Sujet Précédent Sujet Suivant

PC lent (Ex-Bagle, rapport Hijack)

Résolu/Fermé
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 - 7 nov. 2008 à 23:07
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 - 12 nov. 2008 à 01:15
Bonsoir,

Je suis sur un PC portable qu'on m'a donné, et qui par conséquent était sans antivirus, firewall... J'ai eu divers problèmes avec celui-ci (wifi inactivable entre autres) qui m'ont emmené à penser que l'ordi subissait une infection type Bagle. J'ai fait une réinstall légère de Windows XP, mais malgré quelques soucis en moins, je trouve qu'Explorer reste super lent... Merci de m'aider. Voici un rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:02, on 07/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\442c24b5f603da215f4cc19400b58b29\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19F71503-DD4C-4D5C-BC5F-C522BFA6ECAC}: NameServer = 212.27.39.134,212.27.39.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{19F71503-DD4C-4D5C-BC5F-C522BFA6ECAC}: NameServer = 212.27.39.134,212.27.39.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{19F71503-DD4C-4D5C-BC5F-C522BFA6ECAC}: NameServer = 212.27.39.134,212.27.39.135
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
A voir également:

18 réponses

Réponse 1 / 18
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
8 nov. 2008 à 09:32
salut ton rapport est propre


tu va télécharger Ccleaner https://www.ccleaner.com/ccleaner/download

ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."

. Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
. Tu refais tous ca 4-5 fois (le nettoyage et le registre).

Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".

içi mode d'emploi pour ccleaner

https://www.malekal.com/tutoriel-ccleaner/

-------------apres sa tu redemarre-----

télécharge malwarbyte http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebytes anti malware

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer

et on attendant une réponse tu peut refaire un scan malwarbyte mais on mode sans échec car beaucoup plus efficace

comment démarrer on mode sans échec ici tuto http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

tu enregistre le rapport générer de façon a le retrouver et tu poste le nouveau rapport rapport
0
Réponse 2 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
8 nov. 2008 à 20:48
Bonsoir,

avant toute chose, merci de me consacrer de ton temps.

J'ai suivi tes consignes ; Mbam m'a trouvé un paquet de trojans (log ci-joint). Sinon j'ai ce truc pas très net non plus au démarrage d'une des sessions : C:\WINDOWS\system32\hldrrr.exe . Dernière chose : les Update de Windows déconnent.

Voila, et merci.



Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1373
Windows 5.1.2600 Service Pack 2

08/11/2008 20:33:40
mbam-log-2008-11-08 (20-33-39).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 115766
Temps écoulé: 2 hour(s), 21 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 400

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\1055140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1068890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1096531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\119875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1221031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1255031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1257765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1272234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1273843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1274921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1284937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1290656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129125031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129154718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129173000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129358125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129377250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129389921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\129396140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1297406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1305953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1309328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1349328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\135812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1375500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\137625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\139125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\144328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14679562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14694984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\147093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\147109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14713656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14723781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14745718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14757375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14779781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14783781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14811765.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14821296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14840484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14842828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14844453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14856359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14865000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14867546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14868468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14878531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14909312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14914234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14928625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14932625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14934781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14945500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14949437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14950953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14954875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14970109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14974890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14977343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14986875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14990328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14996312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14996828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15011281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15020375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15037000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15048671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15052250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15053265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15064734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15070453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15072656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15080578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15081984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\150859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15087031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15101218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15110546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\151531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\156468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15707968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15733312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\157390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15750234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\157750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15805562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\158140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15824390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15837265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\15844484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\158671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\159828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1607593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\161406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\162156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1624781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\162937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\163609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1636312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\1643687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\164984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\165250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\168296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\170343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\171718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\172796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\172843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\173640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\174281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\177000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\177468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\178156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\179468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\179703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\183015.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\183046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\184140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\185718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\185906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\187468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\187687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\189250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\189859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\190937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\191406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\193203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\193562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\194109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\196156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\196953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\198062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\199093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\200125.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\200593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\201375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\204046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\204781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\205234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\208968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\216093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\216171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\220687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\220750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\222343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\225656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\229281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\230890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\232703.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\235375.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\235578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\239437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\242843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\244343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\245265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\246156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\248546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\249796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\249828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\251250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\254531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\256984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\258546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\261312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\261640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\262578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\266250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\267109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\273187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\277046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\279468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\284593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29389250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29413484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29448093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29491625.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29533359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29558921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\296187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29737718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29762781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29777171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\29785906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\300671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\302796.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\303843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\310093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\315906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\320781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32619203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32669953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32689718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32701234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32721218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\327578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32759687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32769218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\32773937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\333187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\335328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\338640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\339265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\340140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\343031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\343093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\345921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\346453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\348437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3508671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3510812.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\353859.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3539281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3549328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3552328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\356781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\357734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3591328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\360343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\361453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\3621406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\363781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\363968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\366656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\369078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\371734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\372296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\374875.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\376609.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\377109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\380468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\381109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\381203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\383984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\385109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\388750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\389250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\389687.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\394671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\396062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\400281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\402156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\404156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\404484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\406781.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\413546.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\415578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\418750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\423140.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\425296.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\429265.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\435218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44194484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44212281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44227046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44414953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44443343.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44454046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\44462515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\45986093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46013531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46029109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46200156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46214515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46225203.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\46230640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\462500.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\483984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\496187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\502656.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62388671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62405187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62447046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62716531.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62733250.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62744406.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\62749906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\725300188.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84668187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84688750.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84734453.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\84755171.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\90117984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\90128515.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\3D_Independence_Teddy_Bear_1.0_(Patch).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\A-one_DVD_Copy_5.74_Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\ACH_Wizard_2.2_Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Acme_CADPacker_1.2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\ActPresentation_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Allok_Video_to_iPod_Converter_4.2.0709.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\amiciPhone_beta_4_Key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Amigos_Spanish_Puzzles_(Mac_version)_2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Andrew's_Vector_Plugins_Volume_20_'RandomTouch'_20.1_(Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\AutoBatch_Plug-in_for_Adobe_Acrobat_1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\AutoCAD_Update_Tool_2.0.6.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\AutoDWG_DWG2Image_Converter_3.1_(Key+Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\avira_antivir_KEY.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Banzai_Bug_demo.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Batch_To_Exe_Converter_1.3.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\BitKinex_Screen_Saver_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Bureau_of_Meteorology_Radar_1.0a.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Business_Manager_2007_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\BuzZer_0.4.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\CalendarMirror_for_Outlook_2.0.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\CamaroZ28.Com_Screen_Saver_Classic_1.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\CFX_Industry_2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Cinematize_2.06.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\CleanDisk_3.0_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Comodo_AntiVirus_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\DecisionSupport_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Descent_3_v1.0_demo.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Desktop_Password_Reset_1.2.014.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Diamond_Calculator_3.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Digital_ObjectRescue_Professional_4.3_build_156.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Disk2File_1.31.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Easy_ClipBoard_2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Easy_MP3_Sound_Recorder_3.1.2.65_(Key+Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Faith_Visitation_Manager_2.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\flv2avi_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\FlyAway_-_Catch_Me_If_You_Can!_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Fractangles_Theme_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\FreeCell_1.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Fright_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\GlobWare_LockFile_0.3c.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Handy_Backup_Free_5.45.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\HealthFile_Plus_3.2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\HexCmp_2.32_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\IdentaFone_Multi-Line_Caller_ID_4.3.5_(Key+Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\IE_AdBlock_0.4.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\iMiser_Research_Assistant_3.1_(Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Industry_Giant_II_1980-2020_2.1_patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\iURL_1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Japanese-English_Sentence_Hunter_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\JHealthCheck_1.0_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Julian_Day_Converter_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Kagaya_Screensaver_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Kaspersky.Antivirus.5.0.20.Personal.Pro.with.Key.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Keygen.BitDefender.v9.Pro.Plus.par.eMule-Paradise.com.+.Argent.avec.logique.mathématique.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Kid_Zone_for_Palm_OS_1.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\kNox_0.8.5.39_Beta.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\KVT_ImageCutter_1.5.0.62_(Serial).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\LBE_Helpdesk_Data_Migration_Tool_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Lightfeather_0.5.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\LingoWare_Hebrew.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\LITTLE_Yellow_Stickers_2.2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\LTC_System_Monitor_1.0_(Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Magellan_Explorer_3.32_build_2305.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\MIKLSOFT_Renamer_1.65_Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\MixBrowser_1.7.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\MP3_Sound_Recorder_2.54.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Multimedia_News_Reader_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Nathan's_Second_Chance_1.03.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Navipane_for_Word_2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\NiceLabel_Express_5.0.1_Build_1444_Cracked.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\NTkrnl_Protector_0.1_Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\PaperCut_Print_Logger_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\PatternExpert_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\PDF2DOCExpress_1.4_(With_Crack).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\PDFConverterX_1.076.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\PingSigma_Standard_0.9.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Pizza_Puzzle_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\PolyView_4.33_(KeyGen).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Private_Notetaker_2.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Property_Intellect_Professional_2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Rapid_PDF_Count_2.01.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Red_Button_2.10.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Registry_Jumper_2.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Resistor_Calculator_7.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\RM-X_Video_Converter_1.0_(Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Rose_Drops_Screensaver_2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\RunningResource_Training_Log_5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Scavenger_Hunt.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Sciral_Consistency_for_Macintosh_1.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Secured_Actions_1.0_Patch.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Security_Icon_Set_2007.3_Key+Serial.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Send_SMS_Sidebar_Gadget_1.7.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\SignPoster_2004_Build_11_(Cracked).zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\SkypeTools_0.1_b.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\SMS_Express_2005_2.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Snappy_Invoice_System_5.0.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Snare_for_Lotus_Notes_1.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Sofia_(Bulgaria)_1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Squeaky_Clean_0.10_Alpha.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Stoik_Imagic_3.5.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\SubliminalEzy_build_10000.1.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Symantec.Antivirus.Corporate.Edition.v10.0.1.1000.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Symantec.pcAnywhere.v12.Full.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Total_Internet_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\TrayLauncher_1.6.0.370.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Turok_2_Seeds_of_Evil_demo.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\TwinView_Plus_12.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\UDP_echo_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\VbGUI_ActiveX_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Video_Club_-_CD_Edition_1.0.3.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Vista_Drop_Down_Menu_1.0.0_Crack.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Warcraft_III_-_Chapter_1_map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Warcraft_III_The_Frozen_Throne_Footmen_Frenzy_River_Crossing_map.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Widgipedia_RSS_Feeds_1.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\WinBlit_Speedread_2.7.0.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\Win_Web_Crawler_2.0.zip (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angélique MAZUR\Application Data\m\shared\ZoneAlarm_with_Antivirus_7.1.078.000.zip (Trojan.Agent) -> Quarantined and deleted successfully.
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
8 nov. 2008 à 21:10
Telecharge FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 3 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 03:01
Bonsoir,

voila le rapport :




----------------- FindyKill V4.095 ------------------

* User : Pharaoh - ANGLIQUE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 07/11/08 par Chiquitine29
* Recherche effectuée à 2:58:07 le 09/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Pharaoh\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\Pharaoh\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Pharaoh\Local Settings\Temporary Internet Files\Content.IE5

Présent ! - C:\Documents and Settings\Pharaoh\Local Settings\Temporary Internet Files\Content.IE5\WXS2RP5O\7D47E622E82D3304EFDB64F3EB042[1].jpg

--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
LSBWatcher REG_SZ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
MSConfig REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

--------------- [ Registre / Clés infectieuses ] ----------------


Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


------------------- ! Fin du rapport ! --------------------
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 10:29
SALUT ; je voit qu'il a eu droit a beagle

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir


--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
0
Réponse 4 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 13:03
Bonjour,


----------------- FindyKill V4.095 ------------------

* User : Pharaoh - ANGLIQUE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 07/11/08 par Chiquitine29
* Suppression effectuée à 12:52:38 le 09/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Suppression des fichiers dans C:


»»»» Suppression des fichiers dans C:\WINDOWS


»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch


»»»» Suppression des fichiers dans C:\WINDOWS\system32


»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers

Supprimé ! - C:\WINDOWS\system32\drivers\srosa.sys
Supprimé ! - C:\WINDOWS\system32\drivers\srosa2.sys

»»»» Suppression des fichiers dans C:\Documents and Settings\Pharaoh\Application Data


»»»» Suppression des fichiers dans C:\DOCUME~1\Pharaoh\LOCALS~1\Temp


»»»» Suppression des fichiers dans C:\Documents and Settings\Pharaoh\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Clés infectieuses ] ----------------


--------------- [ Etat / Redémarage des services ] ----------------


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur amovible

F: - Lecteur amovible


+- Suppression des fichiers :


--------------- [ Registre / Moutpoint2 ] ----------------


-> Recherche négative.


--------------- [ Recherche Cracks / Keygen ] ----------------

C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Classic\gfx\Cracker.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Cruel Weapons 0.96\gfx\crackerlongend.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Cruel Weapons 0.96\gfx\crackershortend.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Cruel Weapons 0.96\gfx\crackerwhole.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\FoodFight v0.6\gfx\crackers.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\LieroX-Mas v1.1\sfx\cracking_fire.WAV
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Shock v1.40 Air\gfx\Cracker.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Shock v1.40 Air\gfx\CrackerBundle1.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Shock v1.40 Air\gfx\CrackerBundle2.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Shock v1.40 Air\gfx\CrackerBundle3.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Shock v1.40 Air\gfx\CrackerBundle4.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Shock v1.40 Air\gfx\CrackerBundle5.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Tnvb v1.1\gfx\displaycracker.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Tnvb v1.1\gfx\displaycrackerexplosion.png
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Tnvb v1.1\sfx\cracker.wav
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Tnvb v1.1\sfx\crackerblow.wav
C:\Documents and Settings\Pharaoh\Bureau\Pharaoh\Jeux\OpenLieroX\Trick or Treat v0.4\sfx\crack.wav


---------------- ! Fin du rapport ! ------------------
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 13:14
1) Télécharge SDFix d' AndyManchesta

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.

2) Redémarre en mode sans échec

3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 13:55
Re,

Voila le rapport SDFix :



[b]SDFix: Version 1.240 [/b]
Run by Pharaoh on 09/11/2008 at 13:33

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 13:48:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000014c
"TracesSuccessful"=dword:0000000a

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Documents and Settings\\Ang‚lique MAZUR\\Bureau\\Nouveau dossier\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\Ang‚lique MAZUR\\Bureau\\Nouveau dossier\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Fri 3 Feb 2006 56 A.SHR --- "C:\WINDOWS\system32\81D281D688.sys"
Mon 23 Oct 2006 13,146 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 28 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 2 Apr 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02418795bf9ae0332d2724a0721b3b6a\BITF.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b0ec6af95107cd747155f214801a1de\BITC.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3887d65d3ab5fa0d45001f504bed5b37\BIT13.tmp"
Sat 8 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\BITD.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6291f486ec5de5182ec3cff2071af184\BIT15.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7351a9d6fb0d30de886b0cdad6ea8ae1\BIT8.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d31f6e93a03bc7a736602ed1adb9986\BITA.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d788a6c74bdc379d0d986e24df63dac\BITE.tmp"
Mon 1 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\be077a0a5c65554c0fa221a5c8a0529b\BITF.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\BIT9.tmp"
Sat 8 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\BITB.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d983f6bace749011714a05db9ad756fb\BIT12.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6709a5593e8edb948fefef2ae74a35e\BIT10.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edf770ea565c428bca41a4befcabb97b\BITB.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ef76b58e91ae8084bf0833c90d4b9382\BIT14.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98e4ab2cb14986b0be91146bef7a2943\download\BIT1B.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb9fda4f2f8a691ab294ebfcbb58c737\download\BIT18.tmp"
Sun 9 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ffe45341c231bb2b0219bca9e5806a77\download\BITD.tmp"

[b]Finished![/b]
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 21:46
télécharge malwarbyte http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebytes anti malware

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer

et on attendant une réponse tu peut refaire un scan malwarbyte mais on mode sans échec car beaucoup plus efficace

comment démarrer on mode sans échec ici tuto http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

tu enregistre le rapport générer de façon a le retrouver et tu poste le nouveau rapport
0
Réponse 6 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 21:57
Bonsoir,

je l'ai déjà fait... Je dois le refaire ? (Je demande parce que si je peux m'éviter un scan de 2h30, ça peut être cool...)
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 22:06
Tu te le fera plus tard on mode sans echec

Télécharge UsbFix sur ton bureau

http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les paramètres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le PC va redémarrer

-->Après redémarrage poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
0
Réponse 7 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 22:28
Re,



-------------- UsbFix V2.400 ---------------

* User : Pharaoh - ANGLIQUE
* Outils mis a jours le 08/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 22:20:34 le 09/11/2008
* Windows Xp - Internet Explorer 6.0.2900.2180


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\DOCUME~1\Pharaoh\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

E: - Lecteur de CD-ROM

F: - Lecteur amovible

G: - Lecteur amovible


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
LSBWatcher REG_SZ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
AVG8_TRAY REG_SZ C:\PROGRA~1\AVG\AVG8\avgtray.exe
DAEMON Tools-1033 REG_SZ "C:\Program Files\D-Tools\daemon.exe" -lang 1033

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

--------------- [ Registre / Mountpoint2 ] ----------------


-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [21/02/1994 19:19] E:\install.exe

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[21/09/2008 09:28][--a------] C:\AUTOEXEC.BAT
[05/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[29/09/2005 13:45][--a------] C:\WindowsXP-KB896256-v3-x86-FRA.exe
[07/11/2008 21:21][---hs----] C:\boot.ini
[21/02/1994 19:19][-r-------] E:\INSTALL.EXE
[13/09/2008 12:11][--a------] F:\vlc.exe
[02/07/2005 13:04][--a------] G:\fo2mapper.exe

--------------- [ Vaccination ] ----------------

C:\autorun.inf - Dossier autorun.inf crée par UsbFix !
F:\autorun.inf - Dossier autorun.inf crée par UsbFix !
G:\autorun.inf - Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 22:30
pour nettoyer les fix qui ont servit

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner

Double clique sur ToolsCleaner2.exe >
puis Recherche
et sur Suppression
Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

tu poste le rapport générer après suppression
0
Réponse 8 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 22:49
Oula, j'ai un gros problème ! J'ai passé l'usbfix et comme tu l'as remarqué il me scanne un lecteur virtuel (E que j'ai généré avec Daemon Tools) J'ai donc voulu retenter le scan en dé-simulant le lecteur E. Alors je refais la manip, l'ordi redémarre, et là, gros souci : quand je vais sur un des sessions, j'ai à peine le temps de voir le wallpaper que la session se déconnecte toute seule ! Que puis-je faire ?
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 22:50
démarre on mode sans échec et désinstalle usbfix
0
Réponse 9 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 22:59
Damned !

Il veut même pas se logger en mode sans echec !
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 23:04
dernière bonne configuration
0
Réponse 10 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 23:11
Même chose... :-(
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 23:19
lance normalement ton PC quand tu arrive a la session tu valide et avant qu'il charge la session tu force l'extinction normalement au prochain redémarrage il te demande comment démarrer et tu demande dernière bonne configuration
0
Réponse 11 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 23:33
Alors quand je fais un redemarrage à l'ancienne (appui long sur le bouton de démarrage), il ne me propose rien. Donc je réessaye en faisant F8 en lançant l'ordi de lancer la "dernière bonne configuration" ==> rien à faire, toujours le même problème... La session se ferme automatiquement.
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 23:40
quand tu lance la session je voudrait que tu stop le chargement de la session avant qu'il redémarre de lui même tu eteind avec le bouton power

si sa marche pas il faudrait lancer une réparation avec le cd windows

mais avant sa je vais demander leur avis aux anciens
0
Réponse 12 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
9 nov. 2008 à 23:47
Je t'assure, je clique sur la session, j'eteind l'ordi avec le bouton Power. Mais j'ai rien au redémarrage. J'ai cherché sur d'autre sujets : Daemon Tools fait grave planter pas mal de PC...
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 nov. 2008 à 23:56
comme je te l'ai dit je vais voir et je te tient au courant

la je sèche a part la réparation avec le CD de windows
0
Réponse 13 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
10 nov. 2008 à 00:00
Quelle merde ce truc ! Bon je pense que je vais faire un reformatage alors...

Merci pour ton aide malgré tout !
0
Réponse 14 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
10 nov. 2008 à 01:15
Alors il vient de se passer quelque chose de bien comique là (à mon sens, hein...) : Quand les ordis de la salle info de ma cité-u (je suis étudiant) déconnectent, je rentre chez moi, mon ordi sous le bras, et décide de lancer une petite réinstalle Windaube. Je me tape tout le bazar, et vers les 15 minutes restantes, devine qui vient se pointer : USBFix !!!
Il finit sa manip tranquile en pleine reinstall... Au point où j'en suis, ça m'a fait marrer. Enfin bref, l'essentiel est que tout est rentré dans l'ordre maintenant... Enfin non... Mais bon, c'est tout de même moins dramatique que de rester sans ordi.

DONC, (grosse virgule), j'ai fait un scan ToolsCleaner dont voici le rapport :

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\SDFIX: trouvé !
C:\!Killbox: trouvé !
C:\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Pharaoh\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Pharaoh\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\Pharaoh\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\Pharaoh\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\Pharaoh\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\Pharaoh\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\UsbFix\UsbFix.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Pharaoh\Bureau\SdFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Pharaoh\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\Pharaoh\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\Pharaoh\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Program Files\UsbFix\UsbFix.exe: supprimé !
C:\SDFIX: supprimé !
C:\!Killbox: supprimé !
C:\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Pharaoh\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Documents and Settings\Pharaoh\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Sauvegarde du registre crée !
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
10 nov. 2008 à 07:49
bonjour

tu telecharge regseeker sur ton bureau http://www.commentcamarche.net/telecharger/telecharger 34055142 regseeker tu le dezippe sur ton bureau avec un clic droit tu fait extraire ici

tu double clic sur le dossier regseeker qui a été générer et tu double clic sur regseeker.exe dans la fenêtre qui s'ouvre

on haut a droite tu a langage tu le mais on français

après a gauche tu a nettoyer le registre tu clic une fois

tu vérifie que tout et cocher sauf service invalide

et tu fait un clique sur nettoyage automatique

reverifie que tout est cocher sauf élément vert

et tu met 4 passe et tu appuie sur go

---------------------------

http://download.registry-clean.net/download/registry-defrag.exe

Double-clique sur le fichier téléchargé pour lancer l'installation. Lorsque l'écran intitulé Licence Agreement apparait, coche I accept the Agreement pour accepter la licence puis clique sur le bouton Next.


A la fin de l'installation, le programme se lance.

Analyse du registre:
Clique sur le bouton Analyse Registry pour lancer l'analyse.

A la fin de l'analyse, un mini rapport vous indique le pourcentage de fragmentation du registre:

Si le pourcentage de fragmentation est trop important, clique sur le bouton Compact/Defrag Registry pour lancer la défragmentation.

A la fin du processus, votre ordinateur doit être redémarré.

--------------------------------

une defragmentation de ton disque dure

https://www.commentcamarche.net/telecharger/ 34055572 defraggler

tu l'installer

Au lancement, le logiciel affiche une fenêtre divisée en trois panneaux. Le panneau supérieur affiche la liste des partitions et lecteurs détectés.

Clique sur le disque à défragmenter (en utilisant le bouton droit de la souris) et sélectionnez defrag Drive dans le menu contextuel.
0
Réponse 15 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
10 nov. 2008 à 15:45
Salut !

J'ai tout fait, je me suis retapé un scan MalewareBytes (rapide), il ne trouve rien. Voila voila... Petit compte rendu :
- Windows Update ne veut pas installer certaines MAJ
- en démarrage sans echec : il m'indique qu'il charge d347bus.sys, chose qu'il ne faisait pas avant
- parfois l'ordi est très long à s'éteindre (après des scan j'ai l'impression)

J'ai tout de même l'impression qu'Explorer est plus rapide. Enfin voila, si t'as encore quelques conseils pour optimiser/nettoyer le portable, je prends. (Peut-être que je devrais me retaper toutes les manip sur l'autre session ?)
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
10 nov. 2008 à 20:03
salut

pour sa essaye d347bus.sys de désinstaller daemon tool et tu fait tourner ccleaner on nettoyeur et registre et voit si sa le charge toujour

0
Réponse 16 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
10 nov. 2008 à 22:56
Bonsoir.

Bah.... ça ira. J'utilise Daemon Tools pour émuler des vieux jeux, j'ai pas trop envie de m'en séparer pour l'instant. Puis ça fait rien déconner à part ça. Bon allez, je marque le problème comme résolu ; je pense que tu m'as bien décrassé mon ordi : le système a l'air plus stable. Je te remercie beaucoup pour le temps que tu as bien voulu me consacrer.

Bonne continuation ! ;-)
0
Réponse 17 / 18
Unreal_Pharaoh Messages postés 28 Date d'inscription vendredi 7 novembre 2008 Statut Membre Dernière intervention 17 avril 2009 1
11 nov. 2008 à 16:30
Si tu passes par là :

Pour le problème des Mises à jour Windows Update, j'ai téléchargé un petit utilitaire miraculeux : Dial-a-fix
Il m'a réinstallé le dossier Windows Update d'après ce que j'ai compris. Beaucoup de personnes ont ce problème et n'arrivent pas à le résoudre, je suis sur que ce prog les aiderai comme il m'a aidé ! Voila voila !
0
Réponse 18 / 18
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
12 nov. 2008 à 01:15
salut

ok et merci bonne nuit
0