Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Programmes importants impossibles à ouvrir

J.M

Par J.M
dans Analyses et éradication malwares

 Partager

Messages recommandés

J.M Junior Member

J.M

Posté(e)
Posté(e)

Bonjour !

 

La machine de ma grand-mère est squattée par l'ensemble des petits-enfants de la famille et donc les téléchargements et fichiers douteux s'accumulent depuis maintenant pas mal de temps. Voyant cela et ayant lu les messages des défenseurs d'Antivir, je l'ai téléchargé et installé.

Récemment j'ai voulu ouvrir l'éditeur de registre et n'ai obtenu que la disparition de la barre des tâches ainsi que celle des icônes du bureau (tout est réapparu quelques secondes plus tard, la petite bulle me rappelant à chaque démarrage que des fichiers sont en attente de gravure également) j'ai donc pensé qu'explorer.exe avait démarré. J'ai aussi voulu exécuter l'invité de commandes et ai obtenu la même réaction... J'ai redémarré, même problème. J'ai finalement ouvert Avira et découvert qu'aucun scan système n'avait été effectué, j'en ai fait un et découvert une bonne 100aine de fichiers infectés avec lesquels je n'ai rien pu faire (mis à part cliquer sur "repair all" qui n'a pas changé grand chose). J'ai en revanche à ma disposition le log HijackThis.

 

Merci beaucoup =)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:53:32, on 06/07/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Mgobab.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\DOCUME~1\user\LOCALS~1\Temp\Mnr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\user\Mes documents\Téléchargements\hijackthis-2.0.4.75917.exe

C:\DOCUME~1\user\LOCALS~1\Temp\hijackthis-2.0.4.75917.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\user\LOCALS~1\Temp\herss.exe

O4 - HKCU\..\Run: [nod32] C:\DOCUME~1\user\LOCALS~1\Temp\nodqq.exe

O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\user\LOCALS~1\Temp\dsoqq.exe

O4 - HKCU\..\Run: [EWABQAF7KL] C:\DOCUME~1\user\LOCALS~1\Temp\Mnr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: TrayMin210.exe.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{F84E7FEF-94F6-4CDC-9091-06828A2214DF}: NameServer = 212.217.0.1,212.217.0.12

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 7503 bytes

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Salut et bienvenue sur le forum ;)

 

Quelques liens pour t'aider à commencer :

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement ;)

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton Ajouter une réponse

 

*********

 

Le pc est effectivement infecté!

 

1°) Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
    20091211135631.png
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

2°) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Poste les 3 rapports stp.

J.M Junior Member

J.M

Posté(e)
  • Auteur
Posté(e)

Merci de la réponse rapide !

Je me dois quand même de signaler que pendant la détection de Malwarebytes' Antivir s'est réveillé et a signalé pas mal de virus en même temps que MBAM les découvrait, j'ai choisi l'option "Deny Access" à chaque fois - mais Antivir en a quand même laissé passer pas mal.

Euh sinon, les 500 et quelques fichiers infectés m'inquiètent... C'est très très grave docteur ? :-?

 

Le rapport de Malwarebytes' :

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4287

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

07/07/2010 11:54:24

mbam-log-2010-07-07 (11-54-24).txt

 

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|J:\|)

Elément(s) analysé(s): 296467

Temps écoulé: 1 heure(s), 35 minute(s), 37 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 2

Clé(s) du Registre infectée(s): 8

Valeur(s) du Registre infectée(s): 5

Elément(s) de données du Registre infecté(s): 6

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 524

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> Delete on reboot.

c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\UBC5AB1IDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nod32 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bb4c402f-882a-4526-8c08-51278ea437c1} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewabqaf7kl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dso32 (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\jlhxqo.lmd) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\tsdyyd.arr) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\jlhxqo.lmd (Trojan.JSRedir.H) -> Quarantined and deleted successfully.

C:\WINDOWS\tsdyyd.arr (Trojan.JSRedir.H) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\nodqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\e8main1.dll (Spyware.OnlineGames) -> Delete on reboot.

C:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\33r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\3c.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\62.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\9fo3ar0j.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\iuvvl9f3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\k1d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\k8jc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\kmj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\lcw.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\mbdm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\mbvd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\mranjm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\sywyrl0q.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\rfg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\rx.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\s1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\awb3ryk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\b.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\bu8.exe (Worm.Tarterf) -> Quarantined and deleted successfully.

C:\c2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\ca.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\cj3k.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\cs6phv6d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\p9dwwa61.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\ph.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\pkkwng.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\q0wfr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\q3kku.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\qcod.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\qhbfqx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\t8s2x.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\tgt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\u0riu2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\utcddeq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\vgyn6ewc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\wa.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\wbj.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\wfx062.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\wu1n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\y.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\ysep1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\yudald.bat (Trojan.GameThief) -> Quarantined and deleted successfully.

C:\e9naq.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.

C:\ej10fkdo.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\eyruu.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\fbak.exe (Trojan.Onlinegames) -> Quarantined and deleted successfully.

C:\fk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\hc3hvi0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\hkn6k.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\hm1bfpuj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\imghyva6.exe (Trojan.PWS) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063736.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063777.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063795.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063836.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063851.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063762.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063906.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063863.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063889.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063890.bat (Worm.Magania) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063891.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063894.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063895.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063896.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063897.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063898.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063899.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063900.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063901.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063902.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063905.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063907.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063909.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063910.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063911.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063912.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063913.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063914.bat (Worm.Magania) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063915.exe (Worm.Magania) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063916.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063918.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063919.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063920.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063923.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064093.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-861567501-725345543-934404090-1005\Dc141.exe (Virtool.Obfuscated) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\Mnp.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\Mns.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\nodqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\nodqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Mes documents\Téléchargements\Worms.3D.Crack.45222.exe (Virtool.Obfuscated) -> Quarantined and deleted successfully.

C:\Program Files\MioNet\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\olhrwef.exe (Trojan.GameThief) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\33r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\fk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\hc3hvi0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\hkn6k.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\hm1bfpuj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\imghyva6.exe (Trojan.PWS) -> Quarantined and deleted successfully.

D:\iuvvl9f3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\k1d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\k8jc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\kmj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\lcw.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

D:\mbdm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\q3kku.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\qcod.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\qhbfqx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\rfg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\rx.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\s1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\sywyrl0q.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\t8s2x.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\62.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\9fo3ar0j.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\awb3ryk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\b.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\bu8.exe (Worm.Tarterf) -> Quarantined and deleted successfully.

D:\c2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.

D:\ca.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

D:\cj3k.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\cs6phv6d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\e9naq.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.

D:\ej10fkdo.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\eyruu.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\mranjm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\p9dwwa61.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\ph.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\pkkwng.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

D:\u0riu2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\utcddeq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\vgyn6ewc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\wa.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\wbj.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\wfx062.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\wu1n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\y.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\ysep1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\yudald.bat (Trojan.GameThief) -> Quarantined and deleted successfully.

D:\3c.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\fbak.exe (Trojan.Onlinegames) -> Quarantined and deleted successfully.

D:\mbvd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\q0wfr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\tgt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063738.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063764.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063779.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063797.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063838.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063853.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063865.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063926.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063927.bat (Worm.Magania) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063928.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063931.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063932.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063933.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063934.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063935.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063936.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063937.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063938.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063939.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063942.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063943.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063944.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063946.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063947.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063948.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063949.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063950.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063951.bat (Worm.Magania) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063952.exe (Worm.Magania) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063953.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063955.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063956.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063957.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063960.com (Trojan.Agent) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064095.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\fbak.exe (Trojan.Onlinegames) -> Quarantined and deleted successfully.

E:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\fk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\hc3hvi0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\hkn6k.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\hm1bfpuj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\imghyva6.exe (Trojan.PWS) -> Quarantined and deleted successfully.

E:\iuvvl9f3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\k1d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\k8jc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\kmj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\lcw.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

E:\mbdm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\mbvd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\mranjm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\p9dwwa61.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\ph.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\pkkwng.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

E:\q0wfr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\q3kku.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\qcod.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\qhbfqx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\rfg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\rx.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\s1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\33r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\3c.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\62.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\9fo3ar0j.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\awb3ryk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\b.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\bu8.exe (Worm.Tarterf) -> Quarantined and deleted successfully.

E:\c2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.

E:\ca.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

E:\cj3k.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\cs6phv6d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\e9naq.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.

E:\ej10fkdo.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\eyruu.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\sywyrl0q.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\t8s2x.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\tgt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\u0riu2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\utcddeq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\vgyn6ewc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\wa.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\wbj.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\wfx062.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\wu1n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\y.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\ysep1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\yudald.bat (Trojan.GameThief) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063740.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063766.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063781.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063799.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063840.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063855.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063867.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063963.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063964.bat (Worm.Magania) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063965.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063968.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063969.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063970.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063971.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063972.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063973.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063974.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063975.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063976.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063979.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063980.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063981.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063983.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063984.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063985.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063986.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063987.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063988.bat (Worm.Magania) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063989.exe (Worm.Magania) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063990.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063992.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063993.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063994.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063997.com (Trojan.Agent) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064097.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\fbak.exe (Trojan.Onlinegames) -> Quarantined and deleted successfully.

F:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\33r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\3c.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\fk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\hc3hvi0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\hkn6k.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\hm1bfpuj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\imghyva6.exe (Trojan.PWS) -> Quarantined and deleted successfully.

F:\iuvvl9f3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\k1d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\k8jc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\kmj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\lcw.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

F:\mbdm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\mbvd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\mranjm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\p9dwwa61.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\ph.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\pkkwng.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

F:\q0wfr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\q3kku.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\qcod.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\qhbfqx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\rfg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\rx.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\s1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\62.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\9fo3ar0j.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\awb3ryk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\b.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\bu8.exe (Worm.Tarterf) -> Quarantined and deleted successfully.

F:\c2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.

F:\ca.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

F:\cj3k.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\cs6phv6d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\e9naq.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.

F:\ej10fkdo.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\eyruu.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\sywyrl0q.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\t8s2x.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\tgt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\u0riu2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\utcddeq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\vgyn6ewc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\wa.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\wbj.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\wfx062.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\wu1n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\y.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\ysep1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\yudald.bat (Trojan.GameThief) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063742.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063768.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063783.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063801.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063842.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063857.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063869.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064000.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064001.bat (Worm.Magania) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064002.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064005.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064006.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064007.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064008.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064009.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064010.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064011.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064012.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064013.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064016.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064017.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064018.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064020.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064021.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064022.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064023.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064024.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064025.bat (Worm.Magania) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064026.exe (Worm.Magania) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064027.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064029.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064030.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064031.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064034.com (Trojan.Agent) -> Quarantined and deleted successfully.

F:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064099.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\62.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\fbak.exe (Trojan.Onlinegames) -> Quarantined and deleted successfully.

G:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\33r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\3c.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\fk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\hc3hvi0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\hkn6k.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\hm1bfpuj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\imghyva6.exe (Trojan.PWS) -> Quarantined and deleted successfully.

G:\iuvvl9f3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\k1d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\k8jc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\kmj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\lcw.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

G:\mbdm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\mbvd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\mranjm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\p9dwwa61.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\ph.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\pkkwng.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

G:\q0wfr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\q3kku.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\qcod.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\qhbfqx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\rfg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\rx.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\s1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\9fo3ar0j.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\awb3ryk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\b.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\bu8.exe (Worm.Tarterf) -> Quarantined and deleted successfully.

G:\c2e.exe (Trojan.Agent) -> Quarantined and deleted successfully.

G:\ca.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

G:\cj3k.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\cs6phv6d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\e9naq.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.

G:\ej10fkdo.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\eyruu.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\sywyrl0q.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\t8s2x.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\tgt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\u0riu2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\utcddeq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\vgyn6ewc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\wa.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\wbj.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\wfx062.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\wu1n.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\y.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\ysep1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\yudald.bat (Trojan.GameThief) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063744.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063770.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063785.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063803.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063844.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP200\A0063859.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0063871.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064037.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064038.bat (Worm.Magania) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064039.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064042.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064043.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064044.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064045.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064046.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064047.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064048.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064049.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064050.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064054.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064055.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064056.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064058.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064059.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064060.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064061.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064062.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064063.bat (Worm.Magania) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064064.exe (Worm.Magania) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064065.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064067.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064068.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064069.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064072.com (Trojan.Agent) -> Quarantined and deleted successfully.

G:\System Volume Information\_restore{979F6DBB-C2E3-4888-8C10-D447EAD39D2B}\RP201\A0064101.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

J:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

J:\ncyrf.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

J:\p0ijj.bat (Worm.Magania) -> Quarantined and deleted successfully.

J:\Seagate\Soraya\Prog Files\Adobe CS4\_Keygen and Activation\Adobe CS4 Master Collection Keygen_1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

J:\System Volume Information\_restore{888AEEE3-DA9E-4742-8D6C-BD195C5024DB}\RP37\A0005452.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\vi8f.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\Mnr.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\3exi.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\09lf.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\yqq8eqil.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\cgaqyi.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\f662sjd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\22yj2fy1.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\8xcrbho6.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\9qqigqwf.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\olu392qj.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\p3vwxx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\p6xebrnt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\p9rs.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\qr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\r3fhr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\twhvna.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\e8main0.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Temp\dsoqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\dsoqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\gert0.dll (Trojan.Qhosts) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

 

log.txt :

Logfile of random's system information tool 1.07 (written by random/random)

Run by user at 2010-07-07 11:57:49

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 6 GB (16%) free of 40 GB

Total RAM: 511 MB (15% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:57:58, on 07/07/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\user\LOCALS~1\Temp\Mnr.exe

C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Mgobab.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\user\Mes documents\Téléchargements\RSIT.exe

C:\Program Files\trend micro\user.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: TrayMin210.exe.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{F84E7FEF-94F6-4CDC-9091-06828A2214DF}: NameServer = 212.217.0.1,212.217.0.12

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 7373 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2008-09-23 21755688]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

C:\WINDOWS\VM_STI.EXE [2004-06-09 40960]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]

C:\DOCUME~1\user\LOCALS~1\Temp\herss.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamsoft]

C:\WINDOWS\system32\kamsoft.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2009-02-25 36972]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

C:\Program Files\uTorrent\uTorrent.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

C:\PROGRA~1\WinZip\WZQKPICK.EXE [2006-11-21 389120]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

TrayMin210.exe.lnk - C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-11-23 47104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

shell\AutoRun\command - C:\p0ijj.bat

shell\open\command - C:\p0ijj.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - D:\p0ijj.bat

shell\open\command - D:\p0ijj.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

shell\AutoRun\command - E:\p0ijj.bat

shell\open\command - E:\p0ijj.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

shell\AutoRun\command - F:\p0ijj.bat

shell\open\command - F:\p0ijj.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

shell\AutoRun\command - G:\p0ijj.bat

shell\open\command - G:\p0ijj.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

shell\AutoRun\command - H:\.\SETUP.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{099bbbc6-617a-11de-85b0-00148568e694}]

shell\AutoRun\command - I:\ml.com

shell\open\command - I:\ml.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d17e8e3-9999-11de-85fb-00148568e694}]

shell\AutoRun\command - J:\_cache.tmp/gam3.exe

shell\eXpLorE\command - J:\_cache.tmp/gam3.exe

shell\oPen\command - J:\_cache.tmp/gam3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{586633f7-7b83-11de-85d6-00148568e694}]

shell\AutoRun\command - ncyrf.bat

shell\explore\command - ncyrf.bat

shell\open\command - ncyrf.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcf999c6-6a67-11de-85be-00148568e694}]

shell\AutoRun\command - I:\ncyrf.bat

shell\explore\command - I:\ncyrf.bat

shell\open\command - I:\ncyrf.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bddb5a17-1fc8-11df-868c-00148568e694}]

shell\AutoRun\command - I:\k1d.exe

shell\open\command - I:\k1d.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2d7720b-25f2-11de-858f-00148568e694}]

shell\AutoRun\command - I:\ncyrf.bat

shell\explore\command - I:\ncyrf.bat

shell\open\command - I:\ncyrf.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4e44718-f93b-11de-8665-00148568e694}]

shell\AutoRun\command - I:\3exi.exe

shell\open\command - I:\3exi.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5841f2c-76f2-11de-85ce-00148568e694}]

shell\AutoRun\command - J:\x3xh.exe

shell\open\command - J:\x3xh.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6baeaf4-7da2-11de-85db-00148568e694}]

shell\AutoRun\command - I:\rx.exe

shell\open\command - I:\rx.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-07-07 11:57:51 ----D---- C:\Program Files\trend micro

2010-07-07 11:57:49 ----D---- C:\rsit

2010-07-07 09:59:55 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes

2010-07-07 09:59:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-07-07 09:59:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-07-07 09:52:14 ----RSH---- C:\x3xh.exe

2010-07-05 15:12:48 ----D---- C:\Worms 4 - Mayhem

2010-07-05 15:05:03 ----D---- C:\Program Files\PowerISO

2010-07-05 09:42:28 ----A---- C:\WINDOWS\Mgobab.exe

2010-07-04 19:12:04 ----D---- C:\Program Files\Worms 3d Portable

2010-07-04 15:55:45 ----A---- C:\WINDOWS\Mgobaa.exe

2010-07-04 15:54:51 ----N---- C:\WINDOWS\system32\sshnas21.dll

2010-07-04 15:47:34 ----D---- C:\Program Files\Worms 3D

2010-07-04 12:53:40 ----D---- C:\juegos de AaLaNd ©

2010-07-04 11:16:04 ----RSH---- C:\g6jk.exe

2010-06-25 18:15:01 ----D---- C:\Program Files\Bodom-Child - RaBBi

2010-06-12 08:16:03 ----RSH---- C:\2ul.exe

 

======List of files/folders modified in the last 1 months======

 

2010-07-07 11:57:51 ----RD---- C:\Program Files

2010-07-07 11:57:47 ----D---- C:\WINDOWS\Prefetch

2010-07-07 11:54:24 ----SD---- C:\WINDOWS\Tasks

2010-07-07 11:54:24 ----D---- C:\WINDOWS\system32

2010-07-07 11:54:24 ----D---- C:\WINDOWS

2010-07-07 11:51:14 ----D---- C:\Documents and Settings\user\Application Data\Skype

2010-07-07 10:02:01 ----D---- C:\WINDOWS\Temp

2010-07-07 09:59:46 ----D---- C:\WINDOWS\system32\drivers

2010-07-07 09:51:27 ----D---- C:\WINDOWS\system32\CatRoot2

2010-07-07 08:57:21 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-07-07 08:21:12 ----D---- C:\Documents and Settings\user\Application Data\skypePM

2010-07-06 21:21:44 ----A---- C:\WINDOWS\setuplog.txt

2010-07-06 16:41:38 ----D---- C:\Program Files\Fichiers communs\Adobe

2010-07-05 15:46:03 ----A---- C:\WINDOWS\IE4 Error Log.txt

2010-07-04 13:50:19 ----D---- C:\WINDOWS\system32\Restore

2010-07-04 13:40:04 ----D---- C:\Documents and Settings\user\Application Data\dvdcss

2010-07-04 11:35:49 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft

2010-07-03 20:48:38 ----D---- C:\Program Files\Mozilla Firefox

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 40320]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-23 1410560]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]

R3 ZSMC301b;Philips SPC210NC Webcam; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-02-26 91527]

S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\gPotato.eu\Street Gears\GameGuard\dump_wmimmc.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-23 393216]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-16 135664]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-24 655624]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

 

-----------------EOF-----------------

 

info.txt :

 

info.txt logfile of random's system information tool 1.06 2010-07-07 11:58:02

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

1.0-->"C:\Program Files\gPotato.eu\Street Gears\unins000.exe"

Adiboud'chou à la mer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B790DB3-046E-420B-B5E4-9EAFEC1DBD58}\setup.exe" -l0x40c -removeonly

Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}

Adobe After Effects CS4-->C:\Program Files\Fichiers communs\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1

Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}

Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}

Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}

Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}

Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}

Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}

Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}

Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}

Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}

Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}

Adobe Reader 7.0.7 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70700000002}

Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}

Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}

Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}

AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CamStudio-->C:\Program Files\CamStudio\uninstall.exe

ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"

Correctif pour Windows XP (KB889527)-->"C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Correctif Windows XP - KB883529-->C:\WINDOWS\$NtUninstallKB883529$\spuninst\spuninst.exe

Correctif Windows XP - KB884575-->C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe

Correctif Windows XP - KB884883-->"C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe"

Correctif Windows XP - KB885523-->C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe

Correctif Windows XP - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe

Correctif Windows XP - KB885894-->C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe

Correctif Windows XP - KB886677-->C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe

Correctif Windows XP - KB886716-->"C:\WINDOWS\$NtUninstallKB886716$\spuninst\spuninst.exe"

Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

Correctif Windows XP - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe

Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Correctif Windows XP - KB888402-->C:\WINDOWS\$NtUninstallKB888402$\spuninst\spuninst.exe

Correctif Windows XP - KB889016-->C:\WINDOWS\$NtUninstallKB889016$\spuninst\spuninst.exe

Correctif Windows XP - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe

Correctif Windows XP - KB890831-->C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe

Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

CycoreFX HD 1.6.1 for After Effects-->C:\WINDOWS\unvise32.exe C:\WINDOWS\CycoreFX HD-1.6.1-for-After Effects-Uninstall.log

Dark brain-->C:\Program Files\Dark brain\Uninstal.exe

Erreurs creator-->C:\WINDOWS\st6unst.exe -n "i:\Seagate\Soraya\Logiciels\Dr. Windows\ST6UNST.LOG"

GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.99\Installer\setup.exe" --uninstall --system-level

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Intel® PRO Network Connections Drivers-->Prounstl.exe

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}

J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}

Philips SPC210NC Webcam -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38D95956-E92C-4473-904B-CD877EA04410}\setup.exe" -l0x40c

Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}

Phun beta 4.22-->"C:\Program Files\Phun\unins000.exe"

PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"

QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe"

RMXP version 1.0.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RMXP\unins000.exe"

RomStation-->C:\Program Files\RomStation\Uninstal.exe

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1

Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}

Translator Boomerang 1.06.01-->"I:\Seagate\Soraya\Logiciels\TranslatorBoomerang\unins000.exe"

VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}

VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

 

======Hosts File======

 

127.0.0.1 activate.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 activate.adobe.com

127.0.0.1 adobe.activate.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

 

======Security center information======

 

AV: AntiVir Desktop (outdated)

AV: Kaspersky Anti-Virus (disabled) (outdated)

 

======System event log======

 

Computer Name: TOURIA-7DD64EB4

Event Code: 7036

Message: Le service Service Google Update (gupdate) est entré dans l'état : arrêté.

 

Record Number: 789

Source Name: Service Control Manager

Time Written: 20100511153618.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 7036

Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

 

Record Number: 788

Source Name: Service Control Manager

Time Written: 20100511153557.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 7036

Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.

 

Record Number: 787

Source Name: Service Control Manager

Time Written: 20100511153555.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 7036

Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

 

Record Number: 786

Source Name: Service Control Manager

Time Written: 20100511153553.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

 

Record Number: 785

Source Name: Service Control Manager

Time Written: 20100511153553.000000+000

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: TOURIA-7DD64EB4

Event Code: 7

Message: Récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie réussie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 

Record Number: 2839

Source Name: crypt32

Time Written: 20100705150712.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 0

Message:

Record Number: 2838

Source Name: gupdate

Time Written: 20100705150709.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 0

Message:

Record Number: 2837

Source Name: iPod Service

Time Written: 20100705150707.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 2836

Source Name: SecurityCenter

Time Written: 20100705150704.000000+000

Event Type: Informations

User:

 

Computer Name: TOURIA-7DD64EB4

Event Code: 4096

Message: The AntiVir service has been started successfully!

 

Record Number: 2835

Source Name: Avira AntiVir

Time Written: 20100705150648.000000+000

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0403

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip

 

-----------------EOF-----------------

J.M Junior Member

J.M

Posté(e)
  • Auteur
Posté(e)

Ah et j'ai oublié de préciser : Firefox depuis un moment plantait assez intempestivement (affichant à chaque fois le rapport de plantage) et là il vient de me faire tout un cirque en s'ouvrant puis se refermant 3 secondes après. La version portable de Firefox que j'ai sur clé ainsi que IE 6 ne démarraient pas du tout.

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Re!

 

MBAM a fait du très bon boulot, mais il en reste! On va utiliser un programme spécial pour cela =>

 

1°) Désactivation d'Antivir le temps du scan:

 

Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Activer Antivir Guard

C'est nécessaire car Antivir risque de réagir et d'interférer avec l'outil lors de la suppression des fichiers infectés (comme ca a été le cas avec MBAM!)

 

2°) Utilisation de ComboFix:

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc): tous ceux que tu as connecté avant de faire le scan avec Malwarebytes' Anti-Malware

 

  • Fais un clic sur le bouton droit de ta souris ICI
  • Choisis Enregistrer la cible (du lien) sous > une fenêtre s'ouvre >>
  • Dans le champs à droite de "Nom du Fichier" en bas de page, modifie le nom présent (ComboFix.exe) et met ceci >> JM.exe
  • Enregistre-le fichier sur le Bureau: pour cela clique sur le bouton Enregistrer.
  • Assure toi que tous les programmes soient fermés avant de lancer le fix!
  • Fait un double clique sur JM.exe.
  • Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  • Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t'aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.
  • Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela t'est demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

 

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

RcAuto1.gif

 

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu dois voir le message suivant:

whatnext.png

  • Tape sur la touche Y (Yes) pour poursuivre avec la recherche de nuisibles.
  • Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  • Si le rapport est trop long, poste le en deux fois.
  • Si tu ne vois pas le rapport, tu le trouveras ici > C:\ComboFix.txt

Euh sinon, les 500 et quelques fichiers infectés m'inquiètent... C'est très très grave docteur ?

Ne t'inquiète pas: ce n'est pas la pire des infection ;)

Ah et j'ai oublié de préciser : Firefox depuis un moment plantait assez intempestivement (affichant à chaque fois le rapport de plantage) et là il vient de me faire tout un cirque en s'ouvrant puis se refermant 3 secondes après. La version portable de Firefox que j'ai sur clé ainsi que IE 6 ne démarraient pas du tout.

Attention aux recommendations suivantes car elles sont importantes:

 

- n'utilise les supports amovible que tu possèdes sur aucun autre pc. Je veux parler des clés USB/disques dur amovible etc... car il y a encore des traces d'infections. Tu pourrais facilement infecter d'autres pc si tu les utilise tant qu'ils ne sont pas clean.

 

- n'utilise pas IE6! c'est un navigateur très mal sécurisé et qui véhicule facilement les infections. Il y a des mises à jour à faire sur ce pc sinon il risque d'être vite réinfecté. Ne les fait pas pour le moment surtout car il y a des risques de plantage!

J.M Junior Member

J.M

Posté(e)
  • Auteur
Posté(e)

Voilà :)

ComboFix 10-07-06.05 - user 07/07/2010 21:26:25.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.106 [GMT 0:00]

Lancé depuis: c:\documents and settings\user\Bureau\JM.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\2ul.exe

C:\Autorun.inf

C:\df.exe

C:\f2kmj.exe

C:\mh.exe

C:\RBJ9JN1N.BAT

c:\windows\Mgobaa.exe

c:\windows\Mgobab.exe

c:\windows\system32\drivers\ndisrd.sys

c:\windows\system32\ndisapi.dll

c:\windows\system32\setup2.exe

c:\windows\TSDYYD~1.ARR

C:\ws.exe

D:\09lf.exe

D:\22yj2fy1.exe

D:\2ul.exe

D:\3exi.exe

D:\8xcrbho6.exe

D:\9qqigqwf.exe

D:\autorun.inf

D:\cgaqyi.exe

D:\df.exe

D:\f2kmj.exe

D:\f662sjd.exe

D:\mh.exe

D:\olu392qj.exe

D:\p3vwxx.exe

D:\p6xebrnt.exe

D:\r3fhr.exe

D:\rbj9jn1n.bat

D:\twhvna.exe

D:\ws.exe

D:\yqq8eqil.exe

E:\09lf.exe

E:\22yj2fy1.exe

E:\2ul.exe

E:\3exi.exe

E:\8xcrbho6.exe

E:\9qqigqwf.exe

E:\autorun.inf

E:\cgaqyi.exe

E:\df.exe

E:\f2kmj.exe

E:\f662sjd.exe

E:\mh.exe

E:\olu392qj.exe

E:\p3vwxx.exe

E:\p6xebrnt.exe

E:\r3fhr.exe

E:\rbj9jn1n.bat

E:\twhvna.exe

E:\ws.exe

E:\yqq8eqil.exe

F:\09lf.exe

F:\22yj2fy1.exe

F:\2ul.exe

F:\3exi.exe

F:\8xcrbho6.exe

F:\9qqigqwf.exe

F:\autorun.inf

F:\cgaqyi.exe

F:\df.exe

F:\f2kmj.exe

F:\f662sjd.exe

F:\mh.exe

F:\olu392qj.exe

F:\p3vwxx.exe

F:\p6xebrnt.exe

F:\r3fhr.exe

F:\rbj9jn1n.bat

F:\twhvna.exe

F:\ws.exe

F:\yqq8eqil.exe

G:\09lf.exe

G:\22yj2fy1.exe

G:\2ul.exe

G:\3exi.exe

G:\8xcrbho6.exe

G:\9qqigqwf.exe

G:\Autorun.inf

G:\cgaqyi.exe

G:\df.exe

G:\f2kmj.exe

G:\f662sjd.exe

G:\mh.exe

G:\olu392qj.exe

G:\p3vwxx.exe

G:\p6xebrnt.exe

G:\r3fhr.exe

G:\rbj9jn1n.bat

G:\twhvna.exe

G:\ws.exe

G:\yqq8eqil.exe

J:\autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NDISRD

-------\Legacy_SSHNAS

-------\Service_AVPsys

-------\Service_NDISRD

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-07 au 2010-07-07 ))))))))))))))))))))))))))))))))))))

.

 

2010-07-07 11:57 . 2010-07-07 11:57 -------- d-----w- c:\program files\trend micro

2010-07-07 11:57 . 2010-07-07 11:58 -------- d-----w- C:\rsit

2010-07-07 09:59 . 2010-07-07 09:59 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes

2010-07-07 09:59 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-07 09:59 . 2010-07-07 09:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-07 09:59 . 2010-07-07 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-07 09:59 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-07 09:52 . 2010-07-07 09:51 116736 --sh--r- C:\x3xh.exe

2010-07-06 22:18 . 2010-07-06 22:18 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2010-07-05 15:12 . 2010-07-05 15:12 -------- d-----w- C:\Worms 4 - Mayhem

2010-07-05 15:05 . 2010-07-05 15:05 -------- d-----w- c:\program files\PowerISO

2010-07-04 19:12 . 2010-07-04 19:14 -------- d-----w- c:\program files\Worms 3d Portable

2010-07-04 15:54 . 2010-07-04 15:54 209408 ----a-w- c:\windows\system32\sshnas21.VIR

2010-07-04 15:47 . 2010-07-04 19:13 -------- d-----w- c:\program files\Worms 3D

2010-07-04 12:53 . 2010-07-04 12:53 -------- d-----w- C:\juegos de AaLaNd ©

2010-07-04 11:16 . 2010-07-05 15:07 117248 --sh--r- C:\g6jk.exe

2010-06-25 18:15 . 2010-06-25 18:15 -------- d-----w- c:\program files\Bodom-Child - RaBBi

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-07 21:37 . 2009-02-26 00:24 -------- d-----w- c:\documents and settings\user\Application Data\Skype

2010-07-07 21:36 . 2009-02-26 16:55 -------- d-----w- c:\documents and settings\user\Application Data\skypePM

2010-07-07 11:54 . 2009-02-26 08:46 -------- d-----w- c:\program files\MioNet

2010-07-06 16:41 . 2009-02-26 01:06 -------- d-----w- c:\program files\Fichiers communs\Adobe

2010-07-04 13:40 . 2009-04-24 18:49 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss

2010-05-30 14:54 . 2009-02-26 00:09 80696 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-09-23 21755688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

TrayMin210.exe.lnk - c:\program files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [2009-2-26 278528]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

2004-06-09 14:37 40960 ----a-w- c:\windows\VM_STI.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-05 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2004-10-27 14:21 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-09-23 13:17 21755688 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-02-25 23:46 36972 ----a-w- c:\program files\Java\jre1.5.0\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/09/2009 10:56 108289]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/11/2009 17:23 135664]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\Street Gears\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\Street Gears\GameGuard\dump_wmimmc.sys [?]

.

Contenu du dossier 'Tâches planifiées'

 

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 17:23]

 

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 17:23]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.co.ma/

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F84E7FEF-94F6-4CDC-9091-06828A2214DF} = 212.217.0.1,212.217.0.12

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\45pfvflf.default\

FF - prefs.js: browser.startup.homepage - www.google.co.ma

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

MSConfigStartUp-cdoosoft - c:\docume~1\user\LOCALS~1\Temp\herss.exe

MSConfigStartUp-kamsoft - c:\windows\system32\kamsoft.exe

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe

AddRemove-CamStudio - c:\program files\CamStudio\uninstall.exe

AddRemove-Dark brain - c:\program files\Dark brain\Uninstal.exe

AddRemove-Phun_is1 - c:\program files\Phun\unins000.exe

AddRemove-RomStation - c:\program files\RomStation\Uninstal.exe

AddRemove-RPG MAKER XP_is1 - c:\program files\Bodom-Child - RaBBi\RMXP\unins000.exe

AddRemove-Street Gears_FR_is1 - c:\program files\gPotato.eu\Street Gears\unins000.exe

AddRemove-TranslatorBoomerang_is1 - i:\seagate\Soraya\Logiciels\TranslatorBoomerang\unins000.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-07 21:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(788)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(1644)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

.

**************************************************************************

.

Heure de fin: 2010-07-07 21:39:13 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-07-07 21:39

 

Avant-CF: 8 061 349 888 octets libres

Après-CF: 11 164 639 232 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

- - End Of File - - 9BE25EB70928EAA4B5AB7B0D743C6C70

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

ok ComboFix a détecté les fichiers infectés sur les différents disques/supports amovibles présents.

 

On va finir comme ceci =>

 

1°) Utilisation d'un script pour ComboFix:

 

Rend toi sur cette page afin de télécharger le fichier CFScript sur le Bureau => senduit | Share easily.

Patiente une seconde: le téléchargement va se lancer automatiquement.

 

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe (JM.exe) comme sur la capture
    img-191202xzrpd.gif
  • Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Quand CF finit de s'exécuter, il affiche cette boîte de message:
    autosubmitfrdt7.png
  • Cliquer sur OK va faire débuter l'envoi automatique du fichier archivé (zip).
    cfuploadsuccessfulfrwn3.gif
  • Une fois le scan achevé, le pc va certainement redémarrer: un rapport va s'afficher, poste son contenu.
  • Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Note1: Le script proposé est adapté au cas de J.M: Vous ne devez en aucun cas l'utiliser sur votre pc!

 

Note2: un fichier qui se trouve sur le pc va être expédié au créateur de ComboFix pour analyse.

Dans le cas où le site de téléchargement se trouve hors ligne, tu verras le message ci-dessous =>

cfuploadfailedfrrf5.gif

Il te suffira seulement de faire un double clic sur le fichier CF-Submit.htm qui se trouve dans le répertoire C:\ pour envoyer le fichier.

Le rapport de ComboFix ne s'affichera qu'après la fin de la fonction d'envoi.

 

2°) Utilisation de USBFix:

 

On va s'assurer que rien ne nous échappe au niveau de ces fameux supports amovibles: c'est important car c'est un très bon vecteur d'infection!

 

Télecharge et installe UsbFix de C_XX & Chiquitine29

 

  • Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, carte mémoire APN etc...) susceptibles d avoir été infectées sans les ouvrir
  • Double clique sur le raccourci UsbFix présent sur ton bureau .
  • Clique sur le bouton Recherche et laisse travailler l' outil: tu verras une jauge d'avancement du scan s'afficher sur le côté gauche de la fenêtre.
  • Ensuite poste le rapport UsbFix.txt qui apparaitra.

 

Notes :

 

- Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

- Le processus "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

J.M Junior Member

J.M

Posté(e)
  • Auteur
Posté(e)

Merci beaucoup de ces réponses rapides !!

J'ai bien envoyé le rapport ComboFix =)

Une précision : je n'ai pas jugé utile d'effectuer l'analyse par USBFix car sur le disque dur externe que j'ai branché (J:\ dans la plupart des cas) ne comportait qu'un sur fichier suspect, Autorun, qui était fourni avec lors de l'achat (le propriétaire ne possédant à ce jour aucun autre périphérique amovible)

 

ComboFix 10-07-07.02 - user 08/07/2010 12:43:54.2.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.286 [GMT 0:00]

Lancé depuis: c:\documents and settings\user\Bureau\Grand nettoyage\JM.exe

Commutateurs utilisés :: c:\documents and settings\user\Bureau\Grand nettoyage\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

 

FILE ::

"c:\windows\system32\sshnas21.VIR"

 

file zipped: C:\g6jk.exe

file zipped: C:\x3xh.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\g6jk.exe

c:\windows\system32\sshnas21.VIR

C:\x3xh.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-06-08 au 2010-07-08 ))))))))))))))))))))))))))))))))))))

.

 

2010-07-07 11:57 . 2010-07-07 11:57 -------- d-----w- c:\program files\trend micro

2010-07-07 11:57 . 2010-07-07 11:58 -------- d-----w- C:\rsit

2010-07-07 09:59 . 2010-07-07 09:59 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes

2010-07-07 09:59 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-07 09:59 . 2010-07-07 09:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-07 09:59 . 2010-07-07 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-07 09:59 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-06 22:18 . 2010-07-06 22:18 -------- d-----r- c:\documents and settings\LocalService\Mes documents

2010-07-05 15:12 . 2010-07-05 15:12 -------- d-----w- C:\Worms 4 - Mayhem

2010-07-05 15:05 . 2010-07-05 15:05 -------- d-----w- c:\program files\PowerISO

2010-07-04 19:12 . 2010-07-04 19:14 -------- d-----w- c:\program files\Worms 3d Portable

2010-07-04 15:47 . 2010-07-04 19:13 -------- d-----w- c:\program files\Worms 3D

2010-07-04 12:53 . 2010-07-04 12:53 -------- d-----w- C:\juegos de AaLaNd ©

2010-06-25 18:15 . 2010-06-25 18:15 -------- d-----w- c:\program files\Bodom-Child - RaBBi

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-08 12:44 . 2009-02-26 00:24 -------- d-----w- c:\documents and settings\user\Application Data\Skype

2010-07-08 08:44 . 2009-02-26 16:55 -------- d-----w- c:\documents and settings\user\Application Data\skypePM

2010-07-07 11:54 . 2009-02-26 08:46 -------- d-----w- c:\program files\MioNet

2010-07-06 16:41 . 2009-02-26 01:06 -------- d-----w- c:\program files\Fichiers communs\Adobe

2010-07-04 13:40 . 2009-04-24 18:49 -------- d-----w- c:\documents and settings\user\Application Data\dvdcss

2010-05-30 14:54 . 2009-02-26 00:09 80696 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-09-23 21755688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

TrayMin210.exe.lnk - c:\program files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [2009-2-26 278528]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

2004-06-09 14:37 40960 ----a-w- c:\windows\VM_STI.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-05 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2004-10-27 14:21 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-09-23 13:17 21755688 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-02-25 23:46 36972 ----a-w- c:\program files\Java\jre1.5.0\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27/09/2009 10:56 108289]

S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/11/2009 17:23 135664]

S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\Street Gears\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\Street Gears\GameGuard\dump_wmimmc.sys [?]

.

Contenu du dossier 'Tâches planifiées'

 

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 17:23]

 

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 17:23]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.co.ma/

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F84E7FEF-94F6-4CDC-9091-06828A2214DF} = 212.217.0.1,212.217.0.12

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\45pfvflf.default\

FF - prefs.js: browser.startup.homepage - www.google.co.ma

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll

 

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-08 12:48

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(784)

c:\windows\system32\Ati2evxx.dll

.

Heure de fin: 2010-07-08 12:50:50

ComboFix-quarantined-files.txt 2010-07-08 12:50

ComboFix2.txt 2010-07-07 21:39

 

Avant-CF: 11 171 782 656 octets libres

Après-CF: 11 178 315 776 octets libres

 

- - End Of File - - E6268AA9B7F271E132A923CA0888B4A3

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

re!

 

Très bien: le dernier rapport ne montre plus d'infection :)

 

Notes importantes :

 

* Tu as dû constater qu'au démarrage, un choix t'est proposé à présent: Démarrer Windows ou Lancer la Console de Récupération. C'est ComboFix qui l'a installée par sécurité. Parfois, il arrive que des fichiers importants de Windows soient corrompus/effacés et c'est là que l'installation de cette Console prend tout son intérêt.

Elle permet de faire une multitude de chose: effacer des fichiers infectés - remplacer des fichiers légitimes etc....

pour plus d'informations sur la Console de Récupération, lis ce topic >> http://www.zebulon.fr/dossiers/61-console-...cuperation.html

 

  • Si la console de récupération est installée sur XP, Windows ne laisse que très peu de temps pour choisir de démarrer sur le système ou sur la console. (2 secondes par défaut). C'est très court pour réagir.
  • Pour allonger un peu ce temps de réaction, va dans le panneau de configuration, double-clique sur Système puis clique sur Avancé/Propriétés système. Clique sur Démarrage et récupération/paramètres.
  • Change la valeur indiquée à "Afficher la liste des système d'exploitation pendant x secondes": augmente la à 8 secondes.
    img-2151245pvlz.jpg
  • Clique alors sur "Modifier".
  • Le fichier boot.ini va s'ouvrir en forme de fichier texte.
  • N'y touche pas, ferme la fenêtre en cliquant sur la croix en haut à droite.
  • Clique ensuite sur /ok/appliquer/ok.
  • Tu disposeras désormais de 8 secondes à chaque démarrage du pc pour choisir de démarrer soit sur la console de récupération soit sur le système.
  • Si tu ne touche à rien pendant ce laps de temps, Windows bootera sur le système.
  • Et si tu souhaites démarrer de suite sur le système, interromps le décompte en pressant la touche Enter du clavier

 

A présent nous allons désinstaller ComboFix afin de ne pas faire réagir ton antivirus inutilement: je veux parler des éléments infectieux mis en quarantaine par ComboFix avant de les supprimer du disque=>

  • Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) et copie/colle ceci >
     
    ComboFix /uninstall (il y a un espace entre x et / si tu recopies la commande manuellement)
     
  • Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc et la restauration système sera purgée.

 

Tu as installé Antivir sur la machine, c'est très bien! mais ce n'est pas suffisant....

 

- Le pare-feu intégré à Windows n'est pas efficace! il est important d'en installer un vrai pour protéger le pc >>

 

Voila quelques liens pour des pare-feux gratuits

 

Zone Alarm (2 versions )

Lien de téléchargement de la version FREE : http://telechargement.zebulon.fr/zonealarm.html

Lien de téléchargement de la version PRO : Antivirus Software, Firewall, Spyware Removal, Virus Scan: Computer Security by ZoneAlarm

La version pro est payante après une période d'essai.

Tuto de Tesgaz pour la version pro : ZoneAlarm Pro ou Suite

Tuto de Odsen pour la version free : http://benoit.aun.free.fr/securite-facile-php/zonealarm.php

 

Kerio

Lien de téléchargement : Free Firewall Software â Sunbelt Personal Firewall

Tuto de Malekal_morte : Tutorial Kerio Firewall

 

Jetico

Lien de téléchargement éditeur : Jetico - Military-Standard Data Protection Software - Wiping, Encryption, Firewall

Lien de téléchargement sur Zebulon (en fr) : http://telechargement.zebulon.fr/license-1-225.html

Tuto de Odsen : http://benoit.aun.free.fr/securite-facile-php/jetico.php

 

Outpost firewall free

Lien de téléchargement éditeur : Outpost Firewall FREE

Tuto de Odsen (lien site) : Sécurité - Facile

 

La liste n'est pas exhaustive, il en existe d'autres gratuits, et d'autres avec plus de fonctions payants. Télécharge l'exécutable d'installation du pare-feu que tu auras choisi. Lance l'installation de ton pare-feu et suis les instructions supplémentaires s'il y en a. Aide toi des tutos.

 

Je te conseille Zone Alarme ou Kério en version gratuite pour commencer, tu pourras en changer par la suite pour un pare-feu plus élaboré quand tu auras le temps de t'y plonger. Un pare-feu bien configuré, est garant de la sécurité du pc et de ta tranquillité .

 

Tu as dit qu'il s'agissait du pc de ta grand mère ? il faudrait que tu passes un peu de temps pour lui expliquer comment réagir face aux alertes de l'antivirus et du parefeu. Je sais que c'est chiant, mais c'est vraiment utile!

Pour les petits enfants qui squattent le pc, crée leur une session avec des droits limités: ca évitera pas mal d'infections ;)

 

Poste moi un dernier rapport RSIT stp pour voir si tout est bon et dis moi si les problèmes exposés en début de discussion persistent.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...