Trojan win32:small-EK, Win32:agent-IU, Win32

Trojan win32:small-EK, Win32:agent-IU, Win32-AJH

Avast a repéré ces différents Trojan j'ai essayé de les enlever à travers les antivirus on-line (la plupart n'ont pas marché), au départ bitdefender à planter, et ewido a planté aussi, en utisant ewido on-line, ca a permis après de pouvoir lancer Bitdefender qui a enlevé encore des choses, puis ewido, classique et ensuite j'ai lancé spy-bot etc. Mais en voulant redémarer, ca fait planté le système je suis obligé de lancer une restauration pour faire démarrer l'ordinateur. Voilà je suppose qu'il doit rester des trucs (trucs est un mot pour signaler ma méconnaissance de l'informatique). J'espère avoir été le plus complet dans mon explication. A noter également que mon ordinateur souffre d'une certaine lenteur le CPU usage est souvent à1 00%

Voici donc les rapports obtenur de bitdefender, ewido et hija...

BitDefender Online Scanner







Rapport d'analyse généré à: Mon, Aug 07, 2006 - 20:42:38









Voie d'analyse: C:\Documents and Settings\Florian\My Documents;C:\Documents and Settings\Sarah\My Documents;C:\Documents and Settings\All Users\Documents;A:\;C:\;E:\;F:\;C:\Documents and Settings\Florian\My Documents\Documents;C:\Documents and Settings\Florian\My Documents\Mes sites Web;C:\Documents and Settings\Florian\My Documents\My Music;C:\Documents and Settings\Florian\My Documents\My Pictures;C:\Documents and Settings\Florian\My Documents\My Received Files;C:\Documents and Settings\Florian\My Documents\My Videos;C:\Documents and Settings\Florian\Desktop\Site internet;C:\Documents and Settings\Florian\Desktop\Site_sauvegarde;















Statistiques

Temps


02:16:50

Fichiers


295004

Directoires


7503

Secteurs de boot


3

Archives


8771

Paquets programmes


30178







Résultats

Virus identifiés


15

Fichiers infectés


22

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


22







Info sur les moteurs

Définition virus


429990

Version des moteurs


AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Analyse des plugins


13

Archive des plugins


39

Unpack des plugins


5

E-mail plugins


6

Système plugins


1







Paramètres d'analyse

Première action


Message

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


*;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>BlackBox.class


Infecté par: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>BlackBox.class


Supprimé

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)


Mis à jour

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>VerifierBug.class


Infecté par: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>VerifierBug.class


Supprimé

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)


Mis à jour

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>Dummy.class


Infecté par: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>Dummy.class


Supprimé

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)


Mis à jour

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>Beyond.class


Infecté par: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)=>Beyond.class


Supprimé

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772=>(Quarantine-4)


Mis à jour

C:\Documents and Settings\Florian\.housecall\Quarantine\count.jar-5c9ed667-4d022131.zip.bac_a00772


Echec de la mise à jour

C:\Documents and Settings\Florian\Desktop\DofusInstaller_v1_14_1.exe=>(NSIS o)=>zlib_nsis0016


Nettoyé

C:\Documents and Settings\Florian\Desktop\DofusInstaller_v1_14_1.exe=>(NSIS o)=>zlib_nsis0017


Nettoyé

C:\Documents and Settings\Florian\Desktop\DofusInstaller_v1_14_1.exe=>(NSIS o)=>zlib_nsis0018


Nettoyé

C:\Documents and Settings\Florian\Desktop\DofusInstaller_v1_14_1.exe=>(NSIS o)=>zlib_nsis0019


Nettoyé

C:\Documents and Settings\Florian\Local Settings\Temp\ewido_quarantine\filE7654AC4.dat=>(gzip)


Infecté par: Trojan.Agent.UV

C:\Documents and Settings\Florian\Local Settings\Temp\ewido_quarantine\filE7654AC4.dat=>(gzip)


Supprimé

C:\Documents and Settings\Florian\Local Settings\Temp\ewido_quarantine\filE7654AC4.dat


Echec de la mise à jour

C:\Program Files\eMule\Incoming\Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04.rar=>WPA_Kill.exe


Infecté par: Virtool.Wpakill.AK

C:\Program Files\eMule\Incoming\Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04.rar=>WPA_Kill.exe


Supprimé

C:\Program Files\eMule\Incoming\Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04.rar


Echec de la mise à jour

C:\Program Files\eMule\Incoming\Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04.rar=>Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04\WPA_Kill.exe


Infecté par: Virtool.Wpakill.AK

C:\Program Files\eMule\Incoming\Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04.rar=>Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04\WPA_Kill.exe


Supprimé

C:\Program Files\eMule\Incoming\Windows XP SP2 Service Pack 2 Anti Product Activation Crack 2.0.1 New Version Release 18.10.04.rar


Echec de la mise à jour

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP173\A0033179.exe


Infecté par: MemScan:Trojan.Downloader.Agent.ACH

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP173\A0033179.exe


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP173\A0036193.exe


Infecté par: MemScan:Trojan.Downloader.Agent.ACH

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP173\A0036193.exe


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP183\S0037633.Acl


Infecté par: Win32.MyPics.A@mm

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP183\S0037633.Acl


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP186\S0038983.Acl


Infecté par: Win32.MyPics.A@mm

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP186\S0038983.Acl


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051648.dll


Infecté par: Trojan.Clicker.Agent.AC

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051648.dll


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051649.exe


Infecté par: Trojan.Small.BM

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051649.exe


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051650.exe


Infecté par: Trojan.Downloader.FFZ

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051650.exe


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051651.exe


Infecté par: Trojan.Downloader.CZO

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051651.exe


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051652.exe


Infecté par: Trojan.Downloader.Mohbpork.B

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051652.exe


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051654.exe


Infecté par: Win32.FpuJunk.2

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051654.exe


Supprimé

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051655.exe


Infecté par: Trojan.Downloader.Tibs.GC

C:\System Volume Information\_restore{2EAEC663-5129-47D2-8EB7-A68D3C42095C}\RP209\A0051655.exe


Supprimé

C:\WINDOWS\system32\fcmjg.exe


Infecté par: MemScan:Trojan.Downloader.Agent.ACH

C:\WINDOWS\system32\fcmjg.exe


Supprimé

C:\WINDOWS\system32\vxgame1.exe


Infecté par: Backdoor.Newartm.A

C:\WINDOWS\system32\vxgame1.exe


Supprimé

C:\WINDOWS\system32\{D946C325-9CCE-4785-8332-5E54EC92495F}.exe


Infecté par: Trojan.FakeAlert.CR

C:\WINDOWS\system32\{D946C325-9CCE-4785-8332-5E54EC92495F}.exe


Supprimé

C:\WINDOWS\__delete_on_reboot__x_p_u_p_d_a_t_e_._e_x_e_


Infecté par: Trojan.Downloader.Tibs.GC

C:\WINDOWS\__delete_on_reboot__x_p_u_p_d_a_t_e_._e_x_e_


Supprimé

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:05:00 07.08.2006

+ Scan result:



:mozilla.63:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.64:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.65:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.66:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.16:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.17:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.51:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.52:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.74:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.78:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.48:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.49:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.50:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Smartadserver : No action taken.
:mozilla.43:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.44:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.45:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.10:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.11:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.9:C:\Documents and Settings\Florian\Application Data\Mozilla\Firefox\Profiles\61cm7crb.Florian\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 22:27:49, on 07.08.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\WMonitor\WLanCfgAB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Florian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.251.162.101/~google/r.php# ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER ATTENTION SITE INTERDIT AUX MINEURS cliquez sur OUI pour ENTRER
R3 - URLSearchHook: (no name) - {666CDF12-3AD6-75E8-289E-76A927E4BFCB} - systemdll.dll (file missing)
R3 - URLSearchHook: (no name) - {F58BEE4B-5591-9AFE-5908-94FCBE563D8B} - driver32.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WLanCfgAB.exe] C:\Program Files\WMonitor\WLanCfgAB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{113D004D-A1E3-4E01-8158-C5F082BCF0A5}: NameServer = 85.255.114.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B03F37A-C76C-4FDB-8320-BF3116C51FB4}: NameServer = 85.255.114.62
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.62 85.255.112.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{113D004D-A1E3-4E01-8158-C5F082BCF0A5}: NameServer = 85.255.114.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.62 85.255.112.70
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe