Cheval de troie

ste50 Messages postés 53 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
hier mon antivirus avira a détecté un cheval de troie. Ce matin j'ai fait une analyse avec Malwarebytes, voici le rapport:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3857
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/03/2010 14:15:38
mbam-log-2010-03-12 (14-15-33).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 277425
Temps écoulé: 6 hour(s), 4 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\u94.exe (HackTool.Proxy) -> No action taken.
C:\WINDOWS\Temp\_ex-68.exe (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Stéphane DADET\Menu Démarrer\Programmes\Démarrage\winesm32.exe (Trojan.Downloader) -> No action taken.


puis, j'ai lancé Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:47, on 12/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus\Stéphane DADET.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S30.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.consoclicker.com/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://sell-vehicle.ebay.fr/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
totobetourne Messages postés 5677 Statut Membre 65
 
bonjour


1)as tu bien tout supprimer la tu nous colle le rapport avant suppression.


2)telecharge cela et fait le fonctionner en option S.colle le rapport.

https://www.commentcamarche.net/telecharger/securite/2547-ad-remover/




Déconnectes toi et fermes toutes applications en cours !

Relances "Ad-remover" : au menu principal choisi l'option "L" .
? Ensuite coche: (le numero devant et entree)

Boonty/Boonty Games
eorezo
.......
Puis "S"

le programme va travailler ...

Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\


3)te sers tu bien de ton pare feu car comodo est tres bon , tu as peut etre laisser l infection passer lorsque comodo emet une alerte.
je te dis cela car c est tres rare de voit une personne avec comodo d infecte.
0
Réponse 2 / 24
ste50 Messages postés 53 Statut Membre
 
