Sujet Précédent Sujet Suivant

Rapport hijackthis -----VIRUS

Résolu/Fermé
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009 - 28 févr. 2009 à 22:25
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 - 7 mars 2009 à 23:55
Bonjour,voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:14, on 2009-02-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45B7-95CB-3CBB919777E1} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {149ABEDD-EBA3-4AB9-8899-4801F5BA0CDD} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225639225308&h=c03e61bc3f00075df0cb174defb45dfe/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/mylene/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
A voir également:

62 réponses

Réponse 1 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
28 févr. 2009 à 22:28
Salut,
Explique ton problème.
Tu ne crois pas que ce n'est pas un peu déplacé de mettre un rapport sans aucune explication ?!

Lien 1
Lien 2
0
Réponse 2 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
28 févr. 2009 à 22:39
dsl,lolllllll elle est bonne(le lien1) . C'est parceque je suis chez ma copine et je n'est pas bcp de temps pour essayer avec vous de l'aider et son pc ne va pas tres bien il est tres lent vraiment lent et jai fais un scan avira jai le rapport et il y a une vingtaine de virus et sur le rapport hijackthis il semble y avoir des trucs louche comme le soap.exe donc jai besoin d'aide pour que le pc aille bien !!Pourtant elle a a envoyer le pc chez un suppo-reparateur de pc et il va encore plus mal .et jai desinstaller avast pour avira jai ccleaner ,spyware terminator, sunbelt et malwarebytes est en train de scanner mais s'est long
0
Réponse 3 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
28 févr. 2009 à 23:01
Ok.
allez au boulot.

Télécharges ToolBar S&D ( de Eric_71 )
= = = = >>> En cliquant ici <<< = = = =

/!\ Déconnectes toi et fermes toute tes applications en cours le temps de la manipulation /!\
* Double-cliques sur l’exécutable pour lancer l’outil
* Une fois fait, tape F pour sélectionner le Français
* Choisis l’option 1 (Recherche) et tape sur Entrée.
* Une fois le scan finit, un rapport va apparaître au format .txt.
* Copie-colle l’intégralité de son contenu dans ta prochaine réponse ...
Note :
Le rapport est sauvegardé ici : C:\TB.txt
Tuto si besoin ICI
0
Réponse 4 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
28 févr. 2009 à 23:23
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1500+ )
BIOS : Version 1.00
USER : mylene ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:14 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 2009-02-28|17:18 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AltNet
C:\Program Files\AltNet\Download Manager
C:\Program Files\AltNet\My Altnet Shares
C:\Program Files\AltNet\My Altnet Shares\Arthur Lyman-Queen Serenade.wma
C:\Program Files\AltNet\My Altnet Shares\Beenie Man - Do the Butterfly.wma
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection
C:\Program Files\AltNet\My Altnet Shares\Girl Hawk.wma
C:\Program Files\AltNet\My Altnet Shares\PKrassner-Saddam and Osama.wma
C:\Program Files\AltNet\My Altnet Shares\Weeping_and_Mourning.wma
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\bzip2.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cab.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cevakrnl.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cevakrnl.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\ceva_dll.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\ceva_dll.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\ceva_vfs.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cran.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cran.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\cran.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\emalware.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\emalware.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\gzip.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\iso.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\java.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\java.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mbox.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mdx_97.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mdx_w95.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mdx_w95.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mdx_x95.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mime.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mime.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\mso.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\na.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\na.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\na.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\nelf.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\pdf.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\pdf.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\plugins.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\pst.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\pst.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\rup.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\rup.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\rup.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\sdx.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\sfx.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\sfx.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\tar.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\unpack.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\unpack.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\unpack.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\update.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\update.txt.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\ve.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\ve.cvd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\ve.xmd.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\zip.cab
C:\Program Files\AltNet\My Altnet Shares\Bullguard Protection\zip.xmd.cab
C:\Program Files\KaZaA
C:\Program Files\KaZaA\data
C:\Program Files\KaZaA\Db
C:\Program Files\KaZaA\licenses
C:\Program Files\KaZaA\My Shared Folder
C:\Program Files\KaZaA\plugins.htm
C:\Program Files\KaZaA\versions.dat
C:\Program Files\KaZaA\data\{080F4CD6-F27B-FE13-6B17-593A5C1593F5}
C:\Program Files\KaZaA\data\{1F89456A-336D-16C4-B241-1AB75F02CA03}
C:\Program Files\KaZaA\data\{25D5B316-A382-7976-4376-D2B346149F5A}
C:\Program Files\KaZaA\data\{E334330E-9639-1881-C9F1-7EB4A12EF528}
C:\Program Files\KaZaA\Db\ctx4-060124.cab
C:\Program Files\KaZaA\Db\data1024.dbb
C:\Program Files\KaZaA\Db\data256.dbb
C:\Program Files\KaZaA\Db\ova4-060124.cab
C:\Program Files\KaZaA\Db\tsi4-060124a.cab
C:\Program Files\KaZaA\Db\tsi4-060124b.cab
C:\Program Files\KaZaA\Db\tss4.cab
C:\Program Files\KaZaA\My Shared Folder\(06) Angie Martinez - Take You Home feat Kelis.wma
C:\Program Files\KaZaA\My Shared Folder\(06) Incubus - Sick Sad Little World.wma
C:\Program Files\KaZaA\My Shared Folder\(Switchfoot)-Dare You to Move.mp3
C:\Program Files\KaZaA\My Shared Folder\.kpl
C:\Program Files\KaZaA\My Shared Folder\01 - Track 1 (1) (1).mp3
C:\Program Files\KaZaA\My Shared Folder\01 - Track 1.mp3
C:\Program Files\KaZaA\My Shared Folder\02 With You.wma
C:\Program Files\KaZaA\My Shared Folder\02-No Woman No Cry.mp3
C:\Program Files\KaZaA\My Shared Folder\02-oobie-dirty_dancin_(dirty)-ras.mp3
C:\Program Files\KaZaA\My Shared Folder\02-three_days_grace-just_like_you-esc.mp3
C:\Program Files\KaZaA\My Shared Folder\03 - Tempted 2 Touch.mp3
C:\Program Files\KaZaA\My Shared Folder\03 - Track 3.mp3
C:\Program Files\KaZaA\My Shared Folder\03-dale_caliente.mp3
C:\Program Files\KaZaA\My Shared Folder\03Hoobastank - What happened to us.mp3
C:\Program Files\KaZaA\My Shared Folder\04-garou-laveu.mp3
C:\Program Files\KaZaA\My Shared Folder\04-hoobastank-escape-rns.mp3
C:\Program Files\KaZaA\My Shared Folder\05 Broken.wma
C:\Program Files\KaZaA\My Shared Folder\05 Craig David - I'm Walking Away.MP3
C:\Program Files\KaZaA\My Shared Folder\05-hoobastank-disappear-fnt.mp3
C:\Program Files\KaZaA\My Shared Folder\06 - Eyes Wide Shut.mp3
C:\Program Files\KaZaA\My Shared Folder\06-hoobastank-lucky-rns.mp3
C:\Program Files\KaZaA\My Shared Folder\07 - Hoobastank - From The Heart - EMG - www.elitemusic.org.mp3
C:\Program Files\KaZaA\My Shared Folder\07 - Track 7.mp3
C:\Program Files\KaZaA\My Shared Folder\08-hoobastank-the_reason-rns.mp3
C:\Program Files\KaZaA\My Shared Folder\09-hoobastank-let_it_out-rns.mp3
C:\Program Files\KaZaA\My Shared Folder\1.mp3
C:\Program Files\KaZaA\My Shared Folder\10-hoobastank-unaffected-rns.mp3
C:\Program Files\KaZaA\My Shared Folder\16 - Say Hoo.mp3
C:\Program Files\KaZaA\My Shared Folder\16 In Blue Hawaii.wma
C:\Program Files\KaZaA\My Shared Folder\2 Fast 2 Furious - Pitbull - Oye.mp3
C:\Program Files\KaZaA\My Shared Folder\2 pac vs Sean Paul - Get Busy.wma
C:\Program Files\KaZaA\My Shared Folder\2. In My Hood.mp3
C:\Program Files\KaZaA\My Shared Folder\20 district sleeps alone tonight.wma
C:\Program Files\KaZaA\My Shared Folder\245463.kpl
C:\Program Files\KaZaA\My Shared Folder\8669 (1).mp3
C:\Program Files\KaZaA\My Shared Folder\alanis morissette - everyhing.mp3
C:\Program Files\KaZaA\My Shared Folder\AlbumArtSmall.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{066FE803-25BD-4312-9BD0-4631625F5AC7}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{066FE803-25BD-4312-9BD0-4631625F5AC7}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{0972E449-6444-47C6-AF9E-84C22A0575FF}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{0972E449-6444-47C6-AF9E-84C22A0575FF}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{14381ABE-A952-4F27-9F04-CAB98036C884}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{14381ABE-A952-4F27-9F04-CAB98036C884}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{1BD7FA5F-4B6D-4D33-B16D-01B0AF72510A}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{1BD7FA5F-4B6D-4D33-B16D-01B0AF72510A}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{305EA90A-785D-43FF-81F5-6C37AADF782C}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{305EA90A-785D-43FF-81F5-6C37AADF782C}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{3D0648B1-B346-4847-BB66-E23D7C0A621D}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{3D0648B1-B346-4847-BB66-E23D7C0A621D}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{416770F9-C52E-4C1A-AEE5-2C8C78FA5469}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{416770F9-C52E-4C1A-AEE5-2C8C78FA5469}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{4883D58B-8AB9-4A00-B369-B25DE8D006A1}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{4883D58B-8AB9-4A00-B369-B25DE8D006A1}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{75C12C02-2B77-4EBC-904E-D2301F4E6464}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{75C12C02-2B77-4EBC-904E-D2301F4E6464}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{7DB5EBCC-60C1-4F74-8E8F-736292FB0223}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{7DB5EBCC-60C1-4F74-8E8F-736292FB0223}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{81BF0B66-489A-4A1D-B7D0-D65205DB6BF9}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{81BF0B66-489A-4A1D-B7D0-D65205DB6BF9}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{9D25878E-6E1F-4A78-A2A1-38B6BBBDF82C}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{9D25878E-6E1F-4A78-A2A1-38B6BBBDF82C}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{B0301115-1966-407C-BCC6-D32DF27C78D1}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{B0301115-1966-407C-BCC6-D32DF27C78D1}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{B6920E21-21FE-4E93-9342-070D94786C13}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{B6920E21-21FE-4E93-9342-070D94786C13}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{C56F9A33-F4B8-497C-B9D8-E4E9BFD1B620}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{C56F9A33-F4B8-497C-B9D8-E4E9BFD1B620}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{D81B2B05-4BF4-41B0-9593-11466B54CEC7}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{D81B2B05-4BF4-41B0-9593-11466B54CEC7}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{DD3790A8-226C-4904-8426-CA374EDC9B8D}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{DD3790A8-226C-4904-8426-CA374EDC9B8D}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{DF5EDBEB-18DA-4267-93AC-2DB1A6F5E0E2}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{E86727CF-7011-4DA2-93E1-406085E52F81}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{E86727CF-7011-4DA2-93E1-406085E52F81}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{EDA3C930-2305-43EE-AA04-1A33545FEA8A}_Large.jpg
C:\Program Files\KaZaA\My Shared Folder\AlbumArt_{EDA3C930-2305-43EE-AA04-1A33545FEA8A}_Small.jpg
C:\Program Files\KaZaA\My Shared Folder\amos, tori- winter (live)2.mp3
C:\Program Files\KaZaA\My Shared Folder\Ashlee Simpson - Pieces Of Me [sweetkisses.net].mpeg
C:\Program Files\KaZaA\My Shared Folder\Avril Lavigne-My Happy Ending.mp3
C:\Program Files\KaZaA\My Shared Folder\BEENIE MAN - KING OF THE DANCEHALL.mp3
C:\Program Files\KaZaA\My Shared Folder\Beyonce feat.mp3
C:\Program Files\KaZaA\My Shared Folder\Blink 182 - I Miss You.wma
C:\Program Files\KaZaA\My Shared Folder\Bob Marley - Is This Love.mp3
C:\Program Files\KaZaA\My Shared Folder\Bob Marley - one love eminem crackerz n cheeze.mp3
C:\Program Files\KaZaA\My Shared Folder\Bob Marley - One Love.mp3
C:\Program Files\KaZaA\My Shared Folder\Bob Marley - Red red wine.mp3
C:\Program Files\KaZaA\My Shared Folder\Brandy & Ray-J - Think Twice.mp3
C:\Program Files\KaZaA\My Shared Folder\Carl Henry - I Wish (Remix).mp3
C:\Program Files\KaZaA\My Shared Folder\Chris Brown - Gimmi That.mp3
C:\Program Files\KaZaA\My Shared Folder\christina.wma
C:\Program Files\KaZaA\My Shared Folder\Cold Play - For You.mp3
C:\Program Files\KaZaA\My Shared Folder\Cold Play - The Scientist.mp3
C:\Program Files\KaZaA\My Shared Folder\Coldplay - Warning Sign.mp3
C:\Program Files\KaZaA\My Shared Folder\Confrontation.mp3
C:\Program Files\KaZaA\My Shared Folder\Cranberries - Zombie (1).mp3
C:\Program Files\KaZaA\My Shared Folder\Creed One Last Breath.mp3
C:\Program Files\KaZaA\My Shared Folder\Daddy Yankee - Guayando (Remix).mp3
C:\Program Files\KaZaA\My Shared Folder\daddy_yankee_-_la_gasolina_remix_-{XCLUIVE FÂßOLOÚ§3o85}LMP.mp3
C:\Program Files\KaZaA\My Shared Folder\DADY YANKEE - DONDE HUBO FUEGO.mp3
C:\Program Files\KaZaA\My Shared Folder\Damien Marley & Nas - Road To Zion.mp3
C:\Program Files\KaZaA\My Shared Folder\Damien Marley - Hey girl.mp3
C:\Program Files\KaZaA\My Shared Folder\David Usher - Little Songs - 10 - Mood Song.mp3
C:\Program Files\KaZaA\My Shared Folder\DAVID USHER - Track 13.mp3
C:\Program Files\KaZaA\My Shared Folder\desktop.ini
C:\Program Files\KaZaA\My Shared Folder\Destinys Child-Cater tO yOu.mp3
C:\Program Files\KaZaA\My Shared Folder\Di30.mp3
C:\Program Files\KaZaA\My Shared Folder\Dirty Dancing Havana Nights Soundtrack - Dance like This - Wyclef Jean Feat. Claudette Ortiz.mp3
C:\Program Files\KaZaA\My Shared Folder\download113900753020272269.dat
C:\Program Files\KaZaA\My Shared Folder\Durst, Fred - Wish You Were Here (1).mp3
C:\Program Files\KaZaA\My Shared Folder\Eminem - Go To Sleep Bitch (1).wma
C:\Program Files\KaZaA\My Shared Folder\Eminem - Just Loose It.mp3
C:\Program Files\KaZaA\My Shared Folder\eminem-shake that-curtain call the hits-rns-[vbr].wma
C:\Program Files\KaZaA\My Shared Folder\eminem-shake that-curtain call the hits-[vbr].wma
C:\Program Files\KaZaA\My Shared Folder\en_kmd260.exe
C:\Program Files\KaZaA\My Shared Folder\Folder.jpg
C:\Program Files\KaZaA\My Shared Folder\Frankie J- More Than Words(1).mp3
C:\Program Files\KaZaA\My Shared Folder\FREE IPOD NANO.wma
C:\Program Files\KaZaA\My Shared Folder\fuck you right back.kpl
C:\Program Files\KaZaA\My Shared Folder\Fugees - Fu-Gee-La.mp3
C:\Program Files\KaZaA\My Shared Folder\Fugees - Ready Or Not.mp3
C:\Program Files\KaZaA\My Shared Folder\Gavin DeGraw - 08 - I Don't Want To be.mp3
C:\Program Files\KaZaA\My Shared Folder\Goo Goo Dolls - Iris.mp3
C:\Program Files\KaZaA\My Shared Folder\Guns N Roses - November Rain.mp3
C:\Program Files\KaZaA\My Shared Folder\Gwen Stefani - What you waiting for (Video).mpg
C:\Program Files\KaZaA\My Shared Folder\Harry Potter Soundtrack - Main Theme.mp3
C:\Program Files\KaZaA\My Shared Folder\Hawaiian Music - Waikiki Hula Medley.mp3
C:\Program Files\KaZaA\My Shared Folder\Here In My Room.mp3
C:\Program Files\KaZaA\My Shared Folder\Hoobastank - Crawling In The Dark.mp3
C:\Program Files\KaZaA\My Shared Folder\Hoobastank - Just One.mp3
C:\Program Files\KaZaA\My Shared Folder\Hoobastank - Never There.mp3
C:\Program Files\KaZaA\My Shared Folder\Hoobastank - Running Away.mp3
C:\Program Files\KaZaA\My Shared Folder\I Gotta Stay Fly.mp3
C:\Program Files\KaZaA\My Shared Folder\I Will Remember You (Live).mp3
C:\Program Files\KaZaA\My Shared Folder\In 2 Deep.mp3
C:\Program Files\KaZaA\My Shared Folder\Incubus - 08 - Southern Girl.mp3
C:\Program Files\KaZaA\My Shared Folder\Incubus - Drive.mp3
C:\Program Files\KaZaA\My Shared Folder\Incubus-Megalomaniacs.mp3
C:\Program Files\KaZaA\My Shared Folder\Isabelle boulay - Séraphin- Depuis le premier jour (1).mp3
C:\Program Files\KaZaA\My Shared Folder\Jadakiss - Why.mp3
C:\Program Files\KaZaA\My Shared Folder\jadakiss kiss of death u make me wanna-osc.mp3
C:\Program Files\KaZaA\My Shared Folder\Jahiem- Put that women first.mp3
C:\Program Files\KaZaA\My Shared Folder\jayz06..mp3
C:\Program Files\KaZaA\My Shared Folder\Jean leloup - 06 - La vallée des réputations.mp3
C:\Program Files\KaZaA\My Shared Folder\Jean Leloup - Isabelle.mp3
C:\Program Files\KaZaA\My Shared Folder\Jet - Are You Gonna Be My Girl(1).mp3
C:\Program Files\KaZaA\My Shared Folder\JoJo - Leave (Get Out).wma
C:\Program Files\KaZaA\My Shared Folder\JoJo Ft. Bow Wow - Baby It's You (Remix).mp3
C:\Program Files\KaZaA\My Shared Folder\kazaa300_en.exe
C:\Program Files\KaZaA\My Shared Folder\Keahiwai - Waikiki.mp3
C:\Program Files\KaZaA\My Shared Folder\Keishia Cole - I Should've Cheated.mp3
C:\Program Files\KaZaA\My Shared Folder\Kelly Clarkson - Because of You.wma
C:\Program Files\KaZaA\My Shared Folder\Kelly Clarkson - Breakaway (1).mp3
C:\Program Files\KaZaA\My Shared Folder\Lady Saw - Lately (Bitch Riddim).mp3
C:\Program Files\KaZaA\My Shared Folder\Lauren Hill - Joyful, Joyful (Sister Act 2).mp3
C:\Program Files\KaZaA\My Shared Folder\Lauren Hill - Killing_Me_Softly.mp3
C:\Program Files\KaZaA\My Shared Folder\Lauryn Hill - doowop.mp3
C:\Program Files\KaZaA\My Shared Folder\Led Zepplin - Dream On.mp3
C:\Program Files\KaZaA\My Shared Folder\Les Trois Accords - Hawaienne.wma
C:\Program Files\KaZaA\My Shared Folder\Lifehouse - Out Of Breath .mp3
C:\Program Files\KaZaA\My Shared Folder\Lifehouse - Spin.mp3
C:\Program Files\KaZaA\My Shared Folder\Lifehouse - Stanley Climbfall - 09 - Take me away.mp3
C:\Program Files\KaZaA\My Shared Folder\Lil Jon - What You Gon Do (Remix).mp3
C:\Program Files\KaZaA\My Shared Folder\Lil Wayne-Go DJ.mp3
C:\Program Files\KaZaA\My Shared Folder\Lil' Wayne - Fireman.mp3
C:\Program Files\KaZaA\My Shared Folder\Live - Lightning Crashes (Acoustic).wma
C:\Program Files\KaZaA\My Shared Folder\Live - Run to the water.mp3
C:\Program Files\KaZaA\My Shared Folder\liz phair - why cant i.mp3
C:\Program Files\KaZaA\My Shared Folder\love songs - killing me softly.mp3
C:\Program Files\KaZaA\My Shared Folder\Ludacris - Splash Waterfalls.mp3
C:\Program Files\KaZaA\My Shared Folder\Lynard skinard- sweet home alabma.mp3
C:\Program Files\KaZaA\My Shared Folder\Madona - Don't Tell .mp3
C:\Program Files\KaZaA\My Shared Folder\Madonna - Like A Prayer.mp3
C:\Program Files\KaZaA\My Shared Folder\Madonna - Rain.mp3
C:\Program Files\KaZaA\My Shared Folder\Madonna - Vogue.mp3
C:\Program Files\KaZaA\My Shared Folder\mario_-_let_me_love_you.wma
C:\Program Files\KaZaA\My Shared Folder\Mark McGrath - Ghost in You.wma
C:\Program Files\KaZaA\My Shared Folder\Mary J. BliDge - Be Without You.mp3
C:\Program Files\KaZaA\My Shared Folder\Melanie Renaud - J'm'en veux.mp3
C:\Program Files\KaZaA\My Shared Folder\Missy Elliot - Pass The Dutch.mp3
C:\Program Files\KaZaA\My Shared Folder\Moist- Forestfire.mp3
C:\Program Files\KaZaA\My Shared Folder\Move.mp3
C:\Program Files\KaZaA\My Shared Folder\Muse - Time Is Running Out.mp3
C:\Program Files\KaZaA\My Shared Folder\Natacha St Pierre - Tu trouveras.mp3
C:\Program Files\KaZaA\My Shared Folder\Nelly ft. Jaheim - My Place.mp3
C:\Program Files\KaZaA\My Shared Folder\Nelly ftg Paul Wall - My Grillz.mp3
C:\Program Files\KaZaA\My Shared Folder\neo.mp3
C:\Program Files\KaZaA\My Shared Folder\Nickelback - Someday.mp3
C:\Program Files\KaZaA\My Shared Folder\Nickleback - Far Away.mp3
C:\Program Files\KaZaA\My Shared Folder\Nina Sky - Move Your Body.mp3
C:\Program Files\KaZaA\My Shared Folder\Nina Sky ft. Angie Martinez - Time To Go.mp3
C:\Program Files\KaZaA\My Shared Folder\Nirvana - Come As You Are.mp3
C:\Program Files\KaZaA\My Shared Folder\Nirvana - Lithium.mp3
C:\Program Files\KaZaA\My Shared Folder\NIRVANA - rapé me.mp3
C:\Program Files\KaZaA\My Shared Folder\nirvana - smells like teen spirit.mp3
C:\Program Files\KaZaA\My Shared Folder\OLP - Thief.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - Life.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - 04 - Innocent - music-madness.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - 4 AM.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - all for you ego.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - Are You Sad-.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - Bring Back The Sun.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - Do You Like It.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - Happiness.mp3
C:\Program Files\KaZaA\My Shared Folder\Our Lady Peace - Supermans Dead (1).mp3
C:\Program Files\KaZaA\My Shared Folder\Out Of Control - Hoobastank.mp3
C:\Program Files\KaZaA\My Shared Folder\Pink - 15 - Hooker.mp3
C:\Program Files\KaZaA\My Shared Folder\pink - Is it Love or just a Curse.mp3
C:\Program Files\KaZaA\My Shared Folder\pistoleo - Regueton.wma
C:\Program Files\KaZaA\My Shared Folder\pit bull feat lil jon-culo.mp3
C:\Program Files\KaZaA\My Shared Folder\Pretty RicKy - grind with me.wma
C:\Program Files\KaZaA\My Shared Folder\Project Wise - Room To Breathe.mp3
C:\Program Files\KaZaA\My Shared Folder\Pussycat Dolls - Stickwitu Remix.mp3
C:\Program Files\KaZaA\My Shared Folder\Radiohead - Karma Police.mp3
C:\Program Files\KaZaA\My Shared Folder\Ray J - One Wish (Remix).mp3
C:\Program Files\KaZaA\My Shared Folder\Ray J - One Wish.wma
C:\Program Files\KaZaA\My Shared Folder\Ray J ft Fabolous- One wish (remix).mp3
C:\Program Files\KaZaA\My Shared Folder\Ricky_Martin_Feat[1]._Daddy_Yankee_-_Drop_It_On_Me.mp3
C:\Program Files\KaZaA\My Shared Folder\Rihanna - If It's Lovin.mp3
C:\Program Files\KaZaA\My Shared Folder\Roots - Don't Say Nothing.mp3
C:\Program Files\KaZaA\My Shared Folder\run it remix.mp3
C:\Program Files\KaZaA\My Shared Folder\Rupee feat. Lil' Kim - Do The Damn Thing.mp3
C:\Program Files\KaZaA\My Shared Folder\Santana f. Wyclef Jean - Maria Maria.mp3
C:\Program Files\KaZaA\My Shared Folder\sarah mclachlan - Fallen (1).mp3
C:\Program Files\KaZaA\My Shared Folder\Sarah McLachlan - I Will Remember You.mp3
C:\Program Files\KaZaA\My Shared Folder\sdfsdf.mp3
C:\Program Files\KaZaA\My Shared Folder\Sean Paul feat Sasha - Im Still In Love With You.wma
C:\Program Files\KaZaA\My Shared Folder\seul Au Monde (1).mp3
C:\Program Files\KaZaA\My Shared Folder\SkypeSetup (1).exe
C:\Program Files\KaZaA\My Shared Folder\SkypeSetup.exe
C:\Program Files\KaZaA\My Shared Folder\Snoop Dogg feat.wma
C:\Program Files\KaZaA\My Shared Folder\Soca 2005 - Rupee - Punked.mp3
C:\Program Files\KaZaA\My Shared Folder\Stabilo - Everbody.mp3
C:\Program Files\KaZaA\My Shared Folder\Star Académie 2004 (1).kpl
C:\Program Files\KaZaA\My Shared Folder\Sting - Fields Of Gold (Acoustic Unplugged).mp3
C:\Program Files\KaZaA\My Shared Folder\switchfoot - meant to live.wma
C:\Program Files\KaZaA\My Shared Folder\Switchfoot - on fire.mp3
C:\Program Files\KaZaA\My Shared Folder\switchfoot - we were meant to live.wma
C:\Program Files\KaZaA\My Shared Folder\switchfoot- ment to live.wma
C:\Program Files\KaZaA\My Shared Folder\T-Pain_feat_Pitbull- Im_Sprung_remix.mp3
C:\Program Files\KaZaA\My Shared Folder\The O.C. Episode 1.wmv
C:\Program Files\KaZaA\My Shared Folder\the oc promo season 2.mpeg
C:\Program Files\KaZaA\My Shared Folder\There for You.mp3
C:\Program Files\KaZaA\My Shared Folder\Three Days Grace - Home.mp3
C:\Program Files\KaZaA\My Shared Folder\TOBBOM-Im Just Another Soldier.wma
C:\Program Files\KaZaA\My Shared Folder\TRACK-13.wma
C:\Program Files\KaZaA\My Shared Folder\U2 - One (best live acoustic ever).mpg
C:\Program Files\KaZaA\My Shared Folder\U2 - Vertigo.mp3
C:\Program Files\KaZaA\My Shared Folder\Unpredictable.mp3
C:\Program Files\KaZaA\My Shared Folder\When I'm Gone.wma
C:\Program Files\KaZaA\My Shared Folder\Wycleaf Jean - 911.MP3
C:\Program Files\KaZaA\My Shared Folder\Wyclef Jean - Guantanamera.mp3
C:\Program Files\KaZaA\My Shared Folder\Wyclef Jean ft Muzion - 24 Heures A Vivre.mp3
C:\Program Files\KaZaA\My Shared Folder\yandel y tego calderon.wma
C:\Program Files\KaZaA\My Shared Folder\Yellow Card - GoodBye.mp3
C:\Program Files\KaZaA\My Shared Folder\Young Love.mp3
C:\Program Files\KaZaA\My Shared Folder\[Radiohead] - Creep.wma
C:\Program Files\NavExcel
C:\Program Files\NavExcel\NavHelper
C:\Program Files\NavExcel\NavHelper\v2.0.4a
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar
C:\Program Files\ShopperReports
C:\Program Files\ShopperReports\Bin
C:\Program Files\ShopperReports\Bin\2.0.20

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"CustomizeSearch"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchAssistant"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2009-02-28|17:22 - Option : [1]

-----------\\ Fin du rapport a 17:22:04,55
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
28 févr. 2009 à 23:24
Rien que ça ...lol.

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipulation !!

Relance Toolbar-S&D en double-cliquant sur le raccourci.
* Tape l’option 2 (Nettoyage) puis tapes sur Entrée.
Notes :
Ne touche à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes l’intégralité de son contenu dans ta prochaine réponse
accompagné d’un nouveau rapport Hijackthis pour analyse ...
0
Réponse 6 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
28 févr. 2009 à 23:40
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1500+ )
BIOS : Version 1.00
USER : mylene ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:14 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-02-28|17:28 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AltNet\Download Manager
Supprime! - C:\Program Files\AltNet\My Altnet Shares
Supprime! - C:\Program Files\KaZaA\data
Supprime! - C:\Program Files\KaZaA\Db
Supprime! - C:\Program Files\KaZaA\licenses
Supprime! - C:\Program Files\KaZaA\My Shared Folder
Supprime! - C:\Program Files\KaZaA\plugins.htm
Supprime! - C:\Program Files\KaZaA\versions.dat
Supprime! - C:\Program Files\NavExcel\NavHelper
Supprime! - C:\Program Files\Need2Find\bar
Supprime! - C:\Program Files\ShopperReports\Bin
Supprime! - C:\Program Files\AltNet
Supprime! - C:\Program Files\KaZaA
Supprime! - C:\Program Files\NavExcel
Supprime! - C:\Program Files\Need2Find
Supprime! - C:\Program Files\ShopperReports

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"CustomizeSearch"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchAssistant"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2009-02-28|17:22 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2009-02-28|17:38 - Option : [2]

-----------\\ Fin du rapport a 17:38:04,68

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:59, on 2009-02-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45B7-95CB-3CBB919777E1} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {149ABEDD-EBA3-4AB9-8899-4801F5BA0CDD} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225639225308&h=c03e61bc3f00075df0cb174defb45dfe/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/mylene/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
0
Réponse 7 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
28 févr. 2009 à 23:45
Parfait.

Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =

- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
- Enregistres le sur le bureau
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-cliques sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu cliques dessus pour l’afficher une fois affiché
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller

Si tu as besoin d’aide regarde ce tutorial ICI
0
Réponse 8 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
28 févr. 2009 à 23:49
jai fais un scan de malwarebytes juste avant le t an d toolbars scan est-ce que c'est bon quand meme ou il faut que je le rescan?
0
Réponse 9 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
28 févr. 2009 à 23:52
Non ce n'est pas la peine.
On supprimera les outils en même temps après avec un outil spécial.
0
Réponse 10 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
28 févr. 2009 à 23:54
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 3

2009-02-28 16:47:18
mbam-log-2009-02-28 (16-47-18).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 109042
Temps écoulé: 1 hour(s), 15 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 32
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} (Adware.Bargain.Buddy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\webHancer (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\ExitTraffic (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\ExitTraffic (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\ExitTraffic (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\ExitTraffic (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\ExitTraffic (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\whInstall (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\webHancer\Programs\whAgent.ini (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\index.htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\ExitTraffic\exit.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\index_01.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\index_02.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\index_04.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\index_05.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\ncc.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\p2e_1.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\p2e_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\p2e_go.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\p2e_icon.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201214\img\p2e_logo.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\index.htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\ExitTraffic\exit.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\index_01.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\index_02.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\index_04.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\index_05.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\ncc.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\p2e_1.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\p2e_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\p2e_go.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\p2e_icon.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201223\img\p2e_logo.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\index.htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\ExitTraffic\exit.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\index_01.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\index_02.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\index_04.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\index_05.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\ncc.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\p2e_1.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\p2e_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\p2e_go.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\p2e_icon.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201228\img\p2e_logo.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\index.htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\ExitTraffic\exit.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\index_01.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\index_02.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\index_04.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\index_05.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\ncc.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\p2e_1.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\p2e_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\p2e_go.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\p2e_icon.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201238\img\p2e_logo.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\index.htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\ExitTraffic\exit.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\index_01.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\index_02.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\index_04.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\index_05.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\ncc.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\p2e_1.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\p2e_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\p2e_go.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\p2e_icon.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\P2E\20031204201256\img\p2e_logo.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\whInstall\whAgent.inf (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\whInstall\whInstaller.ini (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\egdhtml_pack.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mseggrpid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
0
Réponse 11 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
28 févr. 2009 à 23:57
Et ben, t'étais bien infecté !
On n'a pas fini.
Vide la quarantaine de Malwarebytes' Anti malware.

Télécharge sur le bureau Navilog1 (Merci à IL-MAFIOSO)
= = = = >>> En cliquant ici <<< = = = =
* La console noire de Navilog1 doit s’ouvrir après l’installation
* Sinon, pour l’ouvrir, double-clique sur le raccourci « Navilog1 » sur ton bureau
* Appuie sur la lettre F de ton clavier puis sur la touche Entrée
* Appuie sur une touche de ton clavier pour continuer...
* Tape 1, puis appuie sur la touche Entrée de ton clavier
* Ainsi, Navilog1 va effectuer la recherche des fichiers infectieux sur ton PC.
* NE PAS UTILISER L’OPTION 2, 3, 4 SANS AVIS
* Sois patient, cela peut prendre une dizaine de minutes
* Navilog1 t’informe que la recherche est terminée
* Appuie sur une touche de ton clavier pour afficher le rapport qu’il a généré
* Le rapport sera sauvegardé dans le fichier suivant : « fixnavi.txt » à la racine de ton disque dur (C:\fixnavi.txt).
* Poste le rapport généré
0
Réponse 12 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
1 mars 2009 à 00:10
Search Navipromo version 3.7.5 commencé le 2009-02-28 à 18:02:03,42

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 1500+ )
BIOS : Version 1.00
USER : mylene ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : Sunbelt Personal Firewall 4.6.1861 T (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:14 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\mylene\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\mylene\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\mylene\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\mylene\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\mylene\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 2009-02-28 à 18:08:39,01 ***
0
Réponse 13 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
1 mars 2009 à 00:12
Comment va le PC ?
Un nouveau rapport hijackthis stp.
0
Réponse 14 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
1 mars 2009 à 00:14
le pc a l'air a aller bien,Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:24, on 2009-02-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45B7-95CB-3CBB919777E1} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {149ABEDD-EBA3-4AB9-8899-4801F5BA0CDD} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/...
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/mylene/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
0
Réponse 15 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
1 mars 2009 à 00:29
Analyse ce fichier :
C:\PROGRA~1\SYSTEM~1\soap.exe
Sur le site de Virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.
Poste le rapport.
0
Réponse 16 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
1 mars 2009 à 00:32
je ne sais pas comment trouver le fichier?????????
0
Réponse 17 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
1 mars 2009 à 00:34
S'il n'est pas ici :
C:\Program Files\System...\soap.exe
recherche le avec Windowe en tapant soap.exe dans la recherche.
(System...= [je sais pas quoi après system])
0
Réponse 18 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
1 mars 2009 à 00:40
Fichier SOAP.EXE-2D4830F0.pf reçu le 2009.03.01 00:37:28 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/39 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 42 et 60 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.28 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.28 -
AVG 8.0.0.237 2009.02.28 -
BitDefender 7.2 2009.03.01 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.03.01 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.28 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.03.01 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.03.01 -
McAfee 5539 2009.02.28 -
McAfee+Artemis 5539 2009.02.28 -
Microsoft 1.4306 2009.02.28 -
NOD32 3897 2009.02.28 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.28 -
PCTools 4.4.2.0 2009.02.28 -
Prevx1 V2 2009.03.01 -
Rising 21.18.52.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.28 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.03.01 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.28 -
Information additionnelle
File size: 50960 bytes
MD5...: 568d3c29943c94a88951c4483526cc0e
SHA1..: 5c9adc94a031123beba52f9c2c8bdcfaddf472e7
SHA256: 9dfb4f6b60bc42f0fa933debfac9ff02102a28b0c383ee8b8595ea0b2f1f1f41
SHA512: cae728137ea9c1bc827c3cceffa2450f988f3b41ed51e2e27881f8c1bff69f88
f3fda65d5c2a6b23a31d5e535dc319cdc8de74d8318617860b909cde5ca05f39
ssdeep: 768:7lR0OyWo3hZzuh7Car5RuPySI7y7iXrDOBfCfq:7lR0OyQlf8g+

PEiD..: -
TrID..: File type identification
Microsoft Windows XP Prefetch file (98.9%)
LTAC compressed audio (v1.71) (1.0%)
PEInfo: -
0
Réponse 19 / 62
crapoulou Messages postés 28157 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 9 avril 2024 7 989
1 mars 2009 à 01:25
--> Télécharge DirLook sur ton Bureau.
http://images.malwareremoval.com/jpshortstuff/DirLook.exe
--> Double-clique sur DirLook.exe pour lance l'outil.

--> Vérifie que les deux cases situées derrière "Show hidden files/folders:" et "BBCode Output:" soient cochées.

--> Copie le texte ci-dessous :

c:\Program Files\System Soap Pro

--> Dans la petite fenêtre de DirLook, faire un clic droit dans la zone blanche et choisir Coller.
Note : les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de DirLook.

--> Clique sur le bouton DirLook pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, le Bloc-notes s'ouvre.
Note : Dans le Bloc-notes, vérifie dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.

--> Enregistre le rapport sous le nom DirLook1.txt et ferme le Bloc-notes.

--> Ferme DirLook en cliquant sur le bouton Exit puis poste le rapport.
0
Réponse 20 / 62
seanjohnz Messages postés 104 Date d'inscription lundi 26 janvier 2009 Statut Membre Dernière intervention 10 avril 2009
1 mars 2009 à 02:06
DirLook.exe v2.0 by jpshortstuff
Log created at 20:05 on 28/02/2009
==================================[b]
Contents of "c:\Program Files\System Soap Pro"
[/b]
[b][color=blue]---FOLDERS---[/b][/color]

(none found)

[b][color=blue]---FILES---[/b][/color]

[b]syslog.txt[/b] (49504 bytes - created on 12/12/2003 at 00:02, modified on 28/02/2009 at 19:18) --a---

==================================
[b][color=blue]=EOF=[/b][/color]
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
écrire un rapport de travail
asi -
REGINALD -

3 réponses
Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses