fenetre publicitaires intempestivesRésolu/Fermé

Question

Bonjour,
j'ai un problème sur le pc de mon beau père et je profite du wk pour essayer de le résoudre , il a toujours et a tout moment des fenetres publicitaires intempestives qui s'affichent a l'ecran soit lui disant que son pc est infecte et qu'il doit télécharger un logiciel preci pour le nettoyer , soit des sites pornographiques ou des jeux en ligne. j'ai fait une analyse avec navilog et une avec hijackthis. ci joine je met les deux rapports des analyses et d'avance merci pour votre aide.

1: rapport de navilog

Search Navipromo version 3.6.0 commencé le ven. 04/07/2008 à 18:42:29,10

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "leguy" 

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

InternetGameBox 

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\leguy\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\leguy\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\leguy\menudm~1\progra~1" *** 

...\InternetGameBox trouvé !
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.dat
C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe.exe
C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_nav.dat
C:\Documents and Settings\leguy\Local Settings\Application Data\wyyamkwe_navps.dat


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\leguy\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\leguy\locals~1\applic~1" : 

dokheyy.dat trouvé !
dokheyy_nav.dat trouvé !
dokheyy_navps.dat trouvé !
wyyamkwe.dat trouvé !
wyyamkwe_nav.dat trouvé !
wyyamkwe_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\DMllmUvw.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\EegggMoq.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\iQBKlnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\NXxENqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\OYJmTvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\TwENmnpo.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uuwwvGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le ven. 04/07/2008 à 18:48:43,82 ***


2 rapport de hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:25, on 4/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\YourPrivacyGuard\mc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Hotbar\bin\10.2.217.0\OEAddOn.exe
C:\Program Files\Hotbar\bin\10.2.217.0\HotbarSA.exe
C:\Program Files\LibreSystem\ucookw.exe
C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hotbar\bin\10.2.217.0\Weather.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-technology.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com ad=http://yourprivacyguard.com sd=http://ilp.yourprivacyguard.com
O4 - HKLM\..\Run: [UGSCRFR] C:\Documents and Settings\leguy\Local Settings\Temporary Internet Files\Content.IE5\VPXRK0IJ\inst_fr[1].exe /s1 /setup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{4769dea0-1fe2-d8c9-61d4-f80f81ce7456}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{a7157c4c-f930-7658-5f00-28cd704b6d13}.dll" DllStart
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.2.217.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.2.217.0\HotbarSA.exe"
O4 - HKLM\..\Run: [LibreSystem] C:\Program Files\LibreSystem\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\LibreSystem\ucookw.exe
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Fichiers communs\LibreSystem\strpmon.exe" dm=http://ww25.libresystem.com/ ad=http://ww25.libresystem.com/ sd=http://ww25.repay.libresystem.com/
O4 - HKLM\..\Run: [a8dbab3f] rundll32.exe "C:\WINDOWS\system32
xskyndw.dll",b
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lyad] E:\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Videos] "C:\Program Files\laughnetwork\update.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\10.2.217.0\Weather.exe" -auto
O4 - Startup: Bienvenue sur la ville virtuelle de angy21 !.url
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://banditpachat.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: tjbkacij.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Kam · Answer

fait l'option 2 de navilog1 vos le tuto 
http://www.malekal.com/Adware.Magic_Control.php
t'a d'autre m....s dans le pc.
installa ca
https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
fait un scan total et supprime tout ce qu'il va debusquer

Max#01 · Answer

Bonjour,

Avant de poster un rapport hijackthis, merci de télécharger Spybot S&D a cette adresse:
https://www.01net.com/

pour vous aider, voici un tuto:
https://forums.cnetfrance.fr

Il existe aussi un logiciel nommé CCleaner qui vous permettra de supprimer tout fichier temporaire et cookies de votre ordinateur, parfois responsable des publicités ou autre:
https://www.01net.com/

Tuto pour vous aider:
http://cofofides.heberg-forum.net/ftopic615_ccleaner-tutoriel-en-image.html

Vous pourrez aussi installer AD-Aware qui supprimera les Trojan, cheval de troie, worms... très utile !!!
https://www.01net.com/

Tuto pour l'utiliser:
http://www.malekal.com/tutorial_Ad-Aware2007.php


Pour finir, faites évidement une analyse avec votre antivirus, si vous en avez un...

Une fois avoir fais cela, vous pourrez poster votre rapport hijackthis...

gil le fantom · Answer

bonsoir

pas de pare feu,ni d'antivirus ,donc trés infecté

as tu fais l'option 2 sur navilog
et poste le rapport

poste le rapport de malwarebytes



tu télécharge ComboFix : 
 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

 tuto  https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


tu l'enregistre  sur le bureau. 

Avant d'utiliser ComboFix : 

tu déconnecte internet et referme les fenêtres de tous les programmes en cours. 

tu désactive provisoirement la protection en temps réel de ton Antivirus et de tes Antispywares. 


 sur ton bureau tu double-clic sur Combofix.exe. 

tu répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

 Pendant la durée de cette étape,tu ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

tu réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

tu reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt .

banditpachat · Answer

oui c'est vrais gil mais c'est le pc de mon beau père et il est très obstiné lol , son fils lui a dit que ça ne servais a rien et depuis il ne veut pas en mettre mais je crois que je vais installer avast comme j'ai sur le mien je fait tout ce que tu m'a dit et je te reposte les log des que j'ai fini et encore d'avance merci

gil le fantom · Answer

tu fais ce que tu veut pour le choix d'un antivirus
personnellement ,je te conseil antivir
https://forum.malekal.com/viewtopic.php?f=45&t=11659

l'importance d'un parefeu
https://forum.malekal.com/viewtopic.php?f=45&t=7601

banditpachat · Answer

salut gil apres lecture du tuto que tu m'a envoyer j'ai quand meme opte pour une instalation de antivir :) pour peut'etre t'aider je te poste le log de l'analyse que je vient de faire . analyse antivir Avira AntiVir Personal Report file date: samedi 5 juillet 2008 00:15 Scanning for 1378724 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: AMD3200 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 22:13:40 ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 22:13:42 ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 22:13:42 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 04/07/2008 22:13:54 AESCN.DLL : 8.1.0.22 119157 Bytes 04/07/2008 22:13:53 AERDL.DLL : 8.1.0.20 418165 Bytes 04/07/2008 22:13:52 AEPACK.DLL : 8.1.1.6 364918 Bytes 04/07/2008 22:13:51 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 04/07/2008 22:13:50 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 04/07/2008 22:13:49 AEHELP.DLL : 8.1.0.15 115063 Bytes 04/07/2008 22:13:47 AEGEN.DLL : 8.1.0.29 307573 Bytes 04/07/2008 22:13:46 AEEMU.DLL : 8.1.0.6 430451 Bytes 04/07/2008 22:13:45 AECORE.DLL : 8.1.0.32 168311 Bytes 04/07/2008 22:13:44 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, F:, G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 5 juillet 2008 00:15 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'PCLEScheduler.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'hphmon05.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned Scan process 'hpztsb09.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'incdsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 37 processes with 37 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'F:\' [INFO] No virus was found! Boot sector 'G:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\Navilog1\Backupnavi\wyyamkwe.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '48e7a59a.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\gnpnlnri.dll.vir [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu [NOTE] The file was moved to '48dea5e9.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ixumeqnm.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48e3a5f8.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\kniobfgj.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48d7a5f2.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32 sk10.dll.vir [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '48d9a5fb.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32 pfqqnhn.dll.vir [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu [NOTE] The file was moved to '48d4a601.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP201\A0048448.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] The file was moved to '489ea5d1.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP211\A0052887.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] The file was moved to '489ea5e1.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP220\A0054674.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea609.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP222\A0054762.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea60e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP223\A0054786.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea60f.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP224\A0054815.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea610.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP224\A0054816.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '4d86e811.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP225\A0054824.dll [DETECTION] Is the Trojan horse TR/BHO.bvt [NOTE] The file was moved to '489ea611.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP226\A0054837.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea613.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP227\A0054843.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea614.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP227\A0054892.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea616.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP227\A0054928.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea617.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP228\A0054949.dll [DETECTION] Is the Trojan horse TR/BHO.bwl [NOTE] The file was moved to '489ea618.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP230\A0055056.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea620.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP230\A0055064.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '4d86e821.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP237\A0056444.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea631.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP238\A0056460.dll [DETECTION] Is the Trojan horse TR/BHO.CCH.1 [NOTE] The file was moved to '489ea632.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP239\A0056477.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea633.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP240\A0056568.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea637.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP241\A0056585.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea638.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP242\A0056614.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea639.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP242\A0056619.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea63a.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP243\A0056729.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea640.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP243\A0056741.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '4d86e841.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056745.dll [DETECTION] Is the Trojan horse TR/Vundo.ERN [NOTE] The file was moved to '489ea642.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056778.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea643.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056787.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea644.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP244\A0056788.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '4d86e845.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056792.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea646.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056810.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e847.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056811.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea647.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056812.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e848.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056828.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea648.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP245\A0056837.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea649.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP246\A0057828.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea66d.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP246\A0057829.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e86e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP246\A0057830.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea66e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0058892.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea672.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060010.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea67b.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060031.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea67d.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060033.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e87e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060055.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea67e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060063.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea680.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060065.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e881.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP248\A0060073.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '489ea681.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP249\A0061065.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea684.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063139.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea68b.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063147.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea68c.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063158.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e88d.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063160.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea68e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063166.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea68d.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063168.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e88e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063170.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e88f.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063172.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea690.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063174.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e891.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063176.dll [DETECTION] Is the Trojan horse TR/Killav.28714 [NOTE] The file was moved to '489ea68f.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063178.dll [DETECTION] Is the Trojan horse TR/Killav.28714 [NOTE] The file was moved to '4d86e890.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063180.dll [DETECTION] Is the Trojan horse TR/Killav.28714 [NOTE] The file was moved to '489ea691.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063182.dll [DETECTION] Is the Trojan horse TR/Killav.28714 [NOTE] The file was moved to '489ea692.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063184.dll [DETECTION] Is the Trojan horse TR/Killav.28714 [NOTE] The file was moved to '4d86e893.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063186.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea694.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063188.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e892.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063193.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea693.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063194.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e894.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063196.exe [DETECTION] Is the Trojan horse TR/Killav.28714 [NOTE] The file was moved to '4d86e895.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063197.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea696.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063198.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e897.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063199.dll [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN [NOTE] The file was moved to '489ea695.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063200.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e896.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063201.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea698.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063202.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e899.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063203.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea69a.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063204.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea697.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063205.exe [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN [NOTE] The file was moved to '4d86e898.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063206.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea699.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063207.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e89b.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063210.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea69c.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063211.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e89d.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063212.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e89a.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063213.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea69b.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063214.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea69e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063215.dll [DETECTION] Is the Trojan horse TR/Killav.28714 [NOTE] The file was moved to '4d86e89f.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063216.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a0.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063217.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e89c.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063219.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea69d.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063220.exe [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN [NOTE] The file was moved to '4d86e89e.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063221.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a1.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063222.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea69f.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063223.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a0.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063224.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a1.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063226.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a2.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063227.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a2.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063228.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a3.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063229.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a4.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063231.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a3.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063233.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a4.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063234.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a5.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063235.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a6.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063236.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a7.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063245.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a5.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063246.dll [DETECTION] Is the Trojan horse TR/Drop.Softomat.AN [NOTE] The file was moved to '4d86e8a6.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063247.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a7.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063248.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '489ea6a8.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP252\A0063250.dll [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '4d86e8a9.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063308.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6aa.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063309.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8a8.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063310.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6a9.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063311.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8aa.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063314.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8ab.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063316.dll [DETECTION] Is the Trojan horse TR/Agent.rwi [NOTE] The file was moved to '489ea6ac.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063317.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6ab.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063318.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8ac.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063319.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6ad.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063320.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8ae.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063323.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8ad.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063325.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6ae.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063326.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6af.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063327.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8b0.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063328.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6b1.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063329.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8af.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063332.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6b0.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063333.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8b1.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP253\A0063334.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8b2.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP254\A0063377.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea6b3.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063396.dll [DETECTION] Is the Trojan horse TR/Downloader.Gen [NOTE] The file was moved to '4d86e8b4.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063402.dll [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu [NOTE] The file was moved to '489ea6b5.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063404.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4d86e8b6.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063406.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489ea6b2.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP255\A0063414.dll [DETECTION] Is the Trojan horse TR/Proxy.Agent.anu [NOTE] The file was moved to '4d86e8b3.qua'! C:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP256\A0064589.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '489ea6b8.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' <78G 1> E:\jeux zilom\Zylom Jewel Quest Deluxe.Incl.patch-HARPOON.zip [0] Archive type: ZIP --> JewelQuest.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [NOTE] The file was moved to '48daa9e3.qua'! Begin scan in 'F:\' <80G 2> F:\InternetGameBox\InternetGameBox.exe [DETECTION] Is the Trojan horse TR/Dldr.NaviPro.A [NOTE] The file was moved to '48e2aa06.qua'! F:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP256\A0064590.exe [DETECTION] Is the Trojan horse TR/Dldr.NaviPro.A [NOTE] The file was moved to '489eaa40.qua'! Begin scan in 'G:\' <80G 3> G:\System Volume Information\_restore{26266FAE-992F-4F69-AD1B-B0EFEA37F318}\RP251\A0062139.exe [0] Archive type: RAR SFX (self extracting) --> peerbox_p2p_affiliate_rar.exe [DETECTION] Is the Trojan horse TR/Clicker.HB --> peerbox_p2p_affiliate_exe.exe [DETECTION] Is the Trojan horse TR/Clicker.HB --> peerbox_p2p_affiliate_zip.exe [DETECTION] Is the Trojan horse TR/Clicker.HB [NOTE] The file was moved to '489eac32.qua'! End of the scan: samedi 5 juillet 2008 01:02 Used time: 47:21 min The scan has been done completely. 5724 Scanning directories 210512 Files were scanned 142 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 140 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 210370 Files not concerned 1728 Archives were scanned 3 Warnings 140 Notes

gil le fantom · Answer

bonjour

supprime ce fichier
C:\Program Files\Navilog1\Backupnavi\

installe ccleaner
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
tu fais nettoyer et tu corrige les erreurs

tu vide ta quarantaine de ton antivirus

tu purge la restauration
https://www.informatruc.com

pour vérifier si tout va bien

tu me refais un combofix ,un scan antivir 

et en dernier tu me met un nouveau hijackthis stp

a plus tard

banditpachat · Answer

voici déjà le rapport de combofix ,antivir est occupe a faire son analyse ComboFix 08-07-04.1 - leguy 2008-07-05 15:56:08.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1001 [GMT 2:00] Endroit: C:\Documents and Settings\leguy\Bureau ettoyage pc\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32 etwbix32.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))))))) . 2008-07-05 00:11 . 2008-07-05 00:11 d-------- C:\Program Files\Avira 2008-07-05 00:11 . 2008-07-05 00:11 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-04 23:31 . 2008-07-04 23:31 d-------- C:\Program Files\Alwil Software 2008-07-04 21:12 . 2008-07-04 21:12 d-------- C:\Program Files\Yahoo! 2008-07-04 21:12 . 2008-07-05 15:48 d-------- C:\Program Files\CCleaner 2008-07-04 21:06 . 2008-07-04 21:06 d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-04 21:06 . 2008-07-05 15:51 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-04 19:20 . 2008-07-04 19:20 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-04 19:20 . 2008-07-04 19:20 d-------- C:\Documents and Settings\leguy\Application Data\Malwarebytes 2008-07-04 19:20 . 2008-07-04 19:20 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-04 19:20 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-04 19:20 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-04 18:43 . 2008-07-04 18:43 d-------- C:\Program Files\Trend Micro 2008-07-04 18:39 . 2008-07-04 18:39 69,120 --a------ C:\WINDOWS\system32\ckwsqeow.dll 2008-07-04 18:38 . 2008-07-05 15:45 d-------- C:\Program Files\Navilog1 2008-06-18 20:18 . 2008-06-18 20:18 101,712 --------- C:\WINDOWS\system32\ltkvwoam.dll_old 2008-06-18 20:16 . 2008-06-18 20:16 268 --ah----- C:\sqmdata04.sqm 2008-06-18 20:16 . 2008-06-18 20:16 244 --ah----- C:\sqmnoopt04.sqm 2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmnoopt05.sqm 2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmdata06.sqm 2008-06-18 20:16 . 2008-06-18 20:16 136 --ah----- C:\sqmdata05.sqm 2008-06-12 11:15 . 2008-06-12 11:15 101,616 --------- C:\WINDOWS\system32\gayhavwm.dll_old 2008-06-12 11:07 . 2008-06-12 11:07 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2008-06-12 11:07 . 2008-06-12 11:07 dr------- C:\Documents and Settings\All Users\Application Data\libresystem 2008-06-12 11:07 . 2004-10-07 14:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-06-12 11:05 . 2008-06-12 11:46 263,192 --a------ C:\Documents and Settings\leguy\Application Data\setup_fr[1].exe 2008-06-09 09:02 . 2008-06-09 10:40 347 --ahs---- C:\WINDOWS\system32\KQAaaGgh.ini 2008-06-05 07:01 . 2008-06-10 09:07 347 --ahs---- C:\WINDOWS\system32\YxbaKkkj.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-04 20:11 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-25 09:41 --------- d-----w C:\Documents and Settings\leguy\Application Data\LimeWire 2008-06-25 09:30 --------- d-----w C:\Program Files\LimeWire 2008-06-13 06:05 488 ----a-w C:\Program Files\Raccourci vers LibreSystem.lnk 2008-06-03 12:50 --------- d-----w C:\Program Files\Notepad++ 2008-05-21 11:13 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-05-21 11:13 --------- d-----w C:\Documents and Settings\leguy\Application Data\DAEMON Tools 2008-05-20 09:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-20 09:40 --------- d-----w C:\Program Files\Monte Cristo 2008-05-20 09:36 --------- d-----w C:\Program Files\Setup Files 2008-05-20 09:17 --------- d-----w C:\Program Files\MSI 2008-05-14 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-13 12:34 --------- d-----w C:\Documents and Settings\leguy\Application Data\Ahead 2008-05-13 12:12 --------- d-----w C:\Documents and Settings\leguy\Application Data\Image Zone Express 2008-04-13 09:21 17,920 ----a-w C:\WINDOWS\system32\Ntaccess.sys 2007-12-21 15:18 259,616 -c--a-w C:\Documents and Settings\leguy\Application Data\installer_en[1].exe 2007-12-04 07:00 198,680 -c--a-w C:\Documents and Settings\leguy\Application Data\installer_fr[1].exe . ((((((((((((((((((((((((((((( snapshot@2008-07-04_23.44.34.70 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-04 21:38:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-05 08:58:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 11:41 68856] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-07 06:26 176128] "HPHUPD05"="E:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "HP Software Update"="E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152] "HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-24 12:41 1294446] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS\RTHDCPL.exe] C:\Documents and Settings\leguy\Menu D‚marrer\Programmes\D‚marrage\ Bienvenue sur la ville virtuelle de angy21 !.url [2008-07-04 14:33:02 178] Registration-PCTV.lnk - C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe [2008-03-07 16:46:12 245760] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Pinnacle Scheduler.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-03-07 16:45:34 237568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=tjbkacij.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.PIM1"= PCLEPIM1.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "G:\eMule\eMule.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Pinnacle\Pinnacle PCTV\TeleText\WebServer.exe"= R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-28 08:08] R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-11-11 20:52] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ee5d9b6-2727-11dd-8bf7-0006f40cd4d4}] \Shell\AutoRun\command - H:\autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - SSMDRV [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-05 11:17:00 C:\WINDOWS\Tasks\HP Usg Daily.job" - E:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe . - - - - ORPHANS REMOVED - - - - BHO-{49fff1da-bd7c-e530-07f6-2f26c5b02461} - (no file) BHO-{fc75ca82-d325-46be-92b2-a26d5fe4d574} - (no file) Toolbar-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 15:57:56 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-05 16:00:13 ComboFix-quarantined-files.txt 2008-07-05 13:59:57 ComboFix2.txt 2008-07-04 21:44:54 Pre-Run: 21,316,243,456 octets libres Post-Run: 21,303,513,088 octets libres 146 --- E O F --- 2008-05-28 06:08:27

banditpachat · Answer

voici le rapport de antivir Avira AntiVir Personal Report file date: samedi 5 juillet 2008 16:01 Scanning for 1378724 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: AMD3200 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 22:13:40 ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 22:13:42 ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 22:13:42 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 04/07/2008 22:13:54 AESCN.DLL : 8.1.0.22 119157 Bytes 04/07/2008 22:13:53 AERDL.DLL : 8.1.0.20 418165 Bytes 04/07/2008 22:13:52 AEPACK.DLL : 8.1.1.6 364918 Bytes 04/07/2008 22:13:51 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 04/07/2008 22:13:50 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 04/07/2008 22:13:49 AEHELP.DLL : 8.1.0.15 115063 Bytes 04/07/2008 22:13:47 AEGEN.DLL : 8.1.0.29 307573 Bytes 04/07/2008 22:13:46 AEEMU.DLL : 8.1.0.6 430451 Bytes 04/07/2008 22:13:45 AECORE.DLL : 8.1.0.32 168311 Bytes 04/07/2008 22:13:44 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, F:, G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 5 juillet 2008 16:01 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned Scan process 'hpztsb09.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'incdsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 34 processes with 34 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'F:\' [INFO] No virus was found! Boot sector 'G:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' <78G 1> Begin scan in 'F:\' <80G 2> Begin scan in 'G:\' <80G 3> End of the scan: samedi 5 juillet 2008 16:36 Used time: 34:59 min The scan has been done completely. 5516 Scanning directories 204157 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 204157 Files not concerned 1714 Archives were scanned 3 Warnings 0 Notes

banditpachat · Answer

et voici le rapport de hijackthis 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:28, on 5/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1-technology.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {49fff1da-bd7c-e530-07f6-2f26c5b02461} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {fc75ca82-d325-46be-92b2-a26d5fe4d574} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] E:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Bienvenue sur la ville virtuelle de angy21 !.url
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://banditpachat.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: tjbkacij.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

gil le fantom · Answer

relance hijackthis
selectionne   do a system scan only
 et coches les lignes suivantes:

O2 - BHO: (no name) - {49fff1da-bd7c-e530-07f6-2f26c5b02461} - (no file)
O2 - BHO: (no name) - {fc75ca82-d325-46be-92b2-a26d5fe4d574} - (no file)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: tjbkacij.dll

puis clic sur le bouton "Fix Checked" 
puis tu me repost un rapport hijackthis.

gil le fantom · Answer

eh bien, c'est terminé

il reste à supprimer les outils de désinfection
tu Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens) 
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe 
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe 
· Clique sur Recherche et laisse le scan se terminer. 
· Clique, sur Suppression pour finaliser. 
· Tu peux, si tu le souhaites, te servir des Options facultatives. 
· Clique sur Quitter, pour que le rapport puisse se créer. 
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\). 
 
bonne soirée et bon dimanche

a+

banditpachat · Answer

voila c fait 


-->- Recherche: 

C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\HijackThis.lnk: trouvé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\Navilog1.exe: trouvé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\Navilog1.lnk: trouvé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\ComboFix.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\HijackThis.lnk: supprimé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\Navilog1.exe: supprimé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\Navilog1.lnk: supprimé !
C:\Documents and Settings\leguy\Bureau
ettoyage pc\ComboFix.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
bon week end et bon dimanche a toi aussi et encore et toujour un tres grand je dirais meme un enorme merci pour le temps que tu a passer a m'aider et a me guider pour tout ces processus de nettoyage merci beaucoup.

gil le fantom · Answer

juste une derniére chose,je pense que tu l'as fait.
en complément d'antivir, installe malware byte's anti malware qui est excélent.

a+

Fenetre publicitaires intempestives

14 réponses

Discussions similaires

Newsletters