Voici les différents rapports, d'abord ad-remover puis hijacktjis:
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:51:38, 12/03/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: STPHANE | Utilisateur actuel: St‚phane DADET
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
Nom du profil: hvbnrvuv.default (St‚phane DADET)
.
(STPHAN~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Stéphane DADET\Bureau\multimedia
(STPHAN~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus
(STPHAN~1, prefs.js) Browser.search.defaultenginename, MyStart Rechercher
(STPHAN~1, prefs.js) Browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
(STPHAN~1, prefs.js) Browser.search.selectedEngine, Google
(STPHAN~1, prefs.js) Browser.startup.homepage, hxxp://mystart.incredimail.com/
(STPHAN~1, prefs.js) Extensions.enabledItems, {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5,fr@dictionaries.addons.mozilla.org:3.5,{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,OberonGameHost@OberonGames.com:1.0.5.1344,{9CCE52B0-5079-4177-9586-1BF6575E62DE}:1.0.0.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
(STPHAN~1, prefs.js) Keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_PMM_with_IM&search=
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Use Custom Search URL: 0 (0x0)
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Use Search Asst: no
Default_page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Use Custom Search URL: 0 (0x0)
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\St‚phane DADET\Local Settings\temp\HouseCall\bspatch.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\dossier autoentrepreneur\EBP AUTO ENTREPRENEUR 2010\Crack\EBP.Invoicing.Application.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\footmanager\Patch v10.1.0 [PC]\FM2010_v10.1.0_PC_Patch.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\virtualdj.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Advanced.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Always.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Atomix.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\ATOMIX-FR 1.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\A-Trakt.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Boanerges.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ1000 V4.0.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S - By Paky_&_Snake + font for skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S - By Paky_&_Snake_V2+font_skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S v.2.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ200S.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\D1-1280x1024.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DAC3 V4.0 Update.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun V2.01.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Default Skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Default.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon 1800F.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon DN-S5000.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon(1280x800)_V4.0.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DenonDN-S5000.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Digital.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DJ Console.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DJCEdition.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ (1024x768).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FM7 - Super pack.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-Black (Widescreen).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-BLACK VDJ v2.01 (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER VDJ v1.03.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\K-Display.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Man-TK.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Mix Lab V3.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 03 (V4.0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 05.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV_04 TITANIUM (V4.0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV_04_1024x768 (V3.4).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Multi-Instance.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Numark CDN - 88 Video.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\OldSchool.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ1000 MKII.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ100S V.5.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S (1024x768) v2.00.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S by RE (1024x768) v2.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer-700_COLOUR.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\PLATINUM_V1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\scratch4vid.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TASCAM.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TC.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TECHNICS.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TECNICHS_SL1210M_5G_V1-.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Titanium Max.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\V_Mix_5.4_1280_800.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VDJ4 Full & Mixer.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VDJ4 Video.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VideoVision_3.4_1280x800.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ5.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ6.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\vmix4.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\windj.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtualdj 5\Crack (erst Patch versuchen)\virtualdj.exe
.
===================================
.
17377 Octet(s) - C:\Ad-Report-CLEAN[1].log
14204 Octet(s) - C:\Ad-Report-SCAN[1].log
.
131 Fichier(s) - C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp
35 Fichier(s) - C:\WINDOWS\Temp
38 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Ad-Remover\BACKUP
90 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 20:59:13 | 12/03/2010 - SCAN[1]
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:02:53, 12/03/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: STPHANE | Utilisateur actuel: St‚phane DADET
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
Nom du profil: hvbnrvuv.default (St‚phane DADET)
.
(STPHAN~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Stéphane DADET\Bureau\multimedia
(STPHAN~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus
(STPHAN~1, prefs.js) Browser.search.defaultenginename, MyStart Rechercher
(STPHAN~1, prefs.js) Browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
(STPHAN~1, prefs.js) Browser.search.selectedEngine, Google
(STPHAN~1, prefs.js) Browser.startup.homepage, hxxp://mystart.incredimail.com/
(STPHAN~1, prefs.js) Extensions.enabledItems, {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5,fr@dictionaries.addons.mozilla.org:3.5,{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,OberonGameHost@OberonGames.com:1.0.5.1344,{9CCE52B0-5079-4177-9586-1BF6575E62DE}:1.0.0.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
(STPHAN~1, prefs.js) Keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_PMM_with_IM&search=
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Use Custom Search URL: 0 (0x0)
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Use Search Asst: no
Default_page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Use Custom Search URL: 0 (0x0)
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\St‚phane DADET\Local Settings\temp\HouseCall\bspatch.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\dossier autoentrepreneur\EBP AUTO ENTREPRENEUR 2010\Crack\EBP.Invoicing.Application.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\footmanager\Patch v10.1.0 [PC]\FM2010_v10.1.0_PC_Patch.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\virtualdj.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Advanced.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Always.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Atomix.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\ATOMIX-FR 1.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\A-Trakt.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Boanerges.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ1000 V4.0.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S - By Paky_&_Snake + font for skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S - By Paky_&_Snake_V2+font_skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S v.2.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ200S.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\D1-1280x1024.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DAC3 V4.0 Update.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun V2.01.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Default Skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Default.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon 1800F.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon DN-S5000.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon(1280x800)_V4.0.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DenonDN-S5000.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Digital.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DJ Console.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DJCEdition.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ (1024x768).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FM7 - Super pack.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-Black (Widescreen).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-BLACK VDJ v2.01 (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER VDJ v1.03.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\K-Display.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Man-TK.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Mix Lab V3.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 03 (V4.0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 05.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV_04 TITANIUM (V4.0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV_04_1024x768 (V3.4).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Multi-Instance.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Numark CDN - 88 Video.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\OldSchool.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ1000 MKII.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ100S V.5.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S (1024x768) v2.00.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S by RE (1024x768) v2.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer-700_COLOUR.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\PLATINUM_V1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\scratch4vid.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TASCAM.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TC.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TECHNICS.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TECNICHS_SL1210M_5G_V1-.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Titanium Max.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\V_Mix_5.4_1280_800.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VDJ4 Full & Mixer.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VDJ4 Video.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VideoVision_3.4_1280x800.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ5.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ6.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\vmix4.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\windj.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtualdj 5\Crack (erst Patch versuchen)\virtualdj.exe
.
===================================
.
17377 Octet(s) - C:\Ad-Report-CLEAN[1].log
14254 Octet(s) - C:\Ad-Report-CLEAN[2].log
14546 Octet(s) - C:\Ad-Report-SCAN[1].log
.
130 Fichier(s) - C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp
36 Fichier(s) - C:\WINDOWS\Temp
7 Fichier(s) - C:\WINDOWS\Prefetch
.
20 Fichier(s) - C:\Ad-Remover\BACKUP
90 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 21:10:12 | 12/03/2010 - CLEAN[2]
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:12:57, 12/03/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: STPHANE | Utilisateur actuel: St‚phane DADET
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
Nom du profil: hvbnrvuv.default (St‚phane DADET)
.
(STPHAN~1, prefs.js) Browser.download.dir, C:\Documents and Settings\Stéphane DADET\Bureau\multimedia
(STPHAN~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus
(STPHAN~1, prefs.js) Browser.search.defaultenginename, MyStart Rechercher
(STPHAN~1, prefs.js) Browser.search.defaulturl, hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
(STPHAN~1, prefs.js) Browser.search.selectedEngine, Google
(STPHAN~1, prefs.js) Browser.startup.homepage, hxxp://mystart.incredimail.com/
(STPHAN~1, prefs.js) Extensions.enabledItems, {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5,fr@dictionaries.addons.mozilla.org:3.5,{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,OberonGameHost@OberonGames.com:1.0.5.1344,{9CCE52B0-5079-4177-9586-1BF6575E62DE}:1.0.0.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
(STPHAN~1, prefs.js) Keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_PMM_with_IM&search=
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Use Custom Search URL: 0 (0x0)
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Use Search Asst: no
Default_page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Use Custom Search URL: 0 (0x0)
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\St‚phane DADET\Local Settings\temp\HouseCall\bspatch.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\dossier autoentrepreneur\EBP AUTO ENTREPRENEUR 2010\Crack\EBP.Invoicing.Application.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\footmanager\Patch v10.1.0 [PC]\FM2010_v10.1.0_PC_Patch.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\virtualdj.exe
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\@2[3].xx_Pioneer-700_COLOUR.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Advanced.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Always.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Atomix.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\ATOMIX-FR 1.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\ATOMIX-FR 1[1].1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\A-Trakt.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\BOANERGES V 1[1].1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Boanerges.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ1000 V4.0.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S - By Paky_&_Snake + font for skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S - By Paky_&_Snake_V2+font_skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S v.2.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ100S.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\CDJ200S.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\D1-1280x1024.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DAC3 V4.0 Update.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun V2.01.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun V2[1].01.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Darkfun.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Default Skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Default.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon 1800F.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon DN-S5000.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Denon(1280x800)_V4.0.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DenonDN-S5000.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Digital.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DJ Console.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\DJCEdition.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ (1024x768).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ(1024x768).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FLOOP DJ(1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\FM7 - Super pack.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-Black (Widescreen).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-BLACK VDJ v2.01 (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-BLACK VDJ v2[1].01 (1280x800).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-PLATINUM VDJ v2.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER VDJ v1.03.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER VDJ v1[1].03.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\JN-SILVER.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\K-Display.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Man-TK.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Mix Lab V3.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 03 (V4.0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 03 (V4[1].0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 04 (V2[1].00_edA) - winXP.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 04 (V2[1].00_edA).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV 05.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV_04 TITANIUM (V4.0).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\MIX Station SV_04_1024x768 (V3.4).zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Multi-Instance Skin.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Multi-Instance.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Numark CDN - 88 Video.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\OldSchool.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ1000 MKII.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ1000 MKII_PeRiJeY.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ100S V.5.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S (1024x768) v2.00.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S by RE (1024x768) v2.1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer CDJ-700S by RE (1024x768) v2[1].00.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pioneer-700_COLOUR.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Pionner CDJ1000 MKII.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\PLATINUM_V1.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\scratch4vid.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TASCAM.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TC.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TECHNICS.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\TECNICHS_SL1210M_5G_V1-.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\Titanium Max.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\V_Mix_5.4_1280_800.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VDJ4 Full & Mixer.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VDJ4 Video.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VideoVision_3.4_1280x800.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ5.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\VirtualDJ6.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\virtualdjwinamp3.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\vmix4.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtual dj pro 6\Crack\Skins\windj.zip
C:\Documents and Settings\St‚phane DADET\Mes documents\Ma musique\logicielmix\virtualdj 5\Crack (erst Patch versuchen)\virtualdj.exe
.
===================================
.
17377 Octet(s) - C:\Ad-Report-CLEAN[1].log
14641 Octet(s) - C:\Ad-Report-CLEAN[2].log
14546 Octet(s) - C:\Ad-Report-SCAN[1].log
14293 Octet(s) - C:\Ad-Report-SCAN[2].log
.
131 Fichier(s) - C:\DOCUME~1\STPHAN~1\LOCALS~1\Temp
36 Fichier(s) - C:\WINDOWS\Temp
40 Fichier(s) - C:\WINDOWS\Prefetch
.
21 Fichier(s) - C:\Ad-Remover\BACKUP
90 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 21:20:26 | 12/03/2010 - SCAN[2]
.
============== E.O.F ==============
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:24, on 12/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus\Stéphane DADET.exe
C:\Program Files\IncrediMail\Bin\ImNotfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S30.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.consoclicker.com/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://sell-vehicle.ebay.fr/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0
Réponse 3 / 24
ste50 Messages postés 53 Statut Membre
 
