|
|
Auteur
|
Message
|
1
2
|
|
|
|
Bonjour à tous,
J'ai un gros problème depuis hier soir. J'ai téléchargé quelques titres de musiques sur Limewire et un mp3 a infecté mon PC. Je ne sais plus quel est le mp3 à l'origine de cette infection mais mon antivirus "antivir" me harcelait de messages, toutes les secondes, me demandant ce que je devais faire avec le virus trouvé. J'avais beau supprimer ou empêcher l'accès, les messages étaient de plus en plus nombreux. Le cheval de Troie était en train de se propager sans la forme de titres films, divers et variés, que je n'avais jamais eu sur mon PC évidemment.
Aujourd'hui j'ai réussi à mettre à jour mon antivir et à lancé un scan. Après 9 heures de scan, 6,5% effectué et 6600 détections, toutes à cause de ce trojan TR/Dldr WMA.Wimad.N, j'ai donc décidé d'arrêter le scan et de mettre en quarantaine tous ces fichiers infectés. Ils ne sont pas supprimés, je me vois mal supprimer plus de 6000 fichiers un par un (je ne peux pas tous les sélectionner).
Autre chose : mon bureau a totalement changé depuis cette infection. C'est un bureau style "enfantin" avec une animation au milieu qui nous propose de cliquer à droite à gauche. Toutes les icônes du bureau sont bleutées.
J'ai fait un scan avec adware également mais ces fenêtres intempestives d'alerte antivir l'empêche de se dérouler correctement.
J'écris ce message depuis linux, j'ai les 2 système d'exploitation sur mon disque dur, cette partie du disques étant saine.
-->Message édité par Pipof21 le 10/05/2008 00:50:20<--
|
|
Modérateur/Helper
|
|
|
Bonjour,
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
Accepte la licence en cliquant sur Yes.
Clique sur "Do a system scan and save a logfile".
Poste ici le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:40, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winbond\WLAN\wwu.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\Christophe\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winbond\WLAN\WBSECSVC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CardReaderReset] C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\Reset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [wwu] C:\Program Files\Winbond\WLAN\wwu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft Information Check] microsoft.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Christophe\svchost.exe
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\Christophe\Application Data\Deskbar_{E5DEDC9F-3191-4e4c-9219-700A52D405C3}\starter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb(...)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.(...)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wbsecsvc - Winbond - C:\Program Files\Winbond\WLAN\WBSECSVC.EXE
--
End of file - 10459 bytes
|
|
Modérateur/Helper
|
|
|
 Bonjour,
Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.
Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***
N.B : Si pendant le téléchargement et/ou l’installation tu reçois une alerte de ton antivirus, ignore-là. Certains composants de SDFix peuvent être détectés comme un virus par certains antivirus.
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Note : Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.
Aide : Comment utiliser SDFix.
|
|
|
|
|
Le log Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:16, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winbond\WLAN\WBSECSVC.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winbond\WLAN\wwu.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CardReaderReset] C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\Reset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [wwu] C:\Program Files\Winbond\WLAN\wwu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb(...)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.(...)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wbsecsvc - Winbond - C:\Program Files\Winbond\WLAN\WBSECSVC.EXE
--
End of file - 9680 bytes
Et le rapport SDFix :
SDFix: Version 1.180
Run by Christophe on 07/05/2008 at 13:49
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted
C:\Documents and Settings\Christophe\Application Data\Deskbar_{E5DEDC9F-3191-4e4c-9219-700A52D405C3}\local.xml - Deleted
C:\Documents and Settings\Christophe\Application Data\Deskbar_{E5DEDC9F-3191-4e4c-9219-700A52D405C3}\log.txt - Deleted
C:\Documents and Settings\Christophe\Application Data\Deskbar_{E5DEDC9F-3191-4e4c-9219-700A52D405C3}\version.ini - Deleted
C:\Documents and Settings\Christophe\Application Data\Deskbar_{E5DEDC9F-3191-4e4c-9219-700A52D405C3}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\maxsv15\rLCubd.log - Deleted
C:\WINDOWS\system32\bkEur05\bkEur051080.exe - Deleted
C:\Program Files\dbar\basis.xml - Deleted
C:\Program Files\dbar\channel.tmpl - Deleted
C:\Program Files\dbar\content.tmpl - Deleted
C:\Program Files\dbar\date.tmpl - Deleted
C:\Program Files\dbar\dbaruninst.exe - Deleted
C:\Program Files\dbar\deskbar.crc - Deleted
C:\Program Files\dbar\deskbar.dll - Deleted
C:\Program Files\dbar\deskbar.inf - Deleted
C:\Program Files\dbar\edit_rss.tmpl - Deleted
C:\Program Files\dbar\local.xml - Deleted
C:\Program Files\dbar\nav1.bmp - Deleted
C:\Program Files\dbar\nav2.bmp - Deleted
C:\Program Files\dbar\new_alert.tmpl - Deleted
C:\Program Files\dbar\version.ini - Deleted
C:\Program Files\dbar\version.txt - Deleted
C:\Program Files\winvi\Uninst.exe - Deleted
C:\Program Files\winvi\update.exe - Deleted
C:\Program Files\winvi\version.ini - Deleted
C:\Program Files\winvi\wupda.exe - Deleted
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js - Deleted
C:\Program Files\winvi\dsktp\desktop.html - Deleted
C:\Program Files\winvi\dsktp\internetDetection.swf - Deleted
C:\Program Files\winvi\dsktp\settings.sol - Deleted
C:\Program Files\winvi\icons\bufferthis.ico - Deleted
C:\Program Files\winvi\icons\flashfunpages.ico - Deleted
C:\Program Files\winvi\icons\funnies.ico - Deleted
C:\Program Files\winvi\icons\funnyfunpages.ico - Deleted
C:\Program Files\winvi\icons\goodcleanvideos.ico - Deleted
C:\Program Files\winvi\icons\newfunpages.ico - Deleted
C:\Program Files\winvi\icons\positivethoughts.ico - Deleted
C:\Program Files\winvi\icons\removespyware.ico - Deleted
C:\Program Files\winvi\icons\thissiterocks.ico - Deleted
C:\Program Files\winvi\temp\version.ini - Deleted
C:\Documents and Settings\Christophe\svchost.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
Folder C:\Documents and Settings\Christophe\Application Data\Deskbar_{E5DEDC9F-3191-4e4c-9219-700A52D405C3} - Removed
Folder C:\Documents and Settings\Christophe\! - Removed
Folder C:\Program Files\dbar - Removed
Folder C:\Program Files\winvi - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\maxsv15 - Removed
Folder C:\WINDOWS\system32\bkEur05 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 14:05:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\PopTop Software\\Shattered Union\\ShatteredUnion.exe"="C:\\Program Files\\PopTop Software\\Shattered Union\\ShatteredUnion.exe:*:Enabled:Shattered Union"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"="C:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe:*:Enabled:Lecteur CANALPLAY"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Documents and Settings\\Christophe\\Bureau\\utorrent.exe"="C:\\Documents and Settings\\Christophe\\Bureau\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 5 May 2008 1,998,848 ..SH. --- "C:\Documents and Settings\Laureline\svchost.exe"
Mon 15 Oct 2007 8,397,128 A..H. --- "C:\WINDOWS\system32\msway.dll"
Tue 21 Mar 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 21 Mar 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 21 Mar 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 21 Mar 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 21 Mar 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 25 Jun 2004 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 25 Jun 2004 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 25 Jun 2004 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Fri 25 Jun 2004 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Fri 25 Jun 2004 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 25 Jun 2004 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Mon 28 Oct 2002 433,152 A..HR --- "C:\WINDOWS\system32\Tools\Locale.exe"
Fri 25 Jun 2004 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 25 Jun 2004 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Fri 25 Jun 2004 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 25 Jun 2004 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Fri 5 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BITC.tmp"
Thu 6 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT1.tmp"
Tue 24 Oct 2006 67,072 ...H. --- "C:\Documents and Settings\Christophe\Bureau\Master1\Archives\~WRL1327.tmp"
Thu 19 Oct 2006 73,216 ...H. --- "C:\Documents and Settings\Christophe\Bureau\Master1\Archives\~WRL2161.tmp"
Finished!
-->Message édité par Pipof21 le 07/05/2008 14:22:56<--
|
|
Modérateur/Helper
|
|
|
Re,
Poste un nouveau rapport hijackthis.
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:41, on 07/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winbond\WLAN\WBSECSVC.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winbond\WLAN\wwu.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CardReaderReset] C:\Program Files\Realtek Semiconductor Corp\Card Reader Software\Reset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [wwu] C:\Program Files\Winbond\WLAN\wwu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: http://www.secuser.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb(...)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.(...)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: wbsecsvc - Winbond - C:\Program Files\Winbond\WLAN\WBSECSVC.EXE
--
End of file - 9637 bytes
|
|
Modérateur/Helper
|
|
|
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
|
|
|
|
|
Voici le rapport de MBAM
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 728
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 101811
Temps écoulé: 1 hour(s), 36 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f15b157-40d9-4b20-8d3b-b1f8b475b58d} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a0881aa1-68be-41ac-9c0d-4c8a69c6c72c} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e827ffd9-95d1-4b49-beb3-5d49e688c108} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\V7T90Z4D\Codec[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laureline\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP355\A0045302.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046347.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046349.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046353.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046355.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046366.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046371.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046374.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046383.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046387.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C8E442DD-6894-4EFF-98DE-30F34C0845FE}\RP356\A0046390.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nBL\srkcont3.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
|
|
Modérateur/Helper
|
|
|
Re,
Fais un scan avec antivir en mode sans échec et poste-moi le rapport.
|
|
|
|
|
Avira AntiVir Personal
Report file date: mercredi 7 mai 2008 16:45
Scanning for 1248213 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Christophe
Computer name: CHRIS
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 15/04/2008 21:17:08
AVSCAN.DLL : 8.1.1.0 53505 Bytes 15/04/2008 21:17:08
LUKE.DLL : 8.1.2.9 151809 Bytes 15/04/2008 21:17:09
LUKERES.DLL : 8.1.2.1 12033 Bytes 15/04/2008 21:17:09
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 10:39:05
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 10:49:44
ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 02/05/2008 21:10:58
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 15/04/2008 21:17:11
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 30/04/2008 19:02:01
AESCN.DLL : 8.1.0.15 119157 Bytes 30/04/2008 19:01:52
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 11:18:17
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 18:34:05
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 21:05:25
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 30/04/2008 19:01:49
AEHELP.DLL : 8.1.0.14 115063 Bytes 18/04/2008 21:05:22
AEGEN.DLL : 8.1.0.18 299381 Bytes 25/04/2008 11:18:07
AEEMU.DLL : 8.1.0.5 430450 Bytes 15/04/2008 21:17:10
AECORE.DLL : 8.1.0.27 168310 Bytes 18/04/2008 21:05:14
AVWINLL.DLL : 1.0.0.7 14593 Bytes 15/04/2008 21:17:08
AVPREF.DLL : 8.0.0.1 25857 Bytes 15/04/2008 21:17:08
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 15/04/2008 21:17:08
AVARKT.DLL : 1.0.0.23 307457 Bytes 15/04/2008 21:17:08
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 15/04/2008 21:17:08
SQLITE3.DLL : 3.3.17.1 339968 Bytes 15/04/2008 21:17:09
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 15/04/2008 21:17:09
NETNT.DLL : 8.0.0.1 7937 Bytes 15/04/2008 21:17:09
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 15/04/2008 21:17:01
RCTEXT.DLL : 8.0.32.0 86273 Bytes 15/04/2008 21:17:01
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 7 mai 2008 16:45
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '44' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Laureline\!\! El Ultimatum de Bourne iMBT.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\! Welcome To The Jungle.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\!!!!!!FUSION DIE HARD 4 ITAENG.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( 1978 DVD-R(.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( 2008 1CD XviD Eu DS( net).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( Akbar 2008 EuEdition DVD-R (.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( Akbar2008Pre viD( avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( Bol-2008 Best Copy(.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( KANNUM KANNUM 2008 PDVD TMS.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( net)Mithya (2008) 1 CD Pre viD-AbcD( net) avi(.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( Star (2008) Pre-DVDR - Danger Seeding(.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\( StarP (207) DZ(.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(1980) DVDr-Rip- avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(2008 03 09) by fellopo10 MikeinBrazil NANDA.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(Divx-Ita) Pulpfiction by Got avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(DT) Gabriel STV FRENCH viD-iD net.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(dvd-ITA) King Kong( ciao frenk ) divx.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(Dvd-R Ita) Walt Disney - Le Avventure Di Peter Pan .avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(HAMI) X-Men 3 LAffrontement Final FRENCH.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(Lezmovie) Sex revelations - French.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(Lightsaber Duel) Zeratul vs Hash Brown a Saberbattle.com Movie.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(Marvel) Ghost Rider Movie - Video Clips - A Fans Collection of Goodies.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(movie)-FIREWALL (2006) NL subs avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(movie)-FIREWALL (2006)NL subs avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(NS) 15 Minutes English XVID.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(PC) - Quake III Team Arena 1 30 Gold Edition (CCD).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(PSP) Apostando al Limite Spanish DvDScreener.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(PSP) Buenas Noches y Buena Suerte Spanish DvDScreener.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(PSP) Sin Control (Derailed) Spanish VHS-Screener.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(PSP) Sophie Scholl Los Ultimos Dias Spanish DvDScreener.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(PSP) Truman Capote Spanish DvDScreener.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(Serie Tv - Dvd-Rip) - I Viaggiatori Serie3 Ep.1-6 Tnt-Village.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(SKATEBOARDING) Neighbours A Nordic Skateboardvideo 2006 FS viD-HACO.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(SKATEBOARDING) Red Dragon Euro Fest 2007 RERiP viD-HACO.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(SKATEBOARDING) Revolver Street Credit LE 2004 FS viD-HACO.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(SUM com) Mulholland Falls 1996.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(super seed) Never Back Down FRENCHnet.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(ww.danger-z0ne.net)My Name Is Anthony Gonsalves 2008 (ww.danger-z0ne.net).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(XTHOR.NET) I Robot 2007 720p FRENCH BRDRiP x264 AC3-iDHD.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(XTHOR.NET)Le Nouveau Protocole iNTERNAL FRENCH CAM XViD-iCARUS.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(xthor.net)THE REPLACEMENT KILLERS NTSC MULTI(french) DVDR XTHOR TEAM.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(xthor.net)V pour Vendetta NTSC 2005 MULTI 5 1(FRENCH) DVDR XTHORTEAM.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(XTT)Shoot Em Up COMPLETE PAL MULTi(french) DVDR-NEXiUS.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\(XTT)Wasabi 2001 NTSC MULTi (FRENCH) DVDR-ReQuiN.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\- Sivaji 2007 viD AC3 Subs-TmG TAMIL.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-2 Hitmen 2007 viD-VCDVaULT.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-Avenging Angel 2007 TV viD-DOMiNO.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-Last Hour DVDScr xVID-OEM.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-Skid Row LiMiTED viD-PreVail.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-Star Wars V The Empire Strikes Back 1980 Original Theatrical viD-FRAGMENT.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-The 11th Hour LIMITED viD-iMBT.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-The Sun Also Rises 2007 viD-MESS.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-Two Tigers 2007 VID Eng-DUQA.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\-=Codex-Creations=-Vantage Point R5 Xvid-ITL2 0.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 - Goldfinger avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 a view to a kill (1985) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 A View To A Kill DivX (HQ).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Casino Royale DivX (HQ).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Casino Royale Eng OryoN.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Casino Royale viD-NeDiVx.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 contra el drno dvd1 de 20dvdrsp ensub sp(cinetvshows.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 diamonds are forever (1971) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Die Another Day (DivX DvD RiP).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Die Another Day 2002 UE iNTERNAL viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Die Another Day DVD Rip h33t Dave3737.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 die another day.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 drno (1962) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 for your eyes only (1981) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 For Your Eyes Only DivX (HQ).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 For Your Eyes Only DVD5 - Ita Eng - Sub Ita Eng.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 from russia with love (1963) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 GoldenEye (DivX DvD RiP).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Goldeneye - Dvd9 Ita Eng - Sub Ita Eng.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 goldfinger (1964) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Al servizio segreto di sua maestagrave;.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Dalla Russia con amore.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Goldfinger.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Licence to Kill (1989) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Luomo dalla pistola dor.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Mai dire mai (Never say never again) DivX - Ita Eng .avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Moonraker - Operazione Spazi.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Octopussy Operazione Piovra (Octopussy) Divx - Ita Eng .avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Thunderball - Operazione Tuono.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Una cascata di diamanti.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond - Vivi e lascia morire.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond Diamantes para la eternidad( 7 de 21).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond El Hombre De La Pistola De Oro ( 9 de 21).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond La Espiacute;a Que Me Amo( 10 de 21).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 James Bond Vive y Deja Morir( 8 de 21).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 License To Kill (DivX DvD RiP).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 live and let die (1973) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 moonraker (1979) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Moonraker DivX (HQ).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Moonraker, DVD9 - Ita Eng - Sub Ita Eng.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 octopussy (1983) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Octopussy DivX (HQ).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 on her majestys secret service (1969) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 On Her Majestys Secret Service 1969 UE iNTERNAL viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 The Living Daylights (1987) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 The Living Daylights 1987 UE iNTERNAL viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 The Living Daylights DivX (HQ).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 the spy who loved me (1977) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 The Spy Who Loved Me 1977 UE iNTERNAL viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 The World Is Not Enough 1999 UE iNTERNAL viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 the world is not enough DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 The World is not Enough.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 thunderball (1965) DVD rip h33tspooner.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Thunderball 1965 UE iNTERNAL viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Tomorrow Never Dies (DivX DvD RiP).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Tomorrow never dies - DVD9 Ita Eng - Sub Ita Eng.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 Tomorrow Never Dies 1997 UE UNCUT viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\007 You Only Live Twice 1967 UE iNTERNAL viD-iNCiTE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\067 Playboy Voluptous Vixens Divx.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\069 Playboy Most Wanted Boobs Divx.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\070 Playboy More Sexy Girls Next Door Divx.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\1 4 0 8(widges-den co uk).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10 000BC CAM AVI Xvid Eng SilverSurfer1959trade;.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10 11 2007 Mayday PL by ARVE avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10 Kanus 150 Speere und 3 Frauen German AC3 viD-EMPiRE.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 B C 2008 CAM XViD-prevail btarena.org.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 B C 2008 Eng CAM XViD .avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 B C 2008TS-.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 B C ENGXVid Telesync-FXP avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 BC CAM FULL MOVIE EXCELLENT QUALITYb zip.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 BC CAM-THS mazy.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 BC DVD-SCR XviD-PreVail.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 BC DVDSCR XviD-PreVail.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 BC.Eng.XViD.TELESYNC by FTR.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000 Day Advent.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10,000BC CAM XVID V2 - Stuffies (new source).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\10.000 B.C. CAM Eng Free2Dove.avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\100 Million BC (2008) DVD Rip CM8(A UKB-KvCD By Connels).avi
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Laureline\!\100 Million BC .2008-pnt.avi < | | |
