[Résolu]Se débarrasser de Malware Defender 2009 : Aide pour supprimer les virus

[Résolu]Se débarrasser de Malware Defender 2009

Si vous avez des problèmes pour supprimer virus ou troyens installés sur votre ordinateur, vous pouvez demander de l'aide dans ce forum.

Modérateur: Modérateurs

Règles du forum
Merci de consulter Les règles du forum

Rappel: Le langage SMS et les abréviations ne sont pas tolérés sur ce forum. Les demandes d'aide écrites en SMS ou formulées dans un français trop approximatif ne seront pas traitées
Répondre

[Résolu]Se débarrasser de Malware Defender 2009



Publicité
 
Haut

[Résolu]Se débarrasser de Malware Defender 2009

Messagede lollydeath » 20 Mar 2009, 08:49

OS: XP
objectif: dire adieu à ce petit bijoux de MD 2009 ^^

J'ai suivit l'étape de ce lien: http://www.vista-xp.fr/forum/topic38.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:32, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Documents and Settings\lolly\Application Data\nidle\nidle.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wcenter.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wudfhost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_watchop.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Malware Defender 2009\malwaredef.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {b645ee8f-1139-4054-8fa8-000a4de468d4} - C:\WINDOWS\system32\zizesabo.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\enc 01.exe
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\lolly\winlogon.exe
O4 - HKLM\..\Run: [yuforojabi] Rundll32.exe "C:\WINDOWS\system32\mozulavo.dll",s
O4 - HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [4c55e43b] rundll32.exe "C:\WINDOWS\system32\ruhefife.dll",b
O4 - HKLM\..\Run: [CPM4f66d7a7] Rundll32.exe "c:\windows\system32\yizimife.dll",a
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [pure sect] C:\DOCUME~1\lolly\APPLIC~1\REALIT~1\VcWay.exe
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\lolly\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [yuforojabi] Rundll32.exe "C:\WINDOWS\system32\mozulavo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\yijukidi.dll c:\windows\system32\yizimife.dll
O21 - SSODL: HardwareDrivers - {D25BCD5E-8295-4462-A81D-64EDA68B62C4} - C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 - SSODL: DriversLoad - {4D244C91-9DC9-4267-A9D1-C0A02E2803C7} - C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\ecepgmldzw.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yizimife.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yizimife.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe

--
End of file - 8168 bytes




[Merci ^^! D'après ce que j'ai pu lire un peu partout vaut mieu pas que j'essaye toute seule xD]
lollydeath
Nouveau
Nouveau
 
Messages: 7
Inscription: 20 Mar 2009, 08:44
Haut

Messagede Marie » 20 Mar 2009, 12:19

Bonjour et bienvenue sur le forum :sourire:

Ton PC est multi-infecté. Notamment par Vundo qui doit considérablement ralentir la machine.
On va parer au plus pressé:


:arrow: Désinstalle SpyHunter par Ajout/Suppression de programmes. C'est un rogue.



:arrow: Télécharge Malwarebytes Anti-Malware.

  • Installe le et mets le à jour lorsque ça t'est proposé.
    A la fin de la mise à jour le programme se lance.
  • Coche la case Exécuter un examen complet puis clique sur Rechercher.
  • Sélectionne (coche) toutes tes partitions puis clique sur Lancer l'examen.
  • Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton Montrer les résultats.
  • Dans la fenêtre suivante clique sur Supprimer la sélection
  • Si le programme te propose de redémarrer l'ordinateur, accepte!
  • Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu dans ta prochaine réponse.


Si besoin tu peux consulter le tuto suivant: Comment installer et utiliser Malwarebytes' Anti-Malware



:arrow: Une fois le PC redémarré, poste un nouveau rapport HijackThis
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagede lollydeath » 20 Mar 2009, 13:53

Merci Marie ^^ Voualà

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:37, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\enc 01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [pure sect] C:\DOCUME~1\lolly\APPLIC~1\REALIT~1\VcWay.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [yuforojabi] Rundll32.exe "C:\WINDOWS\system32\mozulavo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5614 bytes


Ya encore du boulot -_-'
lollydeath
Nouveau
Nouveau
 
Messages: 7
Inscription: 20 Mar 2009, 08:44
Haut

Messagede Marie » 20 Mar 2009, 14:10

:arrow: Tu as oublié de me poster le rapport Malwarebytes. :wink:

Récupère le de la façon suivante:

Lance Malwarebytes, sélectionne l'onglet Rapports/Logs et recherche le rapport qui porte la date du jour: mbam-log-MM-JJ-AAAA (HH-MM-SS).txt. Ouvre le et copie-colle son contenu dans ta prochaine réponse.




On passe à la suite: Recherche des fichiers infectés par LOP

:arrow: Télécharge Lop S&D < ici d’ Eric 71 & Angeldark

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )


( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagede lollydeath » 20 Mar 2009, 14:20

Voilà pour le premier rapport que j'avais oublié.

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1876
Windows 5.1.2600 Service Pack 3

20/03/2009 15:49:12
mbam-log-2009-03-20 (15-49-12).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 112482
Temps écoulé: 31 minute(s), 8 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 8
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 71

Processus mémoire infecté(s):
C:\Documents and Settings\lolly\Application Data\nidle\nidle.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\wcenter.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Program Files\Malware Defender 2009\malwaredef.exe (Rogue.MalwareDefender) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ruhefife.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yijukidi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yizimife.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zizesabo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mozulavo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll (Trojan.Fakealert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\ecepgmldzw.dll (Trojan.Fakealert) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\srff.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b645ee8f-1139-4054-8fa8-000a4de468d4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b645ee8f-1139-4054-8fa8-000a4de468d4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b645ee8f-1139-4054-8fa8-000a4de468d4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d25bcd5e-8295-4462-a81d-64eda68b62c4} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d244c91-9dc9-4267-a9d1-c0a02e2803c7} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ExtSecurityCenter (Rogue.ExtSecurityCenter) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009 (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4c55e43b (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuforojabi (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm4f66d7a7 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hardwaredrivers (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\driversload (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nidle (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwaredef (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows logon applicationedc (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yijukidi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yijukidi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yijukidi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yizimife.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yizimife.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2009 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI15 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009 (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\quarantine (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers (Rogue.MalwareDefender2009) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\refurepo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\operufer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruhefife.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efifehur.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mozulavo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yizimife.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zizesabo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yijukidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll (Trojan.Fakealert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\ecepgmldzw.dll (Trojan.Fakealert) -> Delete on reboot.
C:\Documents and Settings\lolly\Application Data\nidle\nidle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\malwaredef.exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\win.exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\svchos.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Application Data\SpeedRunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Application Data\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Local Settings\Temp\__14.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Local Settings\Temp\__15.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Local Settings\Temp\__18.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Local Settings\Temp\__1C.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Local Settings\Temporary Internet Files\Content.IE5\X7K3SQIS\virusremover2009_setup_free_rezer_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\mqir\mqira.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\mqir\mqirl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\mqir\mqirp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\mqir\mqird\mqirc.dll (Adware.TargetServer) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Adware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\VnrPack28.exe (Adware.SpeedMonitor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP136\A0049322.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049383.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0050383.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0051382.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051400.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051425.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051440.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0052433.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0052443.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0053440.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0053454.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ravuhavu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rijavuza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsuninst.exe (Spyware.TargetSaver) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hodisuto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kawolumi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI02\aNI022328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI15\aNI151080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2009\ExtSecurityCenter.exe (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\conf.cfg (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\mbase.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\quarantine.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\queue.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\uninstall.exe (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\vbase.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\Bureau\Malware Defender 2009.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\lolly\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
















Et le second rapport avec Lop

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor LE-1150 )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : lolly ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:149 Go (Free:133 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 20/03/2009|16:16 )

--------------------\\ Listing des dossiers dans APPLIC~1

[24/10/2008|16:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/02/2009|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative
[13/02/2009|18:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[27/10/2008|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[04/03/2009|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CDTEST
[25/10/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
[27/10/2008|22:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[20/03/2009|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[25/10/2008|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[20/03/2009|15:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/10/2008|13:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
[27/10/2008|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[24/10/2008|17:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[22/10/2008|20:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[22/10/2008|20:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[24/10/2008|16:24] C:\DOCUME~1\lolly\APPLIC~1\Adobe
[27/10/2008|23:38] C:\DOCUME~1\lolly\APPLIC~1\Creative
[20/03/2009|01:14] C:\DOCUME~1\lolly\APPLIC~1\FUJIFILM
[30/01/2009|18:50] C:\DOCUME~1\lolly\APPLIC~1\gtk-2.0
[22/10/2008|20:30] C:\DOCUME~1\lolly\APPLIC~1\Identities
[20/03/2009|01:07] C:\DOCUME~1\lolly\APPLIC~1\InstallShield
[27/10/2008|22:53] C:\DOCUME~1\lolly\APPLIC~1\LimeWire
[23/10/2008|14:55] C:\DOCUME~1\lolly\APPLIC~1\Macromedia
[20/03/2009|15:15] C:\DOCUME~1\lolly\APPLIC~1\Malwarebytes
[13/02/2009|18:04] C:\DOCUME~1\lolly\APPLIC~1\Microsoft
[05/12/2008|21:29] C:\DOCUME~1\lolly\APPLIC~1\Mozilla
[24/10/2008|14:41] C:\DOCUME~1\lolly\APPLIC~1\OpenOffice.org
[26/10/2008|11:14] C:\DOCUME~1\lolly\APPLIC~1\Real
[06/02/2009|21:31] C:\DOCUME~1\lolly\APPLIC~1\Real Itch Link
[17/12/2008|12:09] C:\DOCUME~1\lolly\APPLIC~1\Samsung
[23/10/2008|19:17] C:\DOCUME~1\lolly\APPLIC~1\Sun
[24/10/2008|14:39] C:\DOCUME~1\lolly\APPLIC~1\Talkback
[20/03/2009|15:49] C:\DOCUME~1\lolly\APPLIC~1\Twain
[23/10/2008|08:36] C:\DOCUME~1\lolly\APPLIC~1\vlc
[27/10/2008|17:53] C:\DOCUME~1\lolly\APPLIC~1\WinRAR

[22/10/2008|20:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[20/03/2009 16:00][--ah-----] C:\WINDOWS\tasks\ADDCA266911B5C16.job
[20/03/2009 15:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( ADDCA266911B5C16.job )=( c:\docume~1\lolly\applic~1\realit~1\Elsespamsixth.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[24/10/2008|16:28] C:\Program Files\Adobe
[13/02/2009|22:03] C:\Program Files\Alwil Software
[25/10/2008|22:36] C:\Program Files\Audible
[18/03/2009|13:15] C:\Program Files\AxBx
[06/02/2009|21:29] C:\Program Files\Circle Developeent
[22/10/2008|20:24] C:\Program Files\ComPlus Applications
[25/10/2008|22:37] C:\Program Files\Creative
[25/10/2008|22:35] C:\Program Files\Creative Installation Information
[20/03/2009|10:05] C:\Program Files\Enigma Software Group
[18/03/2009|12:59] C:\Program Files\Fichiers communs
[20/03/2009|12:16] C:\Program Files\FinePixViewer
[16/11/2008|19:29] C:\Program Files\GIMP-2.0
[20/03/2009|01:09] C:\Program Files\InstallShield Installation Information
[13/12/2008|11:39] C:\Program Files\Internet Explorer
[07/12/2008|11:12] C:\Program Files\Java
[23/10/2008|19:18] C:\Program Files\JRE
[26/10/2008|22:42] C:\Program Files\LimeWire
[20/03/2009|15:15] C:\Program Files\Malwarebytes' Anti-Malware
[13/12/2008|11:41] C:\Program Files\Messenger
[06/02/2009|21:29] C:\Program Files\Messenger Plus! Live
[22/10/2008|20:27] C:\Program Files\microsoft frontpage
[23/10/2008|13:44] C:\Program Files\Microsoft Windows Vista Upgrade Advisor
[13/12/2008|11:39] C:\Program Files\Movie Maker
[20/03/2009|15:51] C:\Program Files\Mozilla Firefox
[22/10/2008|20:23] C:\Program Files\MSN
[22/10/2008|20:24] C:\Program Files\MSN Gaming Zone
[18/12/2008|22:51] C:\Program Files\MSXML 4.0
[23/10/2008|19:19] C:\Program Files\MSXML 6.0
[13/12/2008|11:37] C:\Program Files\NetMeeting
[22/10/2008|20:24] C:\Program Files\Online Services
[23/10/2008|19:18] C:\Program Files\OpenOffice.org 3
[13/12/2008|11:37] C:\Program Files\Outlook Express
[26/10/2008|11:08] C:\Program Files\Real
[06/02/2009|21:30] C:\Program Files\Real Itch Link
[23/10/2008|13:11] C:\Program Files\Realtek
[17/12/2008|11:46] C:\Program Files\Samsung
[22/10/2008|20:25] C:\Program Files\Services en ligne
[20/03/2009|10:36] C:\Program Files\Trend Micro
[22/10/2008|20:30] C:\Program Files\Uninstall Information
[23/10/2008|08:32] C:\Program Files\VideoLAN
[27/10/2008|22:45] C:\Program Files\VirginMega
[24/10/2008|18:38] C:\Program Files\Windows Live
[27/10/2008|22:40] C:\Program Files\Windows Media Connect 2
[13/12/2008|11:37] C:\Program Files\Windows Media Player
[13/12/2008|11:37] C:\Program Files\Windows NT
[22/10/2008|20:25] C:\Program Files\WindowsUpdate
[27/10/2008|17:46] C:\Program Files\WinRAR
[22/10/2008|20:27] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[24/10/2008|16:22] C:\Program Files\Fichiers communs\Adobe
[25/10/2008|22:34] C:\Program Files\Fichiers communs\Creative
[20/03/2009|01:09] C:\Program Files\Fichiers communs\InstallShield
[23/10/2008|19:17] C:\Program Files\Fichiers communs\Java
[24/10/2008|18:12] C:\Program Files\Fichiers communs\Microsoft Shared
[20/03/2009|15:49] C:\Program Files\Fichiers communs\mqir
[22/10/2008|20:25] C:\Program Files\Fichiers communs\MSSoap
[22/10/2008|23:16] C:\Program Files\Fichiers communs\ODBC
[26/10/2008|11:08] C:\Program Files\Fichiers communs\Real
[22/10/2008|20:25] C:\Program Files\Fichiers communs\Services
[22/10/2008|23:16] C:\Program Files\Fichiers communs\SpeechEngines
[13/12/2008|11:37] C:\Program Files\Fichiers communs\System
[24/10/2008|18:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[26/10/2008|11:08] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 31 Processes )

iexplore.exe ~ [PID:576]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\lolly\LOCALS~1\Temp\bis3B.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative
C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\enc 01.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\enc 01.exe
C:\DOCUME~1\lolly\APPLIC~1\realit~1
C:\DOCUME~1\lolly\APPLIC~1\realit~1\axvppwsh.exe
C:\DOCUME~1\lolly\APPLIC~1\realit~1\Else spam sixth.exe
C:\DOCUME~1\lolly\APPLIC~1\realit~1\test funk trans list.exe
C:\DOCUME~1\lolly\APPLIC~1\realit~1\VcWay.exe
C:\Program Files\realit~1
C:\DOCUME~1\lolly\LOCALS~1\Temp\msgpl_3720.tmp
C:\DOCUME~1\lolly\Cookies\lolly@advertising[1].txt
C:\WINDOWS\Tasks\ADDCA266911B5C16.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pure sect"="C:\\DOCUME~1\\lolly\\APPLIC~1\\REALIT~1\\VcWay.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Help Creative Meow City"="C:\\Documents and Settings\\All Users\\Application Data\\aim rect help creative\\enc 01.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 16:17:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 12

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:8626][D:217]-> C:\DOCUME~1\lolly\LOCALS~1\Temp
[F:119][D:0]-> C:\DOCUME~1\lolly\Cookies
[F:528][D:5]-> C:\DOCUME~1\lolly\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 20/03/2009|16:18 - Option : [1]

--------------------\\ Fin du rapport a 16:18:18
lollydeath
Nouveau
Nouveau
 
Messages: 7
Inscription: 20 Mar 2009, 08:44
Haut

Messagede Marie » 20 Mar 2009, 14:27

On passe à la désinfection de LOP:


:arrow: Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
    Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )


( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )



:arrow: Poste ensuite un nouveau rapport HijackThis.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagede lollydeath » 20 Mar 2009, 16:16

Mon PC a rebooté anormalement après la suppression, la fenêtre de rapport est apparue mais j'ai pas eu le temps de le récupérer. [:sad:]


le rapport avec hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:07, on 20/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [yuforojabi] Rundll32.exe "C:\WINDOWS\system32\mozulavo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5400 bytes
lollydeath
Nouveau
Nouveau
 
Messages: 7
Inscription: 20 Mar 2009, 08:44
Haut

Messagede Marie » 20 Mar 2009, 18:05

C'est pas grave pour le rapport.
L'infection LOP n'apparait plus dans le rapport HijackThis. Elle a donc bien été nettoyée par LOP S&D.


:arrow: Relance HijackThis (Do a system scan only) et coche les lignes suivantes:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [yuforojabi] Rundll32.exe "C:\WINDOWS\system32\mozulavo.dll",s (User 'SERVICE LOCAL')


Clique sur Fix Checked et confirme le message qui suit.



:arrow: Aucun antivirus n'est installé sur ta machine.
Tu peux installer Antivir qui est gratuit léger et efficace.

  • Si l'anglais ne te rebute pas, installe la toute dernière version Antivir V9.
    Elle est équipé d'un anti-spyware (contrairement à la V8)
  • Sinon installe Antivir V8 en français.
    Tu passeras à la V9 quand la version française sera disponible (fin avril 2009)




:arrow: Redémarre le PC <-- important
Poste un nouveau rapport HijackThis et dis moi si ton PC fonctionne correctement maintenant.



:arrow: Fais un scan antivirus en ligne chez Kaspersky. A la fin du scan, sauvegarde le rapport et poste le dans ta prochaine réponse.
Si besoin, consulte ce tuto pour lancer le scan.

:att: Désactive ton antivirus le temps de l'installation des contrôles ActiveX de Kaspersky.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagede lollydeath » 21 Mar 2009, 06:02

rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:57:52, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5683 bytes





Pb avec Kaspersky Java et Javascript activés, pourtant ::




* OS type: ...
* Web browser: ...
* Java vendor: ...
* Java version: ...
* Java architecture: ...
* Java enabled: false



Please enable Java and JavaScript in your Web browser.


Avira 9 installé et désactivé lors du lancement de Kaspery online scanner
lollydeath
Nouveau
Nouveau
 
Messages: 7
Inscription: 20 Mar 2009, 08:44
Haut

Messagede Marie » 21 Mar 2009, 10:23

Bonjour :sourire:

Remplace le scan Kaspersky par un scan Antivir et poste le rapport dans ta prochaine réponse.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagede Marie » 23 Mar 2009, 08:53

Bonjour lollydeath :sourire:


Où en es tu?
Peux tu nous confirmer que Malware Defender est bien parti?
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagede lollydeath » 23 Mar 2009, 16:14

Bonsoir ^^

Malware Defender semble être parti ^^
J'ai encore eu quelques redémarrages inopinés.



Rapport Avira



Avira AntiVir Personal
Report file date: lundi 23 mars 2009 17:46

Scanning for 1310879 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LOLLY-2EA75CBBC

Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 11/03/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 09:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 07:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 08:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 09:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 17:33:26
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 08:25:09
ANTIVIR3.VDF : 7.1.2.198 271872 Bytes 21/03/2009 08:25:14
Engineversion : 8.2.0.120
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 14:36:42
AESCRIPT.DLL : 8.1.1.67 364923 Bytes 22/03/2009 08:25:32
AESCN.DLL : 8.1.1.8 127346 Bytes 22/03/2009 08:25:29
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 15:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 04/03/2009 10:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 17:01:56
AEHEUR.DLL : 8.1.0.107 1663352 Bytes 22/03/2009 08:25:28
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 17:01:56
AEGEN.DLL : 8.1.1.30 336245 Bytes 22/03/2009 08:25:16
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 11:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 11:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 11:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 05:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 07:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 11:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 07:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 04:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 07:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 12:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 05:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 07:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 08:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 12:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: lundi 23 mars 2009 17:46

Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting search for hidden objects.
'43422' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'AdobeUpdater.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'RealOneMessageCenter.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'QuickDCF2.exe' - '1' Module(s) have been scanned
Scan process 'CTSyncU.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '55' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\lolly\Mes documents\Downloads\Mozilla\mspass.zip
[0] Archive type: ZIP
--> mspass.exe
[DETECTION] Is the TR/Drop.Ag.283039.A Trojan
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\enc 01.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\axvppwsh.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\Else spam sixth.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\test funk trans list.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\VcWay.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\LOCALS~1\Temp\bis3B.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A90000000001}\Data1.cab
[0] Archive type: CAB (Microsoft)
--> helpmap.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Circle Developeent\Uninstall.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Program Files\Fichiers communs\mqir\mqird\vocabulary
[DETECTION] Is the TR/Dldr.TSUpdate.J Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0029717.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0029724.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0029752.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0030752.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030756.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030761.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030800.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030807.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0030809.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0030814.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0030820.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0031820.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0031823.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0031828.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0031834.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0032834.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP114\A0032846.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP114\A0032852.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0032976.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0032986.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0032996.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0033005.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP116\A0033013.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP116\A0033018.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP117\A0033022.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP117\A0033027.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP118\A0033031.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP118\A0033036.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP119\A0033048.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP119\A0033053.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0034053.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0034062.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0035062.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0036062.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0036067.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP121\A0036071.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP121\A0036076.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP121\A0036082.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP122\A0036091.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP122\A0036096.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0037096.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038096.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038101.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038106.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038115.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP124\A0038118.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038128.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038137.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038143.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038152.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038158.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP126\A0039158.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP126\A0040158.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP126\A0040171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0041171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0042171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0043171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0043178.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP128\A0043180.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP128\A0043185.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP128\A0044185.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP129\A0044212.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP129\A0044217.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP130\A0044219.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP130\A0044224.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP130\A0044232.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0045232.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0045238.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0045250.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0046250.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP132\A0046255.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP132\A0046260.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP133\A0047260.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP133\A0047265.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP133\A0047271.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047278.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047283.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047297.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047302.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP135\A0047305.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP135\A0047310.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP135\A0048310.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP136\A0048312.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP136\A0048317.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP136\A0049317.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049326.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049331.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049337.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049378.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0050375.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0050379.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0051378.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051385.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051394.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051401.exe
[DETECTION] Is the TR/Dldr.Agent.aldb Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051421.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051436.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0052434.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0052438.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0053436.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0053450.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053472.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053567.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053570.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053571.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053572.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053573.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053574.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053575.exe
[DETECTION] Is the TR/Drop.Frauddro.AD Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053576.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053577.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053578.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053579.exe
[DETECTION] Is the TR/Drop.TSUpdat.A.2 Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053580.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053581.dll
[DETECTION] Contains recognition pattern of the ADSPY/Maxim adware or spyware
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053582.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053583.exe
[DETECTION] Is the TR/Killav.28714 Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053584.dll
[DETECTION] Is the TR/Killav.28714 Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053585.dll
[DETECTION] Is the TR/Killav.28714 Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053586.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053587.dll
[DETECTION] Is the TR/Killav.28714 Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053588.dll
[DETECTION] Is the TR/Killav.28714 Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053589.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053590.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053592.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053593.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053595.exe
[DETECTION] Is the TR/Dldr.VB.XA Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053600.exe
[DETECTION] Is the TR/Dldr.VB.XA Trojan
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053601.exe
[DETECTION] Is the TR/Fake.MalDef Trojan
C:\WINDOWS\Driver Cache\i386\driver.cab
[0] Archive type: CAB (Microsoft)
--> cn_500j1.ppd
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\pchealth\helpctr\PackageStore\instance_Personal_32_1036.cab
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\WINDOWS\pchealth\helpctr\PackageStore\instance_Personal_32_1036.cab
Error description:ACCESS_VIOLATION
EAX = 06140020 EBX = 00000001
ECX = 00003E41 EDX = 00000000
ESI = 0248CCCC EDI = 0614dfa0
EIP = 013D9C64 EBP = 018E69F8
ESP = 018E69F4 Flg = 00010206
CS = 00000023 SS = 0000001B

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\install.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a3aa765.qua'!
C:\Documents and Settings\lolly\Mes documents\Downloads\Mozilla\mspass.zip
[NOTE] The file was moved to '4a37a76a.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\aim rect help creative\enc 01.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a2aa765.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\axvppwsh.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a3da76f.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\Else spam sixth.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a3aa763.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\test funk trans list.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a3aa75c.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\APPLIC~1\REALIT~1\VcWay.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a1ea75a.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\lolly\LOCALS~1\Temp\bis3B.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a3aa760.qua'!
C:\Program Files\Circle Developeent\Uninstall.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a30a765.qua'!
C:\Program Files\Fichiers communs\mqir\mqird\vocabulary
[DETECTION] Is the TR/Dldr.TSUpdate.J Trojan
[NOTE] The file was moved to '4a2aa766.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0029717.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a727.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0029724.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a868b70.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0029752.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4888a410.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP110\A0030752.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f6d8248.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030756.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f8ad390.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030761.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48738d08.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030800.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a8783b8.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP111\A0030807.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a859308.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0030809.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a849cc0.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0030814.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a83e498.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0030820.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a82ec50.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP112\A0031820.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a81f468.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0031823.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a80fc20.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0031828.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a8fc5f8.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0031834.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a8ecdb0.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP113\A0032834.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a728.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP114\A0032846.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a8cdd01.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP114\A0032852.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a8b26d9.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0032976.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a8a2e91.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0032986.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a8936a9.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0032996.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a883e61.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP115\A0033005.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a770639.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP116\A0033013.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a760ff1.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP116\A0033018.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a751789.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP117\A0033022.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a741f41.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP117\A0033027.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a736719.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP118\A0033031.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a7260d1.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP118\A0033036.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a729.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP119\A0033048.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a7070a2.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP119\A0033053.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a7f787a.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0034053.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a7e4032.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0034062.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a7d49ca.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0035062.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a7c5182.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0036062.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a7b595a.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP120\A0036067.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a72a.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP121\A0036071.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a78a92b.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP121\A0036076.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a67b2e3.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP121\A0036082.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a66babb.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP122\A0036091.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a658273.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP122\A0036096.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a648a0b.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0037096.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a6393c3.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038096.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a72b.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038101.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a61e354.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038106.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a60eb6c.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP123\A0038115.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a6ff324.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP124\A0038118.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a6efcfc.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038128.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a6dc4b4.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038137.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a72c.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038143.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a6bd405.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038152.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a6adddd.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP125\A0038158.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a692595.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP126\A0039158.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a682dad.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP126\A0040158.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a72d.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP126\A0040171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a563d3e.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0041171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a5506f6.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0042171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a540e8e.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0043171.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a531646.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP127\A0043178.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a521e1e.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP128\A0043180.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a5167d6.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP128\A0043185.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a72e.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP128\A0044185.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a5f77a7.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP129\A0044212.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a5e7f7f.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP129\A0044217.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4a5d4737.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP130\A0044219.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fbbbab7.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP130\A0044224.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fba824f.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP130\A0044232.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fb98a07.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0045232.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fb893df.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0045238.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a72f.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0045250.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa6e3b0.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP131\A0046250.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa5eb78.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP132\A0046255.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa4f320.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP132\A0046260.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa3fce8.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP133\A0047260.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa2c490.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP133\A0047265.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a730.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP133\A0047271.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa0d401.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047278.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fafddc9.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047283.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fae25f1.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047297.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fad2db9.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP134\A0047302.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fac3561.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP135\A0047305.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fab3d29.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP135\A0047310.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a731.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP135\A0048310.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa90e9a.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP136\A0048312.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4fa81642.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP136\A0048317.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f971e0a.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP136\A0049317.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f966632.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049326.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f956ffa.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049331.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f9477a2.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049337.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49f7a732.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0049378.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f924713.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0050375.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4f9140db.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0050379.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f904883.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP137\A0051378.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f9f504b.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051385.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f9e5873.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051394.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f9ca03b.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051401.exe
[DETECTION] Is the TR/Dldr.Agent.aldb Trojan
[NOTE] The file was moved to '4f9ba9e3.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051421.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f9ab1ab.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0051436.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f998613.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0052434.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49f7a733.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0052438.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f879654.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0053436.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f869e1c.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP138\A0053450.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f85e7c4.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053472.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4f84ef8c.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053567.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f83f7b4.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053570.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f82ff7c.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053571.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f81c724.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053572.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49f7a734.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053573.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f8fc895.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053574.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f8dc39d.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053575.exe
[DETECTION] Is the TR/Drop.Frauddro.AD Trojan
[NOTE] The file was moved to '4f88638d.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053576.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49f7a736.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053577.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4f76737f.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053578.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f757b27.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053579.exe
[DETECTION] Is the TR/Drop.TSUpdat.A.2 Trojan
[NOTE] The file was moved to '4f7444ef.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053580.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '4f734c97.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053581.dll
[DETECTION] Contains recognition pattern of the ADSPY/Maxim adware or spyware
[NOTE] The file was moved to '4f72545f.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053582.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f715c07.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053583.exe
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '4f7fa5cf.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053584.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '49f7a737.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053585.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '4f7db5b0.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053586.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f78c3a0.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053587.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '4f67ca28.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053588.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was moved to '4f66d3e0.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053589.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f65db98.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053590.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f6f8970.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053592.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4f6c8a10.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053593.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49f7a738.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053595.exe
[DETECTION] Is the TR/Dldr.VB.XA Trojan
[NOTE] The file was moved to '4f6a9b81.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053600.exe
[DETECTION] Is the TR/Dldr.VB.XA Trojan
[NOTE] The file was moved to '4f69e3b9.qua'!
C:\System Volume Information\_restore{03C3FDF4-B10A-4684-A5DC-3B39F16CBF81}\RP143\A0053601.exe
[DETECTION] Is the TR/Fake.MalDef Trojan
[NOTE] The file was moved to '4f68eb71.qua'!


End of the scan: lundi 23 mars 2009 18:13
Used time: 25:23 Minute(s)

The scan has been done completely.

4338 Scanned directories
257883 Files were scanned
139 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
139 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
257743 Files not concerned
1731 Archives were scanned
6 Warnings
140 Notes
43422 Objects were scanned with rootkit scan
0 Hidden objects were found
lollydeath
Nouveau
Nouveau
 
Messages: 7
Inscription: 20 Mar 2009, 08:44
Haut

Messagede Marie » 23 Mar 2009, 22:08

Antivir a fait la voiture balai et a supprimé ce qu'il restait. :ok:


J'ai encore eu quelques redémarrages inopinés.


Avant le redémarrage intempestif est ce que tu aperçois un écran bleu furtif que tu n'as pas le temps de lire?

Si c'est le cas, fais ceci:

  • Démarrer/Panneau de Configuration/Système, sélectionne l'onglet Avancé.
  • Sous la rubrique Démarrage et récupération clique sur Paramètres.
  • Dans la nouvelle fenêtre qui s'ouvre, sous Défaillance du système, décoche la case Démarrer automatiquement.


Cette manip ne réparera pas. Elle empêchera simplement le PC de redémarrer lorsque la panne surviendra. Tu pourras alors lire tranquillement l'écran bleu et relever les informations qui pourront aider à réparer.

Tu dois relever dans l'écran bleu le code erreur (de la forme 0xYYYYYYYY) et le libellé de l'erreur.
Et si le nom d'un fichier est mentionné (genre xxxxx.sys) note le également.

Poste tout cela dans ta prochaine réponse dès que l'écran bleu se sera manifesté.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagede lollydeath » 24 Mar 2009, 16:21

D'accord ^^ je ferai tout ça !

Je n'ai pas vraiment relevé l'apparition d'un écran bleu furtif mais je n'ai peut-être pas été très attentive.
Dès que qu'il se manifestera je n'hésiterai pas bien qu'en ce moment je puisse pas passer beaucoup de temps sur mon PC ^^

Merci beaucoup! :sourire:
lollydeath
Nouveau
Nouveau
 
Messages: 7
Inscription: 20 Mar 2009, 08:44
Haut

Messagede Marie » 24 Mar 2009, 17:40

Bonjour :sourire:


En attendant que tu t'occupes de l'écran bleu (si écran bleu il y a), termine la désinfection de la façon suivante:

:arrow: Désinstalle hijackThis et Lop S&D par Ajout/Suppression de programmes.
Tu peux garder Malwarebytes si tu le désires.





:arrow: Vide les points de restauration système qui sont inévitablement infectés.
Ceci t'évitera de remonter un point de sauvegarde infecté si un jour tu veux lancer une restauration système.

Pour cela
  • Dans Panneau de configuration/Système/onglet Restauration du système, coche Désactiver la restauration du système sur tous les lecteurs puis clique sur OK.
  • Tout de suite après, décoche la case Désactiver ... puis clique sur OK de façon à remettre la restauration système en fonction.





:arrow: Enfin, ce serait cool que tu déclares ton infection sur Malware Complaints. Qu'est ce que Malware Complaints
Pour faire entendre notre voix, nous devons être le plus nombreux possible à témoigner.

  • Voir les règles de Malware-Complaints : http://www.malwarecomplaints.info/phpBB3/viewtopic.php?t=5
  • Enregistre toi sur le forum à partir du bouton register en haut :
  • Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, etc..) :
    Exemple pour la France: http://www.malwarecomplaints.info/phpBB3/viewforum.php?f=10

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, crée un message dans le sujet "Autres infections" conforme aux règles du forum (age, ville, département etc..) (Dans ton cas, il s'agit d'une infection Malware Defender 2009)
  • Pour poster un message, clique sur le bouton "post reply" et saisis les informations.
    NE PAS CREER UN NOUVEAU SUJET avec le bouton New Topic.

    NB: Si tu as de la difficulté pour l'inscription sur Malware Complaints, tout est expliqué ICI



Pour sécuriser au maximum ton PC:





:arrow: Installe Internet Explorer 7. Non seulement il est plus sympa à utiliser qu'IE6 mais en plus, il est plus sécurisé.

Télécharger IE7.


:att: Il est dangereux pour ton PC de continuer à utiliser IE6: il est bourré de failles de sécurités qui ne seront jamais patchées et il met tes données en danger.



:arrow: Vérifie que ta machine Java est bien à jour sur cette page (Une machine Java non à jour est source d'infections).

Si elle ne l'est pas

  • Désinstalle toutes les anciennes versions par Ajout/Suppression de programmes.
    Les lignes ressemblent à Java(TM) X Update Y.
  • Puis installe la nouvelle version à partir du site Java.com.
    Lorsque le téléchargement est terminé, ferme toutes les fenêtres de ton navigateur avant de lancer l'installation.
    Durant l'installation prends garde de bien décocher les cases te proposant d'installer Ask Toolbar ou Yahoo Toolbar ou Google Toolbar.

    Image









:arrow: Ta version d'Acrobat Reader est obsolète. Là encore, c'est un risque d'infection.
Télécharge dernière version et installe la.




:arrow: Une dernière chose mais qui a beaucoup d'importance:
Les logiciels de sécurité (antivirus, anti-troyens ...), même les meilleurs, ne sont pas efficaces à 100% contre les menaces actuelles. Pour protéger efficacement ton PC il faut que tu connaisses les pièges tendus sur le net et que tu apprennes à les éviter. Pour cela, je t'invite à lire ce document de la Lutte Antimalwares. (Au format PDF)
Il est très complet alors prends ton temps pour le lire et fais le circuler autour de toi.



:hello:


NB: Si le PC continue à redémarrer intempestivement, fais la manip indiquée plus haut puis poste un nouveau sujet dans le forum Windows XP. :wink:
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21397
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut
Répondre

Retourner vers Aide pour supprimer les virus

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Spider tracking tool for webmaster - SEO script - Outil de suivi des robots pour webmaster
Traduction par: phpBB-fr.com
phpBB SEO