Bonjour,

j'ai effectué un nouveau scan ce matin avec Malwarebytes, voici le rapport:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3862
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/03/2010 10:07:24
mbam-log-2010-03-13 (10-07-24).txt

Type de recherche: Examen rapide
Eléments examinés: 165983
Temps écoulé: 37 minute(s), 1 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\SYSTEM32\DRIVERS\veqswi.sys (Rootkit.Agent) -> Delete on reboot.


Mais Malwarebytes ne supprime pas ce fichier, et je ne peux le supprimé manuellement.
Comment faire pour le supprimer?
Combofix est-il adapté?
0
Réponse 4 / 24
totobetourne Messages postés 5677 Statut Membre 65
 
pour malwarebyte tu as effectue un scan rapide , peut etre n a t il pas reconnu toute l infection.

on va essayer combo.

pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
ste50 Messages postés 53 Statut Membre
 
Voici le rapport Combix:

ComboFix 10-03-14.01 - Stéphane DADET 14/03/2010 18:31:42.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.264 [GMT 1:00]
Lancé depuis: c:\documents and settings\Stéphane DADET\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Data
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.

2010-03-12 19:37 . 2010-03-12 20:20 -------- d-----w- C:\Ad-Remover
2010-03-11 14:19 . 2010-03-14 17:40 802304 ----a-w- c:\windows\system32\drivers\veqswi.sys
2010-03-11 13:14 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-11 13:14 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-11 13:13 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-11 13:13 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-03-11 13:09 . 2010-03-12 17:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-11 13:09 . 2010-03-11 13:09 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-03-11 13:03 . 2010-03-11 13:09 -------- d-----w- c:\program files\Microsoft
2010-03-11 12:17 . 2010-03-11 12:17 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2010-03-10 20:02 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-03 05:47 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-22 19:32 . 2010-02-22 19:32 -------- d-----w- c:\program files\CANAL Numedia
2010-02-22 16:52 . 2010-02-24 19:15 -------- d-----w- c:\program files\Numark Cue
2010-02-21 11:22 . 2010-02-21 11:22 -------- d-----w- c:\program files\MP3 Player Utilities 4.22

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 05:46 . 2006-02-05 08:43 -------- d-----w- c:\program files\eMule
2010-03-13 11:05 . 2005-02-28 09:38 87434 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-13 11:05 . 2005-02-28 09:38 518330 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-13 07:58 . 2008-08-02 20:46 -------- d-----w- c:\program files\Zylom Games
2010-03-13 07:54 . 2006-02-05 08:43 -------- d-----w- c:\program files\Yahoo!
2010-03-11 20:13 . 2010-03-11 20:13 16 ----a-w- c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
2010-03-11 13:12 . 2010-03-11 13:12 16 ----a-w- c:\documents and settings\LocalService\Application Data\rbuwzv.dat
2010-03-11 13:05 . 2010-02-02 19:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-11 09:06 . 2008-10-27 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-21 11:23 . 2010-02-21 11:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-02-03 11:30 . 2008-12-17 20:32 -------- d-----w- c:\program files\MSBuild
2010-02-03 11:30 . 2010-02-03 11:30 -------- d-----w- c:\program files\Reference Assemblies
2010-02-02 19:55 . 2010-02-02 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EBP
2010-02-02 19:55 . 2010-02-02 19:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{41802EB5-A83D-41BB-8072-1147EB527DF1}
2010-02-02 19:52 . 2010-02-02 19:51 -------- d-----w- c:\program files\EBP
2010-02-02 19:51 . 2010-02-02 19:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{4890FF13-BFC8-467A-AD6A-71025F041ADD}
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-09 10:49 . 2009-06-02 19:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2008-10-27 12:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-10-27 12:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 21:36 . 2009-12-31 21:36 13810 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-12-31 16:50 . 2004-08-19 20:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2004-08-19 20:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-05 12:00 347648 ----a-w- c:\windows\system32\mspaint.exe
2007-03-17 08:19 . 2007-03-17 07:56 23489040 -c--a-w- c:\program files\AdbeRdr709_fr_FR.exe
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 98304]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-11-10 280008]
"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2009-06-20 955712]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"P17Helper"="P17.dll" [2004-06-10 60928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-08-25 339968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2009-04-20 1115728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

c:\documents and settings\Camille DADET\Menu D‚marrer\Programmes\D‚marrage\
ADILOOK Fran‡ais sur disque C.LNK - c:\coktel\ADI4OEMP\ADILOOK.EXE [1997-9-5 187904]

c:\documents and settings\St‚phane DADET\Menu D‚marrer\Programmes\D‚marrage\
Pense-bˆte.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1997-10-14 2344920]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-15 113664]
PI Monitor.lnk - c:\program files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2005-7-5 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"ForceStartMenuLogoff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/05/2009 06:48 108289]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\SYSTEM32\DRIVERS\prodrv04.sys [23/07/2006 08:11 114496]
S3 Bulk;HDJBulk;c:\windows\SYSTEM32\DRIVERS\hdjbulk.sys [22/06/2008 17:12 83328]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\STPHAN~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\STPHAN~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 HDJAsioK;HDJAsioK;c:\windows\SYSTEM32\DRIVERS\hdjasiok.sys [22/06/2008 17:12 132608]
S3 HDJCtrl;HDJCtrl;c:\windows\system32\Drivers\HDJCtrl.sys --> c:\windows\system32\Drivers\HDJCtrl.sys [?]
S3 HDJKbd;HDJKbd;c:\windows\system32\Drivers\HDJKbd.sys --> c:\windows\system32\Drivers\HDJKbd.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\SYSTEM32\DRIVERS\hdjmidi.sys [22/06/2008 17:12 95872]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\SYSTEM32\DRIVERS\usbiad.sys [14/11/2005 19:08 31547]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys --> c:\windows\system32\drivers\vad.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - veqswi
.
Contenu du dossier 'Tâches planifiées'

2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mystart.incredimail.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Trusted Zone: //www.consoclicker.com/
Trusted Zone: consoclicker.com\www
DPF: fdjeux - hxxps://www.fdjeux.net/classes/fdjeux.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} - hxxp://www.consoclicker.com/TNSClickrb.CAB
FF - ProfilePath - c:\documents and settings\Stéphane DADET\Application Data\Mozilla\Firefox\Profiles\hvbnrvuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_PMM_with_IM&search=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\progra~1\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-Beat 2000 Demo (Techno) - c:\documents and settings\stéphane dadet\mes documents\ma musique\création music\DeIsL2.isu
AddRemove-DrumXtractor - c:\documents and settings\stéphane dadet\mes documents\ma musique\création music\DeIsL1.isu
AddRemove-HijackThis - c:\documents and settings\Stéphane DADET\Bureau\multimedia\virus\HijackThis.exe
AddRemove-Tactile12000 2.1 - c:\program files\Tactile Pictures\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 18:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\veqswi]

.
Heure de fin: 2010-03-14 18:49:18
ComboFix-quarantined-files.txt 2010-03-14 17:49

Avant-CF: 78 840 532 992 octets libres
Après-CF: 78 987 640 832 octets libres

- - End Of File - - 5A6FDCDC2A38EC7AD93540E9F5B97EEA
0
Réponse 6 / 24
totobetourne Messages postés 5677 Statut Membre 65
 
refais un scan complet apres mise a jour avec malwarebyte, colle le rapport.
0
Réponse 7 / 24
ste50 Messages postés 53 Statut Membre
 
Bonjour,

voici le rapport Malwarebytes, mais le fichier infecté semble toujours présent:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3868
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/03/2010 07:35:33
mbam-log-2010-03-15 (07-35-33).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 254922
Temps écoulé: 1 hour(s), 30 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\SYSTEM32\DRIVERS\veqswi.sys (Rootkit.Agent) -> Delete on reboot.
0
Réponse 8 / 24
totobetourne Messages postés 5677 Statut Membre 65
 
on va verifier.

Ensuite,
*Rends toi sur ce site :

https://www.virustotal.com/gui/

*Clique sur "Parcourir" et cherche ce fichier :

c:\windows\system32\drivers\veqswi.sys­

*Un rapport va s'élaborer ligne à ligne.
*Attends la fin. Il doit comprendre la taille du fichier envoyé.
*Sauvegarde le rapport avec le bloc-note.
*Copie le dans ta réponse.
*Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintena
0
Réponse 9 / 24
ste50 Messages postés 53 Statut Membre
 
"0 bytes size received / Se ha recibido un archivo vacio"

ceci est la réponse de virustotal!!!!!!
0
Réponse 10 / 24
totobetourne Messages postés 5677 Statut Membre 65
 
/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )


KillAll::

Collect::[4]
c:\windows\system32\drivers\veqswi.sys

File::
c:\windows\system32\veqswi.sys .*

Driver::
veqswi

Registry::





Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 11 / 24
ste50 Messages postés 53 Statut Membre
 
Bonsoir,

ci joint les rapports, d'abord combofix puis Hijackthis:

ComboFix 10-03-14.01 - Stéphane DADET 16/03/2010 21:48:55.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.510.271 [GMT 1:00]
Lancé depuis: c:\documents and settings\Stéphane DADET\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Stéphane DADET\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

file zipped: c:\windows\system32\drivers\veqswi.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\veqswi.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VEQSWI
-------\Service_veqswi


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-16 au 2010-03-16 ))))))))))))))))))))))))))))))))))))
.

2010-03-12 19:37 . 2010-03-12 20:20 -------- d-----w- C:\Ad-Remover
2010-03-11 13:14 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-11 13:14 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-11 13:13 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-11 13:13 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-03-11 13:09 . 2010-03-12 17:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-11 13:09 . 2010-03-11 13:09 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-03-11 13:03 . 2010-03-11 13:09 -------- d-----w- c:\program files\Microsoft
2010-03-11 12:17 . 2010-03-11 12:17 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2010-03-10 20:02 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-03 05:47 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-22 19:32 . 2010-02-22 19:32 -------- d-----w- c:\program files\CANAL Numedia
2010-02-22 16:52 . 2010-02-24 19:15 -------- d-----w- c:\program files\Numark Cue
2010-02-21 11:22 . 2010-02-21 11:22 -------- d-----w- c:\program files\MP3 Player Utilities 4.22

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 05:46 . 2006-02-05 08:43 -------- d-----w- c:\program files\eMule
2010-03-13 11:05 . 2005-02-28 09:38 87434 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-13 11:05 . 2005-02-28 09:38 518330 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-13 07:58 . 2008-08-02 20:46 -------- d-----w- c:\program files\Zylom Games
2010-03-13 07:54 . 2006-02-05 08:43 -------- d-----w- c:\program files\Yahoo!
2010-03-11 20:13 . 2010-03-11 20:13 16 ----a-w- c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
2010-03-11 13:12 . 2010-03-11 13:12 16 ----a-w- c:\documents and settings\LocalService\Application Data\rbuwzv.dat
2010-03-11 13:05 . 2010-02-02 19:50 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-03-11 09:06 . 2008-10-27 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-21 11:23 . 2010-02-21 11:23 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-02-03 11:30 . 2008-12-17 20:32 -------- d-----w- c:\program files\MSBuild
2010-02-03 11:30 . 2010-02-03 11:30 -------- d-----w- c:\program files\Reference Assemblies
2010-02-02 19:55 . 2010-02-02 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\EBP
2010-02-02 19:55 . 2010-02-02 19:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{41802EB5-A83D-41BB-8072-1147EB527DF1}
2010-02-02 19:52 . 2010-02-02 19:51 -------- d-----w- c:\program files\EBP
2010-02-02 19:51 . 2010-02-02 19:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{4890FF13-BFC8-467A-AD6A-71025F041ADD}
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-09 10:49 . 2009-06-02 19:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2008-10-27 12:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-10-27 12:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 21:36 . 2009-12-31 21:36 13810 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-12-31 16:50 . 2004-08-19 20:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2004-08-19 20:10 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-05 12:00 347648 ----a-w- c:\windows\system32\mspaint.exe
2007-03-17 08:19 . 2007-03-17 07:56 23489040 -c--a-w- c:\program files\AdbeRdr709_fr_FR.exe
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 98304]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-11-10 280008]
"Connexion SFR 9props.exe"="c:\program files\Neuf\Kit\9props.exe" [2009-06-20 955712]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"P17Helper"="P17.dll" [2004-06-10 60928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2004-08-25 339968]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2009-04-20 1115728]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

c:\documents and settings\Camille DADET\Menu D‚marrer\Programmes\D‚marrage\
ADILOOK Fran‡ais sur disque C.LNK - c:\coktel\ADI4OEMP\ADILOOK.EXE [1997-9-5 187904]

c:\documents and settings\St‚phane DADET\Menu D‚marrer\Programmes\D‚marrage\
Pense-bˆte.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [1997-10-14 2344920]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-15 113664]
PI Monitor.lnk - c:\program files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2005-7-5 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"ForceStartMenuLogoff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Guillemot\\tools\\giWebUpdater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/05/2009 06:48 108289]
S1 prodrv04;Star Force copy protection driver v4;c:\windows\SYSTEM32\DRIVERS\prodrv04.sys [23/07/2006 08:11 114496]
S3 Bulk;HDJBulk;c:\windows\SYSTEM32\DRIVERS\hdjbulk.sys [22/06/2008 17:12 83328]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\STPHAN~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\STPHAN~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 HDJAsioK;HDJAsioK;c:\windows\SYSTEM32\DRIVERS\hdjasiok.sys [22/06/2008 17:12 132608]
S3 HDJCtrl;HDJCtrl;c:\windows\system32\Drivers\HDJCtrl.sys --> c:\windows\system32\Drivers\HDJCtrl.sys [?]
S3 HDJKbd;HDJKbd;c:\windows\system32\Drivers\HDJKbd.sys --> c:\windows\system32\Drivers\HDJKbd.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\SYSTEM32\DRIVERS\hdjmidi.sys [22/06/2008 17:12 95872]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;c:\windows\SYSTEM32\DRIVERS\usbiad.sys [14/11/2005 19:08 31547]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys --> c:\windows\system32\drivers\vad.sys [?]
.
Contenu du dossier 'Tâches planifiées'

2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://mystart.incredimail.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Trusted Zone: //www.consoclicker.com/
Trusted Zone: consoclicker.com\www
DPF: fdjeux - hxxps://www.fdjeux.net/classes/fdjeux.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} - hxxp://www.consoclicker.com/TNSClickrb.CAB
FF - ProfilePath - c:\documents and settings\Stéphane DADET\Application Data\Mozilla\Firefox\Profiles\hvbnrvuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_PMM_with_IM&search=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\progra~1\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-16 21:58
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xF876D000]<< >>UNKNOWN [0xF875D000]<< >>UNKNOWN [0xF8BC1000]<< >>UNKNOWN [0x806EE000]<< >>UNKNOWN [0xF84B1000]<< >>UNKNOWN [0xF8C75000]<< >>UNKNOWN [0xF892D000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xf8771f28
\Driver\ACPI -> 0xf8663cb8
\Driver\atapi -> 0xf8bc1661
IoDeviceObjectType -> DeleteProcedure -> 0x805a0598
\Device\Harddisk0\DR0 -> DeleteProcedure -> 0x805a0598
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(280)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\IncrediMail\bin\B4ImApp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\snmp.exe
c:\windows\System32\snmptrap.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\Rundll32.exe
c:\program files\IncrediMail\Bin\ImApp.exe
.
**************************************************************************
.
Heure de fin: 2010-03-16 22:10:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-16 21:10
ComboFix2.txt 2010-03-14 17:49

