pas
0
Réponse 12 / 15
Utilisateur anonyme
 
Ce n'est pas le même poste en 8 (l'autre était en 5) : le revoilà :
> Rends toi ensuite sur ce site virustotal et fais analyser le fichier :
C:\PROGRA~1\LAUNCH~1\LManager.exe
Pour trouver l'emplacement tape LManager.exe dans rechercher (démarrer => rechercher => tous les fichiers ou dossiers)
et poste moi le resultat par copier/coller stp.

Et ensuite suis les conseils de Philae,

Bon courage

A+
--
0
Réponse 13 / 15
jipi
 
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

<gras>Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 4.
L'heure estimée de démarrage est entre 47 et 68 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.12.19.10 2007.12.18 -
AntiVir 7.6.0.45 2007.12.18 -
Authentium 4.93.8 2007.12.19 -
Avast 4.7.1098.0 2007.12.18 -
AVG 7.5.0.503 2007.12.19 -
BitDefender 7.2 2007.12.18 -
CAT-QuickHeal 9.00 2007.12.18 -
ClamAV 0.91.2 2007.12.19 -
DrWeb 4.44.0.09170 2007.12.18 -
eSafe 7.0.15.0 2007.12.18 -
eTrust-Vet 31.3.5386 2007.12.18 -
Ewido 4.0 2007.12.18 -
FileAdvisor 1 2007.12.19 -
Fortinet 3.14.0.0 2007.12.18 -
F-Prot 4.4.2.54 2007.12.18 -
F-Secure 6.70.13030.0 2007.12.18 -
Ikarus T3.1.1.15 2007.12.19 -
Kaspersky 7.0.0.125 2007.12.19 -
McAfee 5188 2007.12.18 -
Microsoft 1.3109 2007.12.18 -
NOD32v2 2732 2007.12.19 -
Norman 5.80.02 2007.12.18 -
Panda 9.0.0.4 2007.12.18 -
Prevx1 V2 2007.12.19 -
Rising 20.23.12.00 2007.12.18 -
Sophos 4.24.0 2007.12.18 -
Sunbelt 2.2.907.0 2007.12.19 -
Symantec 10 2007.12.19 -
TheHacker 6.2.9.164 2007.12.18 -
VBA32 3.12.2.5 2007.12.18 -
VirusBuster 4.3.26:9 2007.12.18 -
Webwasher-Gateway 6.6.2 2007.12.19 -
Information additionnelle
File size: 634880 bytes
MD5: dfae0d430c5d2458340f67fd2841f3e7
SHA1: f2313e6618ce0257cda6bd93435e6eecfd370739
PEiD: -
0
Réponse 14 / 15
piloterepdom Messages postés 136 Statut Membre
 
bonjour
voila le dernier rapport cette nuit ..
0
Réponse 15 / 15
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut

Pour INFO

Philaé te demandait

bonsoir
tu as déjà fait du ménage avec smitfraud, SDFix et OTMoveIT
supprime tout ça, et refait un scan, on y verra déjà plus clair

TU supprimes smitfraud, SDFix, et OMoviet
Et tu refais un scan Kaspersky

A+++
0

Discussions similaires

Trouver numéro snapchat
Rnby -
Pierrecastor -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
rectangle derrière le texte
khadija -
Le queniau -

1 réponse