Problèmes spools.exe, etc.
Résolu/Fermé44 réponses
Utilisateur anonyme
12 juin 2008 à 20:05
12 juin 2008 à 20:05
Salut ,
Télécharge VundoFix ici -> http://www.atribune.org/ccount/click.php?id=4
lance Vundofix.exe
Coche la case Run VundoFix as a task,
Un pop-up va s'ouvrir , repond ok
Il va se refermer et réouvrir au bout d'une 1 minute environ.
Quand il est réouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Colle le rapport situé dans "c:\vundofix.txt" dans ta réponse
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tutorial :
http://sasi.xooit.fr/t48-Guide-d-utilisation-de-VundoFix.htm
***********************************************************
Télécharge VirtumondoBegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Redémarre en MSE et lance le,
Et poste moi le rapport. ( VBG.txt sauvegardé sur le bureau )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
***********************************************************
→ Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.
→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
→ Ferme MBAM en cliquant sur Quitter.
→ Poste le rapport dans ta réponse
***********************************************************
→ Lance HijackThis et clique sur "Open misc tools section" Déscends jusqu' a "uninstall HijackThis & exit" clique dessus puis répond ' oui ' à la demande de confirmation.
***********************************************************
→ Télécharge TrendMicro™ HijackThis™
Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<
Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe
→ Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...
/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\
→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm
A++
Télécharge VundoFix ici -> http://www.atribune.org/ccount/click.php?id=4
lance Vundofix.exe
Coche la case Run VundoFix as a task,
Un pop-up va s'ouvrir , repond ok
Il va se refermer et réouvrir au bout d'une 1 minute environ.
Quand il est réouvert, clique sur Scan for Vundo
Quand le scan est terminé, clique sur Remove Vundo
Réponds Yes à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
Colle le rapport situé dans "c:\vundofix.txt" dans ta réponse
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tutorial :
http://sasi.xooit.fr/t48-Guide-d-utilisation-de-VundoFix.htm
***********************************************************
Télécharge VirtumondoBegone :
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Redémarre en MSE et lance le,
Et poste moi le rapport. ( VBG.txt sauvegardé sur le bureau )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
***********************************************************
→ Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.
→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
→ Ferme MBAM en cliquant sur Quitter.
→ Poste le rapport dans ta réponse
***********************************************************
→ Lance HijackThis et clique sur "Open misc tools section" Déscends jusqu' a "uninstall HijackThis & exit" clique dessus puis répond ' oui ' à la demande de confirmation.
***********************************************************
→ Télécharge TrendMicro™ HijackThis™
Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<
Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe
→ Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...
/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\
→ Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm
A++
Vundofix :
VundoFix V7.0.5
Scan started at 11:38:20 2008-06-15
Listing files found while scanning....
No infected files were found.
Beginning removal...
P.S. Le programme n'ouvre pas exactement comme tu me l'as mentionné puisque la version n'est plus la même... j'ai tout de même pu le faire fonctionner...
_____________________________________________________________________________
VirtumondoBegone:
[06/15/2008, 11:54:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Janette Pelletier\Desktop\VirtumundoBeGone.exe" )
[06/15/2008, 11:54:54] - Detected System Information:
[06/15/2008, 11:54:54] - Windows Version: 5.1.2600, Service Pack 2
[06/15/2008, 11:54:54] - Current Username: Janette Pelletier (Admin)
[06/15/2008, 11:54:54] - Windows is in SAFE mode with Networking.
[06/15/2008, 11:54:54] - Searching for Browser Helper Objects:
[06/15/2008, 11:54:54] - Finished Searching Browser Helper Objects
[06/15/2008, 11:54:54] - Finishing up...
[06/15/2008, 11:54:54] - Nothing found! Exiting...
P.S. Ce programme a été exécuté en mode sans échec à partir de la session de l'utilisateur et non dans la session administrateur.
_________________________________________________________________________________
Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.17
Database version: 857
12:57:21 2008-06-15
mbam-log-6-15-2008 (12-57-21).txt
Scan type: Full Scan (C:\|)
Objects scanned: 106167
Time elapsed: 33 minute(s), 41 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 39
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 233
Memory Processes Infected:
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\ftp34.dll (Trojan.DownLoader) -> Unloaded module successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Unloaded module successfully.
C:\WINDOWS\system32\basecgia32.dll (Trojan.Downloader) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinAntivirusPro (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\ImagePath (Hijack.Service) -> Bad: (C:\WINDOWS\system32\drivers\spools.exe) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\LiveAntispy (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\ftp34.dll (Trojan.DownLoader) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Administrator\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Local Settings\Temp\ShprInstaller.exe (Adware.Shoper) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP796\A0082800.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082845.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082846.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082848.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082849.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082850.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082851.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082853.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082854.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082855.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082856.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082857.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082858.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082859.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082860.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082861.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082862.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082863.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082864.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082865.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082866.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082867.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082868.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082870.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082871.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082872.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082873.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082875.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082876.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082877.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082878.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082879.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082880.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082881.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP803\A0087863.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089260.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089262.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089263.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089264.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089265.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089266.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089267.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089269.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089270.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089271.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089272.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089273.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089274.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089275.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089276.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089277.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089278.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089279.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089280.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089281.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089282.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089283.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089284.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089285.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089286.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089287.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089295.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089296.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089297.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091704.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091708.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091709.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091710.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091711.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091712.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091713.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091714.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091718.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP853\A0092646.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP853\A0092647.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093712.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093714.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093718.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093757.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093758.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093760.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093768.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093769.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093771.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093777.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093778.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093780.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093786.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093787.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093789.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093795.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093796.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093799.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093805.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093806.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094805.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094806.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094808.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094814.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094815.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094817.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094823.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094824.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094826.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094834.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094835.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094837.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094844.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094845.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094847.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094853.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094854.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095853.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095854.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095856.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095863.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095864.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095866.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095872.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095873.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096872.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096873.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096875.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096881.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096882.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097881.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097882.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097884.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097892.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097893.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097895.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097903.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097904.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098903.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098904.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098906.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098913.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098914.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098916.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098928.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098932.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098933.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098935.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098950.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098951.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098954.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099950.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099951.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099953.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099961.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099962.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099964.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100091.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100093.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100101.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100102.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100103.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100117.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100129.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100130.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100131.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100141.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100142.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100146.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100164.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100165.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100166.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100173.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100174.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100175.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100185.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100186.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100187.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100194.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100195.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100196.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100203.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100204.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100205.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100212.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100213.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100214.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100221.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100222.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100223.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100230.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100231.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100232.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100238.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100239.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100244.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100245.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100246.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIbaWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy.lic (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy1.la (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\Uninstall.exe (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basecgia32.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\basenlu32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004AC45.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C2131.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
P.S. Trois items ont refusé d'être effacé... on m'a mentionné d'effectuer un re-démarrage pour tenter la supression de ces éléments, ce que j'ai fait. Je ne sais pas, par contre, si ces éléments ont été effacés. Ce programme n'a pas été utilisé en mode sans échec.
____________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:13, on 2008-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
VundoFix V7.0.5
Scan started at 11:38:20 2008-06-15
Listing files found while scanning....
No infected files were found.
Beginning removal...
P.S. Le programme n'ouvre pas exactement comme tu me l'as mentionné puisque la version n'est plus la même... j'ai tout de même pu le faire fonctionner...
_____________________________________________________________________________
VirtumondoBegone:
[06/15/2008, 11:54:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Janette Pelletier\Desktop\VirtumundoBeGone.exe" )
[06/15/2008, 11:54:54] - Detected System Information:
[06/15/2008, 11:54:54] - Windows Version: 5.1.2600, Service Pack 2
[06/15/2008, 11:54:54] - Current Username: Janette Pelletier (Admin)
[06/15/2008, 11:54:54] - Windows is in SAFE mode with Networking.
[06/15/2008, 11:54:54] - Searching for Browser Helper Objects:
[06/15/2008, 11:54:54] - Finished Searching Browser Helper Objects
[06/15/2008, 11:54:54] - Finishing up...
[06/15/2008, 11:54:54] - Nothing found! Exiting...
P.S. Ce programme a été exécuté en mode sans échec à partir de la session de l'utilisateur et non dans la session administrateur.
_________________________________________________________________________________
Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.17
Database version: 857
12:57:21 2008-06-15
mbam-log-6-15-2008 (12-57-21).txt
Scan type: Full Scan (C:\|)
Objects scanned: 106167
Time elapsed: 33 minute(s), 41 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 39
Registry Values Infected: 9
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 233
Memory Processes Infected:
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\ftp34.dll (Trojan.DownLoader) -> Unloaded module successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Unloaded module successfully.
C:\WINDOWS\system32\basecgia32.dll (Trojan.Downloader) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\schedule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WinAntivirusPro (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntuser (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autoload (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\ImagePath (Hijack.Service) -> Bad: (C:\WINDOWS\system32\drivers\spools.exe) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\LiveAntispy (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\ftp34.dll (Trojan.DownLoader) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Administrator\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Local Settings\Temp\ShprInstaller.exe (Adware.Shoper) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\ftp34.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP796\A0082800.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082845.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082846.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082848.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082849.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082850.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082851.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082853.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082854.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082855.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082856.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082857.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082858.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082859.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082860.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082861.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082862.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082863.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082864.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082865.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082866.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082867.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082868.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082870.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082871.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082872.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082873.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082875.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082876.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082877.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082878.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082879.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082880.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP797\A0082881.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP803\A0087863.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089260.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089262.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089263.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089264.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089265.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089266.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089267.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089269.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089270.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089271.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089272.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089273.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089274.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089275.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089276.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089277.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089278.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089279.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089280.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089281.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089282.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089283.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089284.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089285.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089286.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089287.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089295.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089296.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP823\A0089297.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091704.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091708.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091709.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091710.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091711.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091712.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091713.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091714.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP852\A0091718.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP853\A0092646.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP853\A0092647.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093712.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093714.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093718.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093757.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093758.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093760.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093768.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093769.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093771.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093777.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093778.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093780.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093786.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093787.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093789.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093795.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093796.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093799.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093805.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0093806.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094805.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094806.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094808.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094814.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094815.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094817.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094823.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094824.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094826.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094834.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094835.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094837.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094844.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094845.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094847.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094853.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0094854.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095853.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095854.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095856.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095863.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095864.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095866.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095872.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0095873.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096872.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096873.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096875.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096881.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0096882.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097881.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097882.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097884.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097888.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097892.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097893.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097895.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097903.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0097904.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098903.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098904.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098906.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098913.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098914.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098916.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098928.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098932.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098933.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098935.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098950.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098951.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0098954.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099950.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099951.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099953.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099961.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099962.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP854\A0099964.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100091.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100093.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100101.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100102.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100103.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100117.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100129.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100130.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100131.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100141.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100142.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100146.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100164.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100165.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100166.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100173.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100174.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100175.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100185.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100186.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100187.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100194.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100195.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100196.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100203.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100204.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100205.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100212.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100213.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100214.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100221.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100222.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100223.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100230.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100231.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100232.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100238.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100239.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100244.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100245.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100246.dll (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIbaWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sav.cpl (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy.lic (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\LiveAntispy1.la (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Program Files\LiveAntispy\Uninstall.exe (Rogue.LiveAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spools.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\basecgia32.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\basenlu32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004AC45.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C2131.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\cftmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Janette Pelletier\Application Data\Install.dat (Trojan.Agent) -> Quarantined and deleted successfully.
P.S. Trois items ont refusé d'être effacé... on m'a mentionné d'effectuer un re-démarrage pour tenter la supression de ces éléments, ce que j'ai fait. Je ne sais pas, par contre, si ces éléments ont été effacés. Ce programme n'a pas été utilisé en mode sans échec.
____________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:13, on 2008-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Utilisateur anonyme
15 juin 2008 à 20:01
15 juin 2008 à 20:01
Salut , !
Beau ménage fait par MBAM.
Je prend note des soucis que tu as eu.
Redémarre et fait ceci :
**************************************************
→ Télécharge Navilog1
et enregistre-le sur ton bureau.
→ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis l'option 1
→ Pendant le scan ton anti-virus risque de gueuler , ne t'inquiete pas c'est normal ;)
Patiente jusqu'au message
*** Analyse Termine le ..... ***
Puis poste moi le rapport.
( rapport situé a la racine du disque -> C:\Fixnavi.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tutorial :
http://mickael.barroux.free.fr/securite/navilog.php
**************************************************
Ferme Internet Explorer puis fait :
Démarrer > panneau de configuration > options internet
Onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs :
→ Tu les supprimes.
**************************************************
a++
Beau ménage fait par MBAM.
Je prend note des soucis que tu as eu.
Redémarre et fait ceci :
**************************************************
→ Télécharge Navilog1
et enregistre-le sur ton bureau.
→ Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis l'option 1
→ Pendant le scan ton anti-virus risque de gueuler , ne t'inquiete pas c'est normal ;)
Patiente jusqu'au message
*** Analyse Termine le ..... ***
Puis poste moi le rapport.
( rapport situé a la racine du disque -> C:\Fixnavi.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Tutorial :
http://mickael.barroux.free.fr/securite/navilog.php
**************************************************
Ferme Internet Explorer puis fait :
Démarrer > panneau de configuration > options internet
Onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs :
_electronic-group _egroup _Montorgueil _VIP _Sunny Day Design Ltd _OOO-Favorit
→ Tu les supprimes.
**************************************************
a++
Concernant ces fichiers :
_electronic-group
_egroup
_Montorgueil
_VIP
_Sunny Day Design Ltd
_OOO-Favorit
dans l'onglet certificats, éditeurs approuvés, aucune n'a été trouvé..... désolé pour le délai de réponse, j'ai été occupé à mon job et il s'agit de l'ordinateur personnel de quelqu'un de ma famille..
je te reviens très bientôt pour le rapport de navilog.
++
fobb
_electronic-group
_egroup
_Montorgueil
_VIP
_Sunny Day Design Ltd
_OOO-Favorit
dans l'onglet certificats, éditeurs approuvés, aucune n'a été trouvé..... désolé pour le délai de réponse, j'ai été occupé à mon job et il s'agit de l'ordinateur personnel de quelqu'un de ma famille..
je te reviens très bientôt pour le rapport de navilog.
++
fobb
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re-bonjour,
voici donc, le rapport navilog de l'ordinateur...il semble avoir encore avoir trouvé des choses:
Search Navipromo version 3.6.0 commencé le 2008-07-05 à 9:40:07,12
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Janette Pelletier"
Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO
Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***
*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guest\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guest\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\startm~1\programs" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guest\startm~1\programs" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Guest\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Guest\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\vvxGQBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 2008-07-05 à 9:46:54,81 ***
En espérant avoir de vos nouvelles... désolé pour le délai.
Merci!
Etienne
voici donc, le rapport navilog de l'ordinateur...il semble avoir encore avoir trouvé des choses:
Search Navipromo version 3.6.0 commencé le 2008-07-05 à 9:40:07,12
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Janette Pelletier"
Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO
Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***
*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guest\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guest\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Janette Pelletier\startm~1\programs" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***
*** Recherche dossiers dans "C:\DOCUME~1\Guest\startm~1\programs" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Guest\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Guest\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\vvxGQBeg.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 2008-07-05 à 9:46:54,81 ***
En espérant avoir de vos nouvelles... désolé pour le délai.
Merci!
Etienne
Utilisateur anonyme
10 juil. 2008 à 02:30
10 juil. 2008 à 02:30
Salut
cyril n est plus present sur le forum
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\vvxGQBeg.ini2
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
ensuite :
Double cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valides.
(ne fais pas le choix 3 ou 4 sans notre avis/accord)
Le fix va t'informer qu'il va alors redémarrer ton PC
Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuies sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc-notes. Ton bureau va réapparaitre
PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
Postes le rapport içi.
cyril n est plus present sur le forum
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\vvxGQBeg.ini2
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
ensuite :
Double cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valides.
(ne fais pas le choix 3 ou 4 sans notre avis/accord)
Le fix va t'informer qu'il va alors redémarrer ton PC
Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuies sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc-notes. Ton bureau va réapparaitre
PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.
Postes le rapport içi.
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
10 juil. 2008 à 02:31
10 juil. 2008 à 02:31
Salut !!
- Double-Clic navilog1
- Choisir cette fois option 2 taper 2
note : le bureau disparaît
-redémarrage du pc
- mettre le rapport dans la réponse
ensuite refais un nouveau rapport hijackthis stp
- Double-Clic navilog1
- Choisir cette fois option 2 taper 2
note : le bureau disparaît
-redémarrage du pc
- mettre le rapport dans la réponse
ensuite refais un nouveau rapport hijackthis stp
Bonjour,
comme demandé :
@ Chiquitine29 :
C:\WINDOWS\system32\vvxGQBeg.ini2 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_090512
___________________________________________________________________
@ Chiquitine29 et @ geoffrey5 :
Clean Navipromo version 3.6.0 commencé le 2008-07-11 à 9:22:51,29
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Janette Pelletier"
Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO
Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\Guest\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***
*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Guest\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Guest\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\startm~1\programs" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***
*** Suppression dossiers dans "C:\DOCUME~1\Guest\startm~1\programs" ***
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Janette Pelletier\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Dans "C:\DOCUME~1\Guest\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 2008-07-11 à 9:26:54,62 ***
______________________________________________________________________________
@ geoffrey5 :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:00, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
comme demandé :
@ Chiquitine29 :
C:\WINDOWS\system32\vvxGQBeg.ini2 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_090512
___________________________________________________________________
@ Chiquitine29 et @ geoffrey5 :
Clean Navipromo version 3.6.0 commencé le 2008-07-11 à 9:22:51,29
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Janette Pelletier"
Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO
Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\Guest\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\startm~1\programs" ***
*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Guest\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Guest\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Janette Pelletier\startm~1\programs" ***
*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" ***
*** Suppression dossiers dans "C:\DOCUME~1\Guest\startm~1\programs" ***
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Janette Pelletier\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\Janette Pelletier\locals~1\applic~1" *
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Dans "C:\DOCUME~1\Guest\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le 2008-07-11 à 9:26:54,62 ***
______________________________________________________________________________
@ geoffrey5 :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40:00, on 2008-07-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Utilisateur anonyme
11 juil. 2008 à 16:30
11 juil. 2008 à 16:30
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
SmitFraudFix v2.329
Scan done at 20:40:39,89, 2008-07-11
Run from C:\Documents and Settings\Janette Pelletier\Desktop\fff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Janette Pelletier
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Janette Pelletier\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JANETT~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 20:40:39,89, 2008-07-11
Run from C:\Documents and Settings\Janette Pelletier\Desktop\fff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Janette Pelletier
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Janette Pelletier\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JANETT~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Utilisateur anonyme
12 juil. 2008 à 02:47
12 juil. 2008 à 02:47
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
SmitFraudFix v2.329
Scan done at 18:39:50,79, 2008-07-13
Run from C:\Documents and Settings\Janette Pelletier\Desktop\fff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
P.S. Ma mère mentionne qu'elle peut de nouveau changer ses fonds d'écran.... vraiment génial. Pour ce qui est de la session "Guest" qui a été créé, vous savez comment on peut l'effacer facilement? surement que la session a été créée par erreur de la part d,une personne utilisant l'ordinateur... Merci de m'éclairer là dessus et de demander d'autres rapports si nécessaire.
Scan done at 18:39:50,79, 2008-07-13
Run from C:\Documents and Settings\Janette Pelletier\Desktop\fff\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8DB5C8AD-5FCE-4536-AB13-0B3057CCE976}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
P.S. Ma mère mentionne qu'elle peut de nouveau changer ses fonds d'écran.... vraiment génial. Pour ce qui est de la session "Guest" qui a été créé, vous savez comment on peut l'effacer facilement? surement que la session a été créée par erreur de la part d,une personne utilisant l'ordinateur... Merci de m'éclairer là dessus et de demander d'autres rapports si nécessaire.
Utilisateur anonyme
14 juil. 2008 à 01:07
14 juil. 2008 à 01:07
salut en effet smithfraud c étais pour debloquer le fond d ecran
il nous faudrait un nouveu rapport hijackthis stp
et regarde depuis le panneau de configuration pour supprimer le session guest
il nous faudrait un nouveu rapport hijackthis stp
et regarde depuis le panneau de configuration pour supprimer le session guest
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:32, on 2008-07-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Scan saved at 12:22:32, on 2008-07-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110586416046
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Utilisateur anonyme
16 juil. 2008 à 18:46
16 juil. 2008 à 18:46
ok on termine
réouvre hijackthis
fais scan only
coche ces lignes :
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
et clic sur fix checked
ensuite fais ceci :
Démarrer > executer > tape : services.msc
- Clic droit sur le service cité - My Web Search Service
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
ensuite concernant Mc Afee je te conseil de le désinstaller au profit d antivir (gratuit en anglais mais simple)
->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
ensuite il n y a pas de parefeu (attention faudra le configurer)
pare-feu gratuits
télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/
ou
télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/
SITE de Kerio
https://kerio.probb.fr/
ou
ComodoFirewallPro 2.4 téléchargement
http://www.personalfirewall.comodo.com/
Tuto pour la 2.4
https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
Tuto pour la 2.4
http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225
ou
OnlineArmor :
téléchargement:https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall
tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
:https://www.malekal.com/tutorial-online-armor-free/
A lire :
https://www.commentcamarche.net/contents/992-firewall-pare-feu
ensuite :
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite :
Télecharge et instal AVG anti spyware:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
instal le et met le a jours
ensuite lance le scan et supprime
puis poste le rapport sur le forum stp
ensuite :
telecharge et instal regcleaner:
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
tutorial :
https://forums.cnetfrance.fr
http://www.softastuces.com/tuto/maint/regcleaner/
ensuite pour finir :
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
et :
Clic sur "démarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coche la case "désactiver la Restauration du systéme sur tous les lecteurs", puis clic sur "appliquer"
¤ décoche la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "démarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé. Si un jour tu décides tu pourras revenir en arrière à la date créée.
Tuto : http://www.libellules.ch/desactiver_restauration.php
réouvre hijackthis
fais scan only
coche ces lignes :
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
et clic sur fix checked
ensuite fais ceci :
Démarrer > executer > tape : services.msc
- Clic droit sur le service cité - My Web Search Service
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
ensuite concernant Mc Afee je te conseil de le désinstaller au profit d antivir (gratuit en anglais mais simple)
->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
ensuite il n y a pas de parefeu (attention faudra le configurer)
pare-feu gratuits
télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/
ou
télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/
SITE de Kerio
https://kerio.probb.fr/
ou
ComodoFirewallPro 2.4 téléchargement
http://www.personalfirewall.comodo.com/
Tuto pour la 2.4
https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
Tuto pour la 2.4
http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225
ou
OnlineArmor :
téléchargement:https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall
tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
:https://www.malekal.com/tutorial-online-armor-free/
A lire :
https://www.commentcamarche.net/contents/992-firewall-pare-feu
ensuite :
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite :
Télecharge et instal AVG anti spyware:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
instal le et met le a jours
ensuite lance le scan et supprime
puis poste le rapport sur le forum stp
ensuite :
telecharge et instal regcleaner:
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
tutorial :
https://forums.cnetfrance.fr
http://www.softastuces.com/tuto/maint/regcleaner/
ensuite pour finir :
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
et :
Clic sur "démarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"
¤ coche la case "désactiver la Restauration du systéme sur tous les lecteurs", puis clic sur "appliquer"
¤ décoche la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "démarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé. Si un jour tu décides tu pourras revenir en arrière à la date créée.
Tuto : http://www.libellules.ch/desactiver_restauration.php
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:03, on 2008-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Scan saved at 12:25:03, on 2008-07-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Salut,
j'ai finalement installé Mcafee à ma mère, j'ai utilisé Ccleaner, AVG anti spyware, regcleaner avec succès.
Je n'ai pas encore effectué la restauration du systeme puisque je n'ai pas utilisé toolscleaner encore....jme demande prq je devrais effacer ces programmes qui sont utiles, non pas pour ma mère, mais pour moi sur son propre pc si je dois effectuer d'autres nettoyages plus tard. Est-il tout de même préférable que je les efface et que je revienne ici si il y a des problèmes ultérieurs?
voici le rapport AVG :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:07:07 2008-08-03
+ Résultat de l'analyse:
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100094.exe -> Not-A-Virus.PUP.WinAntiVirus.o : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Cookies\janette_pelletier@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Cookies\janette_pelletier@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Desktop\SmitfraudFix\IEDFix.exe -> Trojan.Renos.vaoz : Aucune action entreprise.
C:\WINDOWS\system32\IEDFix.exe -> Trojan.Renos.vaoz : Aucune action entreprise.
Fin du rapport
*BON ON MENTIONNE QU'IL N'Y A AUCUNE ACTION PRISE, MAIS C'EST QUE J'AI SAUVEGARDÉ LE RAPPORT AVANT LE NETTOYAGE...J'AI PRIS LE SOIN DE TOUS LES SUPPRIMER, MÊME SI LE PROGRAMME VOULAIT EN METTRE DEUX EN QUARANTAINE.
Je t'ai aussi refait un rapport hijackthis au cas où tu verrais autre chose :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:02, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Recettes du Québec\recettes.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Application Installer Cleanup (0060091217811987) (0060091217811987mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\006009~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
j'ai finalement installé Mcafee à ma mère, j'ai utilisé Ccleaner, AVG anti spyware, regcleaner avec succès.
Je n'ai pas encore effectué la restauration du systeme puisque je n'ai pas utilisé toolscleaner encore....jme demande prq je devrais effacer ces programmes qui sont utiles, non pas pour ma mère, mais pour moi sur son propre pc si je dois effectuer d'autres nettoyages plus tard. Est-il tout de même préférable que je les efface et que je revienne ici si il y a des problèmes ultérieurs?
voici le rapport AVG :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:07:07 2008-08-03
+ Résultat de l'analyse:
C:\System Volume Information\_restore{8BFB2B94-1BF6-4A4A-801B-F0DA668073A2}\RP855\A0100094.exe -> Not-A-Virus.PUP.WinAntiVirus.o : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Cookies\janette_pelletier@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Cookies\janette_pelletier@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Janette Pelletier\Desktop\SmitfraudFix\IEDFix.exe -> Trojan.Renos.vaoz : Aucune action entreprise.
C:\WINDOWS\system32\IEDFix.exe -> Trojan.Renos.vaoz : Aucune action entreprise.
Fin du rapport
*BON ON MENTIONNE QU'IL N'Y A AUCUNE ACTION PRISE, MAIS C'EST QUE J'AI SAUVEGARDÉ LE RAPPORT AVANT LE NETTOYAGE...J'AI PRIS LE SOIN DE TOUS LES SUPPRIMER, MÊME SI LE PROGRAMME VOULAIT EN METTRE DEUX EN QUARANTAINE.
Je t'ai aussi refait un rapport hijackthis au cas où tu verrais autre chose :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:02, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Recettes du Québec\recettes.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Recettes du Québec.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?6fb64b581a51425c85ce66a2fa5bf5a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6fb64b581a51425c85ce66a2fa5bf5a0
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: McAfee Application Installer Cleanup (0060091217811987) (0060091217811987mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\006009~1.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
fobb
Messages postés
47
Date d'inscription
samedi 9 août 2008
Statut
Membre
Dernière intervention
25 février 2010
9 août 2008 à 20:18
9 août 2008 à 20:18
second Up.....
j'ai envoyé un message pv à chiquitine...aucune réponse...
quelqu'un sait si il fait toujours partie de votre équipE?
merci
j'ai envoyé un message pv à chiquitine...aucune réponse...
quelqu'un sait si il fait toujours partie de votre équipE?
merci