Avant-CF: 77 871 017 984 octets libres
Après-CF: 77 792 161 792 octets libres

- - End Of File - - CBD11F9F5CD96C753844B8279501A810



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:38, on 16/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Stéphane DADET\Bureau\multimedia\virus\Stéphane DADET.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.consoclicker.com/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} - http://www.consoclicker.com/TNSClickrb.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://sell-vehicle.ebay.fr/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
0
Réponse 12 / 24
chipie-68
 
Bonsoir,

G eu le même souci il y a qlq tps !

Va chercher sur www.01net.com et installe le logiciel Anti Keylogger Shield.

Bon courage !!!
0
Réponse 13 / 24
Utilisateur anonyme
 
salut Ste50 , Totobetourne m'a demandé d'apporter mon soutien :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"


0
Réponse 14 / 24
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Bonjour,

Juste pour suivre comme je suis en plein dans les rootkits, ça va bien m'aider.
0
Réponse 15 / 24
ste50 Messages postés 53 Statut Membre
 
Bonjour,

et grand merci à tous pour votre aide:))).
Je poste le rapport kill'em:

List'em by g3n-h@ckm@n 1.5.0.1

User : Stéphane DADET (Administrateurs)
Update on 16/03/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 07:04:35 | 17/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
FW : COMODO Firewall Pro[ (!) Disabled ]2.3.035

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 146,19 Go (72,45 Go free) | NTFS
D:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\snmptrap.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Creative Detector REG_SZ C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
Connexion SFR 9props.exe REG_SZ "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\Core\smax4pnp.exe
P17Helper REG_SZ Rundll32 P17.dll,P17Helper
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
IntelMeM REG_SZ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
DVDLauncher REG_SZ "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
DMXLauncher REG_SZ C:\Program Files\Dell\Media Experience\DMXLauncher.exe
CTSysVol REG_SZ C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
ATIPTA REG_SZ C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
WinPatrol REG_SZ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
COMODO Firewall Pro REG_SZ "C:\Program Files\Comodo\Firewall\CPF.exe" /background
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoRecentDocsMenu REG_DWORD 1 (0x1)
NoRecentDocsHistory REG_DWORD 1 (0x1)
ClearRecentDocsOnExit REG_DWORD 1 (0x1)
NoUserNameInStartMenu REG_DWORD 1 (0x1)
NoSharedDocuments REG_DWORD 1 (0x1)
NoFavoritesMenu REG_DWORD 1 (0x1)
NoSMMyDocs REG_DWORD 1 (0x1)
NoSMMyPictures REG_DWORD 1 (0x1)
NoStartMenuMyMusic REG_DWORD 1 (0x1)
NoRecentDocsNetHood REG_DWORD 1 (0x1)
NoInstrumentation REG_DWORD 1 (0x1)
NoStartMenuPinnedList REG_DWORD 1 (0x1)
ForceStartMenuLogoff REG_DWORD 1 (0x1)
NoDrives REG_DWORD 0 (0x0)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoSMHelp REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoRecentDocsMenu REG_DWORD 1 (0x1)
NoRecentDocsHistory REG_DWORD 1 (0x1)
NoFavoritesMenu REG_DWORD 1 (0x1)
NoSMMyDocs REG_DWORD 1 (0x1)
NoSMMyPictures REG_DWORD 1 (0x1)
NoStartMenuMyMusic REG_DWORD 1 (0x1)
NoRecentDocsNetHood REG_DWORD 1 (0x1)
NoInstrumentation REG_DWORD 1 (0x1)
NoSimpleStartMenu REG_DWORD 1 (0x1)
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
NoDrives REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoSMHelp REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ STÉPHANE
DefaultUserName REG_SZ Stéphane DADET
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Stéphane DADET
AltDefaultDomainName REG_SZ STÉPHANE
SFCDisable REG_DWORD 0 (0x0)
AutoAdminLogon REG_SZ 0
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\IncrediMail\bin\IMApp.exe REG_SZ C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\StubInstaller.exe REG_SZ C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\WINDOWS\SYSTEM32\FXSCLNT.EXE REG_SZ C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console
C:\Program Files\Guillemot\tools\giWebUpdater.exe REG_SZ C:\Program Files\Guillemot\tools\giWebUpdater.exe:*:Disabled:Guillemot Web Updater
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Magentic\bin\MgImp.exe REG_SZ C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
C:\Program Files\Magentic\bin\Magentic.exe REG_SZ C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
C:\Program Files\Magentic\bin\MgApp.exe REG_SZ C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\fdjeux]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{01A88BB1-1174-41EC-ACCB-963509EAE56B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{238F6F83-B8B4-11CF-8771-00A024541EE3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3A226D85-574D-4272-B73C-DBCAECF709B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4C39376E-FA9D-4349-BACC-D305C1750EF3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{857A17A3-D78B-4E90-A63B-52F5452EC3F0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{22600BF7-021F-4B3B-82BC-DBE4DE4446ED}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{22600BF7-021F-4B3B-82BC-DBE4DE4446ED}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{22600BF7-021F-4B3B-82BC-DBE4DE4446ED}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{22600BF7-021F-4B3B-82BC-DBE4DE4446ED}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://mystart.incredimail.com/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\I386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\I386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ERDNT\cache\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ERDNT\cache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
146 Go total, 72,45 Go libre (49%), 14% fragment‚ (fragmentation du fichier 28%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
Present !! : C:\documents and settings\NetworkService\Application Data\rbuwzv.dat
Present !! : C:\WINDOWS\002610_.tmp
Present !! : C:\WINDOWS\002717_.tmp
Present !! : C:\WINDOWS\002724_.tmp
Present !! : C:\WINDOWS\005415_.tmp
Present !! : C:\WINDOWS\SET115.tmp
Present !! : C:\WINDOWS\SET118.tmp
Present !! : C:\WINDOWS\SET124.tmp
Present !! : C:\WINDOWS\SET573.tmp
Present !! : C:\WINDOWS\SET5D5.tmp
Present !! : C:\WINDOWS\SET693.tmp
Present !! : C:\WINDOWS\System32\config\systemprofile\Application Data\rbuwzv.dat"
Present !! : C:\WINDOWS\System32\drivers\_*_.tmp.dll
Present !! : C:\WINDOWS\System32\rnaph.dll
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\Documents and Settings\St‚phane DADET\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\St‚phane DADET\Application Data\GDIPFONTCACHEV1.DAT

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 07:14:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 7:14:23,45
0
Réponse 16 / 24
Utilisateur anonyme
 
salut :

▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0
Réponse 17 / 24
ste50 Messages postés 53 Statut Membre
 
Lorsque j'ai relancé Kill'em en option Clean au redémarrage du pc un message d'erreur est apparu "windows ne trouve pas le fichier C:\program files\list kill'em\del_reg.bat".
Cependant un rapport est édité mais je ne sais pas si c'est celui que tu attends:

Kill'em by g3n-h@ckm@n 1.5.0.1

User : Stéphane DADET (Administrateurs)
Update on 16/03/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 12:58:20 | 17/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) 4 CPU 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
FW : COMODO Firewall Pro[ Enabled ]2.3.035

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 146,19 Go (72,4 Go free) | NTFS
D:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\snmptrap.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
Quarantined & Deleted !! : C:\documents and settings\NetworkService\Application Data\rbuwzv.dat
Quarantined & Deleted !! : C:\WINDOWS\002610_.tmp
Quarantined & Deleted !! : C:\WINDOWS\002717_.tmp
Quarantined & Deleted !! : C:\WINDOWS\002724_.tmp
Quarantined & Deleted !! : C:\WINDOWS\005415_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET115.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET118.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET124.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET573.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET5D5.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET693.tmp

Quarantined & Deleted !! : C:\WINDOWS\System32\config\systemprofile\Application Data\rbuwzv.dat
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\_003125_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\_005822_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\rnaph.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1023.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1047.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET10E1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET10E2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET10E5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET10EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET10EE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET10F5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET10F8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1115.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1121.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1143.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1144.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1147.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1148.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET114C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1150.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1157.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET115A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1177.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1183.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET11A7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET16D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET16E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET170.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET172.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET174.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET177.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET179.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET17B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET17C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET17E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET17F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET180.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET182.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET184.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET185.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET186.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET187.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET188.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET189.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET190.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET191.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET193.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET195.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET199.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET19A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET19B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET19C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET19F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET201.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET204.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET205.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET210.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET213.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET214.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET215.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET218.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET219.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET21A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET21B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET21D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET21E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET224.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET225.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET226.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET227.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET228.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET22B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET22D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET22E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET22F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET231.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET232.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET234.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET235.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET236.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET237.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET239.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET23F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET241.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET242.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET245.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET246.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET248.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET249.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET24F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET250.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET251.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET253.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET255.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET257.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET258.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET259.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET25C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET25E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET25F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET262.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET264.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET267.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET26F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET270.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET274.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET276.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET277.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET278.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET279.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET27A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET27C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET27D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET27E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET281.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET282.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET283.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET284.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET285.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET286.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET287.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET288.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET289.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET28B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET28C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET28D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET28F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET290.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET291.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET293.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET294.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET295.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET296.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET297.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET29F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2A9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2AF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2B9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2BB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2BC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2BD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2BE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2BF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2C9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2CF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2D9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2DF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2E1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2E2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2E3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2E4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2E8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2E9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2EC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2EE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2EF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2F8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2FA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2FB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2FC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2FE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET2FF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET300.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET301.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET302.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET303.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET304.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET305.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET306.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET307.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET308.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET309.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET30A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET30B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET30D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET30E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET310.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET311.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET312.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET313.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET315.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET316.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET319.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET31A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET31D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET31F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET321.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET322.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET323.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET324.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET325.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET326.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET327.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET328.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET329.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET32A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET32B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET32C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET32D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET32F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET330.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET332.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET333.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET336.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET337.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET338.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET339.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET33A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET33B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET33C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET33E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET33F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET341.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET342.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET343.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET347.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET348.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET34A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET34B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET34E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET34F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET351.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET353.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET354.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET356.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET357.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET358.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET359.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET35A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET35B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET35C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET35D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET35E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET360.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET361.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET362.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET363.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET364.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET367.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET368.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET369.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET36A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET36B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET36C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET36E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET36F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET370.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET371.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET372.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET373.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET374.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET375.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET376.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET377.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET378.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET379.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET37C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET37E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET37F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET380.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET381.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET383.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET384.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET385.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET386.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET387.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET389.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET38A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET38B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET38C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET38E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET38F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET392.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET394.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET395.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET397.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET399.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET39A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET39B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET39C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET39D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET39E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3A9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3AA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3AB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3AC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3AD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3AE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3B9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3BA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3BB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3BC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3BE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3BF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3C8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3CF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3D9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3DA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3DB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3DC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3DD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3DF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3E9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3EC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3EE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3EF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3F9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3FA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3FB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3FC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3FD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET3FF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET400.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET401.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET402.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET403.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET404.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET405.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET406.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET407.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET408.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET409.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET40A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET40B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET40D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET40F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET410.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET411.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET412.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET414.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET415.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET416.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET417.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET418.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET419.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET41F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET420.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET421.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET422.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET423.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET424.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET425.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET426.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET427.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET428.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET429.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET42F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET430.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET431.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET433.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET436.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET437.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET439.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET43A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET43D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET440.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET442.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET443.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET444.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET446.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET448.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET449.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET44A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET44B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET44C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET44D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET44F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET450.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET451.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET452.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET453.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET454.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET455.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET456.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET457.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET458.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET45A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET45E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET45F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET461.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET462.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET463.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET464.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET465.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET466.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET468.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET469.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET46D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET46E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET46F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET470.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET471.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET472.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET473.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET474.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET475.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET476.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET477.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET478.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET479.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET47B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET47C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET47D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET47F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET482.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET483.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET485.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET487.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET489.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET48A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET48B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET48C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET48D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET48F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET490.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET492.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET494.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET495.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET496.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET498.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET499.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET49A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET49E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET49F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4A9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4AC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4AF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4B1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4BA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4BC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4BF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4CA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4CB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4CC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4CF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4D2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4D3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4D4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4D5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4D6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4D8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4D9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4DA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4DB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4DC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4DD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4DF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4E8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4ED.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4EE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4F8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4FA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4FB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4FC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4FD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4FE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET502.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET504.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET506.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET507.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET509.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET50B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET50D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET50E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET510.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET511.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET513.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET516.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET519.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET51B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET51D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET51E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET521.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET523.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET524.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET528.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET529.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET52C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET52D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET52E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET52F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET531.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET532.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET534.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET535.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET537.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET539.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET540.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET543.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET544.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET546.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET547.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET548.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET549.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET551.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET552.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET553.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET555.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET556.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET557.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET558.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET562.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET563.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET564.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET567.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET568.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET569.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET570.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET572.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET573.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET574.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET575.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET578.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET57A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET57D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET57E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET580.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET583.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET584.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET585.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET589.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET58A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET58B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET58C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET58D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET58E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET58F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET590.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET591.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET592.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET593.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET595.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET596.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET597.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET598.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET59A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET59B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5AB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5AF.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5B5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5B8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5B9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5BB.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5BC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5BD.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5C9.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5CE.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5D4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5E4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5E5.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5E6.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5EA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5F3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5F4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5F8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET606.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET607.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET60A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET60E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET610.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET617.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET618.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET619.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET61B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET61C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET61D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET61E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET620.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET622.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET623.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET625.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET628.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET62A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET62F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET630.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET638.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET639.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET63E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET63F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET640.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET643.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET646.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET649.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET64B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET64F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET651.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET652.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET656.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET657.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET65B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET65C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET661.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET666.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET668.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET669.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET66D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET66F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET671.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET675.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\setb8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFE2.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFE3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFE4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFE7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFEC.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFF0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFF7.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFFA.tmp
Quarantined & Deleted !! : C:\Documents and Settings\St‚phane DADET\Application Data\GDIPFONTCACHEV1.DAT

==============
host file OK !
==============

========
Registry
========

Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Qu'en penses-tu?
0
Réponse 18 / 24
Utilisateur anonyme
 
si c'est ca que j'attendais

Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur "all"

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
0
Réponse 19 / 24
ste50 Messages postés 53 Statut Membre
 
voici les liens des rapports:

http://www.cijoint.fr/cjlink.php?file=cj201003/cijy2VR7sJ.txt

http://www.cijoint.fr/cjlink.php?file=cj201003/cijFitUXU2.txt
0
Réponse 20 / 24
Utilisateur anonyme
 
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\System32\ZlibOCX2.dll


* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

▶ clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
[2008/10/19 10:58:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O16 - DPF: {3A226D85-574D-4272-B73C-DBCAECF709B3} http://www.consoclicker.com/TNSClickrb.CAB (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://sell-vehicle.ebay.fr/images/eps/eBay_Enhanced_Picture_Control_v1-0-3-50.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/... (Reg Error: Key error.)
O16 - DPF: fdjeux https://www.fdjeux.net/classes/fdjeux.cab (Reg Error: Key error.)
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD1DCDD

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride"=1

:Files
C:\d4e0460ee35ae7d69a73604cc9
C:\Documents and Settings\Stéphane DADET\idx1.dat
C:\WINDOWS\~tmp.INI


:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0

Discussions similaires

expressions francaises
bifaka -
lanonyme -

4 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses