Trojan skintrim et ralentissement PC
Résolu
catavanana
Messages postés
20
Statut
Membre
-
catavanana Messages postés 20 Statut Membre -
catavanana Messages postés 20 Statut Membre -
Bonjour,
mon PC est infeté par un troyen SKNTRIM et je n'arive pas à m'en débarrasser, quelqu'un peut m'aider ?
Pour info, Win XP SP2 et Norton antivirus
mon PC est infeté par un troyen SKNTRIM et je n'arive pas à m'en débarrasser, quelqu'un peut m'aider ?
Pour info, Win XP SP2 et Norton antivirus
A voir également:
- Trojan skintrim et ralentissement PC
- Ralentissement pc - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
4 réponses
fait un scan avec bit defender free
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
si ca persiste
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
-----------------------
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8, jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît
= Redémarre en mode normal et colle le contenu du rapport de navilog (qui est en option 2)
------------------------------------------
puis cwshredder
https://www.01net.com/
--------------------------------------------------------
utilise aussi pour supprimer tes traces
CCLEANER: (lance un netoyage et repare les clés)
https://www.01net.com/
ensuite:
scan avec des antiespions(en mode sans echec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
ad aware
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
si tout c'est bien passer redemarre en mode normal et desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)
D/puis fait un scan en ligne avec un des suivants: et colle le rapport)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
kaspersky en ligne :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
si ca persiste
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
-----------------------
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1
un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8, jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît
= Redémarre en mode normal et colle le contenu du rapport de navilog (qui est en option 2)
------------------------------------------
puis cwshredder
https://www.01net.com/
--------------------------------------------------------
utilise aussi pour supprimer tes traces
CCLEANER: (lance un netoyage et repare les clés)
https://www.01net.com/
ensuite:
scan avec des antiespions(en mode sans echec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
ad aware
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
si tout c'est bien passer redemarre en mode normal et desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)
D/puis fait un scan en ligne avec un des suivants: et colle le rapport)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
kaspersky en ligne :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
bonsoir jlpjlp,
voici les différents logs demandés !
Search Navipromo version 2.0.3 commencé le 19/06/2007 à 17:34:49,65
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
Clean Navipromo version 2.0.3 commencé le 19/06/2007 à 17:49:17,28
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** Creation backups fichiers trouvés par Blacklight ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
*** Suppression des fichiers trouvés avec Blacklight ***
** 2ème passage **
C:\WINDOWS\system32\xixqepukm_navup.dat absent !
C:\WINDOWS\system32\xixqepukm_navtmp.dat absent !
C:\WINDOWS\system32\xixqepukm_m2s.xml absent !
C:\WINDOWS\system32\xixqepukm.dat trouvé !
Copie C:\WINDOWS\system32\xixqepukm.dat réalise avec succes !
C:\WINDOWS\system32\xixqepukm.dat supprimé !
C:\WINDOWS\system32\xixqepukm_nav.dat trouvé !
Copie C:\WINDOWS\system32\xixqepukm_nav.dat réalise avec succes !
C:\WINDOWS\system32\xixqepukm_nav.dat supprimé !
C:\WINDOWS\system32\xixqepukm_navps.dat trouvé !
Copie C:\WINDOWS\system32\xixqepukm_navps.dat réalise avec succes !
C:\WINDOWS\system32\xixqepukm_navps.dat supprimé !
C:\WINDOWS\prefetch\xixqepukm*.pf trouvé !
Copie C:\WINDOWS\prefetch\xixqepukm*.pf réalise avec succes !
C:\WINDOWS\prefetch\xixqepukm*.pf supprimé !
C:\WINDOWS\system32\xixqepukm.exe trouvé !
Copie C:\WINDOWS\system32\xixqepukm.exe réalise avec succes !
C:\WINDOWS\system32\xixqepukm.exe supprimé !
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\christophe\Application Data ***
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\christophe\Local Settings\Temp effectué !
*** Sauvegarde du registre vers dossier Backupnavi***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Contrôle présence clés Rootkit dans le registre :
Aucune autre clés présente dans le registre !
*** Nettoyage termine le 19/06/2007 à 18:03:26,12 ***
A priori plus de problèmes de trojan et plus de ralentissement : tout semble revenu ok !!
Merciii , merci beaucoup jlpjlp
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\christophe\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
Fichier(s) caché(s) dans C:\WINDOWS\system32 :
Processus caché(s) dans C:\WINDOWS\system32 :
C:\windows\system32\xixqepukm.exe
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
C:\WINDOWS\system32\xixqepukm.dat trouvé !
**
C:\WINDOWS\system32\xixqepukm.dat trouvé !
***
****
*****
******
*******
********
*** Analyse Terminé le 19/06/2007 à 17:36:26,09 ***
Logfile of HijackThis v1.99.1
Scan saved at 17:32:31, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90DD8107-A3F1-45E7-AF5D-24B8B1ABE374}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4CBA8B9-CDFB-43F3-855E-81913DA1AB65}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 19/06/2007 15:14:14
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
D:\
Folders : 8009
Files : 408848
Archives : 9062
Packed files : 13394
Identified viruses : 15
Infected files : 35
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 2
Copied files : 0
Moved files : 32
Renamed files : 0
I/O errors : 38
Scan time : 01:51:08
Scan speed (files/sec) : 61
Virus definitions : 514307
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp=>(Quarantine-2) Infected Win32.Sober.Y@mm
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp=>(Quarantine-2)=>File-packed_dataInfo.exe Infected Win32.Sober.Y@mm
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dl_=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dl_=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dl_ Moved
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dll=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dll=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dll Moved
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\457F0DD5.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\457F0DD5.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457F0DD5.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\27703976.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\27703976.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\27703976.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\02D314A4.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\02D314A4.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\02D314A4.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\458237D2.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\458237D2.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\458237D2.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\6D381775.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\6D381775.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6D381775.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\2B1D23FB.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.CB
C:\Program Files\Norton AntiVirus\Quarantine\2B1D23FB.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2B1D23FB.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\458661CE.exe=>(Quarantine-2) Infected Trojan.Lopad.K
C:\Program Files\Norton AntiVirus\Quarantine\458661CE.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\458661CE.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\33017574.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\33017574.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\33017574.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\73FD3C2F.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\73FD3C2F.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\73FD3C2F.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\1A4A6518.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\1A4A6518.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\1A4A6518.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\79C12F37.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\79C12F37.exe=>(Quarantine-2) Deleted
C:\Program Files\Norton AntiVirus\Quarantine\7400662B.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.DB
C:\Program Files\Norton AntiVirus\Quarantine\7400662B.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\7400662B.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\60124317.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\60124317.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\60124317.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\220C3E8D.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\220C3E8D.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\220C3E8D.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\74031028.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.CB
C:\Program Files\Norton AntiVirus\Quarantine\74031028.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\74031028.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.exe=>(Quarantine-2) Infected Trojan.Dialer.IS
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\647351CB.exe=>(Quarantine-2) Infected Trojan.Dialer.IS
C:\Program Files\Norton AntiVirus\Quarantine\647351CB.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\647351CB.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.tmp=>(Quarantine-2) Infected Trojan.Dialer.IS
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\113D30DE.dl_=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\113D30DE.dl_=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\113D30DE.dl_ Moved
C:\Program Files\Norton AntiVirus\Quarantine\11472ED3.dll=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\11472ED3.dll=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\11472ED3.dll Moved
C:\Program Files\Norton AntiVirus\Quarantine\0461606B.tmp=>(Quarantine-2) Infected Generic.Zlob.FB44D61F
C:\Program Files\Norton AntiVirus\Quarantine\0461606B.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\0461606B.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\1F890C88.exe=>(Quarantine-2) Infected Trojan.Zlob.1.Gen
C:\Program Files\Norton AntiVirus\Quarantine\1F890C88.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\1F890C88.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\384F0D46.tmp=>(Quarantine-2) Infected Generic.Zlob.FB44D61F
C:\Program Files\Norton AntiVirus\Quarantine\384F0D46.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\384F0D46.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe=>(Quarantine-2)=>(Embedded EXE o) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\13C16EF4.dll=>(Quarantine-2) Infected Trojan.Spy.Delf.AR
C:\Program Files\Norton AntiVirus\Quarantine\13C16EF4.dll=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\13C16EF4.dll Moved
C:\Program Files\Norton AntiVirus\Quarantine\05E96205.exe=>(Quarantine-2) Infected Win32.Worm.P2P.Puce.G
C:\Program Files\Norton AntiVirus\Quarantine\05E96205.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\05E96205.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\6E8F49E5.tmp=>(Quarantine-2) Infected Java.Trojan.Exploit.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6E8F49E5.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6E8F49E5.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\6E9373E1.tmp=>(Quarantine-2) Infected Java.Trojan.ClassLoader.K
C:\Program Files\Norton AntiVirus\Quarantine\6E9373E1.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6E9373E1.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\7BD72981.tmp=>(Quarantine-2) Infected Java.Trojan.ClassLoader.K
C:\Program Files\Norton AntiVirus\Quarantine\7BD72981.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\7BD72981.tmp Moved
Ad-Aware 2007 Build
Log File Created on: 2007-06-19 19:03:01
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: ACER-73356C3771
Name of user performing scan: SYSTEM
System information
===========================
Number of processors: 1
Processor type: AMD Sempron(tm) Processor 3000+
Memory Available: 45%
Total Physical Memory: 469221376 Bytes
Available Physical Memory: 210829312 Bytes
Total Page File Size: 1105461248 Bytes
Available On Page File: 928677888 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1990746112 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)
Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3
Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Scanning registry for all users
Using permanent archive caching
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Logging Ad-Aware events
Blocking Pop-Ups aggressively
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Including Ad-aware command line parameters in log file
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Include reference summary in log file
Creating log file for removal operations
Including module info in log file
Include Alternate Data Stream details in log file
Create and save WebUpdate log file
Databaseinfo
===========================
Version number: 4
Build Number: 0
Build Date and Time: 2007/06/19 09:31:50
Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off
Item Scanned: 357365
Infections Detected: 9
Infections Ignored: 0
Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 2 2
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 6 6
File Hash Scan..: 0 0
Infections Found
===========================
Family Id: 926 Name: Win32.Spyware.Acoona Category: Spyware TAI:7
Item Id: 300018719 Value: Root: HKCR Path: clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
Item Id: 300018734 Value: Root: HKLM Path: software\wise solutions\wise installation system\repair\c:/program files/accoona/install1.log
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com vuday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com pv1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com ih /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat estat.com e /
Item Id: 600000000 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat zedo.com PCA319390 /
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\christophe\Recent Count: 1
Items Ignored During Scan
===========================
Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sxs.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\program files\superantispyware\saswinlo.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\imaadp32.acm
c:\windows\system32\msadp32.acm
c:\windows\system32\msg711.acm
c:\windows\system32\msgsm32.acm
c:\windows\system32\tssoft32.acm
c:\windows\system32\tsd32.dll
c:\windows\system32\msg723.acm
c:\windows\system32\msaud32.acm
c:\windows\system32\sl_anet.acm
c:\windows\system32\iac25_32.ax
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
c:\windows\system32\lhacm.acm
c:\windows\system32\vdk32119.acm
c:\windows\system32\mobilev.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\xpsp2res.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\scecli.dll
c:\windows\system32\setupapi.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\program files\lavasoft\ad-aware 2007\update.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\grisoft\avg anti-spyware 7.5\engine.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\esent.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\ncprov.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\browseui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msutb.dll
c:\windows\system32\msctf.dll
c:\progra~1\window~2\wmpband.dll
c:\windows\system32\mpr.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\samlib.dll
c:\windows\system32\msi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\netshell.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\credui.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\mlang.dll
c:\windows\system32\rsaenh.dll
c:\program files\openoffice.org 2.1\program\shlxthdl.dll
c:\program files\openoffice.org 2.1\program\uwinapi.dll
c:\program files\openoffice.org 2.1\program\msvcr71.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\program files\openoffice.org 2.1\program\stlport_vc7145.dll
c:\program files\openoffice.org 2.1\program\msvcp71.dll
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\davclnt.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\secur32.dll
End of Scan Section
===========================
Cleaned Infections
===========================
Root: HKCR Path: clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}, Belonging to Win32.Spyware.Acoona
Root: HKLM Path: software\wise solutions\wise installation system\repair\c:/program files/accoona/install1.log, Belonging to Win32.Spyware.Acoona
End of Cleaned Infections
===========================
Cleaned Infections
===========================
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com uid /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com vuday1 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com pv1 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com ih /, Belonging to Tracking Cookie
MRU Path: C:\Documents and Settings\christophe\Recent Count: 1, Belonging to MRU Object
End of Cleaned Infections
===========================
voici les différents logs demandés !
Search Navipromo version 2.0.3 commencé le 19/06/2007 à 17:34:49,65
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
Clean Navipromo version 2.0.3 commencé le 19/06/2007 à 17:49:17,28
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** Creation backups fichiers trouvés par Blacklight ***
Copie vers "C:\Program Files\navilog1\Backupnavi"
*** Suppression des fichiers trouvés avec Blacklight ***
** 2ème passage **
C:\WINDOWS\system32\xixqepukm_navup.dat absent !
C:\WINDOWS\system32\xixqepukm_navtmp.dat absent !
C:\WINDOWS\system32\xixqepukm_m2s.xml absent !
C:\WINDOWS\system32\xixqepukm.dat trouvé !
Copie C:\WINDOWS\system32\xixqepukm.dat réalise avec succes !
C:\WINDOWS\system32\xixqepukm.dat supprimé !
C:\WINDOWS\system32\xixqepukm_nav.dat trouvé !
Copie C:\WINDOWS\system32\xixqepukm_nav.dat réalise avec succes !
C:\WINDOWS\system32\xixqepukm_nav.dat supprimé !
C:\WINDOWS\system32\xixqepukm_navps.dat trouvé !
Copie C:\WINDOWS\system32\xixqepukm_navps.dat réalise avec succes !
C:\WINDOWS\system32\xixqepukm_navps.dat supprimé !
C:\WINDOWS\prefetch\xixqepukm*.pf trouvé !
Copie C:\WINDOWS\prefetch\xixqepukm*.pf réalise avec succes !
C:\WINDOWS\prefetch\xixqepukm*.pf supprimé !
C:\WINDOWS\system32\xixqepukm.exe trouvé !
Copie C:\WINDOWS\system32\xixqepukm.exe réalise avec succes !
C:\WINDOWS\system32\xixqepukm.exe supprimé !
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\christophe\Application Data ***
*** Suppression fichiers ***
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\christophe\Local Settings\Temp effectué !
*** Sauvegarde du registre vers dossier Backupnavi***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Nettoyage registre Ok
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Contrôle présence clés Rootkit dans le registre :
Aucune autre clés présente dans le registre !
*** Nettoyage termine le 19/06/2007 à 18:03:26,12 ***
A priori plus de problèmes de trojan et plus de ralentissement : tout semble revenu ok !!
Merciii , merci beaucoup jlpjlp
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\christophe\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
Fichier(s) caché(s) dans C:\WINDOWS\system32 :
Processus caché(s) dans C:\WINDOWS\system32 :
C:\windows\system32\xixqepukm.exe
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
C:\WINDOWS\system32\xixqepukm.dat trouvé !
**
C:\WINDOWS\system32\xixqepukm.dat trouvé !
***
****
*****
******
*******
********
*** Analyse Terminé le 19/06/2007 à 17:36:26,09 ***
Logfile of HijackThis v1.99.1
Scan saved at 17:32:31, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{90DD8107-A3F1-45E7-AF5D-24B8B1ABE374}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4CBA8B9-CDFB-43F3-855E-81913DA1AB65}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 19/06/2007 15:14:14
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
D:\
Folders : 8009
Files : 408848
Archives : 9062
Packed files : 13394
Identified viruses : 15
Infected files : 35
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 2
Copied files : 0
Moved files : 32
Renamed files : 0
I/O errors : 38
Scan time : 01:51:08
Scan speed (files/sec) : 61
Virus definitions : 514307
Scan plugins : 14
Archive plugins : 38
Unpack plugins : 6
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp=>(Quarantine-2) Infected Win32.Sober.Y@mm
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp=>(Quarantine-2)=>File-packed_dataInfo.exe Infected Win32.Sober.Y@mm
C:\Program Files\Norton AntiVirus\Quarantine\30DC3816.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dl_=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dl_=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dl_ Moved
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dll=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dll=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.dll Moved
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457C63D9.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\457F0DD5.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\457F0DD5.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\457F0DD5.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\27703976.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\27703976.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\27703976.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\02D314A4.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\02D314A4.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\02D314A4.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\458237D2.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\458237D2.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\458237D2.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\6D381775.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\6D381775.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6D381775.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\2B1D23FB.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.CB
C:\Program Files\Norton AntiVirus\Quarantine\2B1D23FB.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2B1D23FB.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\458661CE.exe=>(Quarantine-2) Infected Trojan.Lopad.K
C:\Program Files\Norton AntiVirus\Quarantine\458661CE.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\458661CE.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\33017574.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\33017574.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\33017574.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\73FD3C2F.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\73FD3C2F.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\73FD3C2F.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\1A4A6518.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\1A4A6518.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\1A4A6518.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\79C12F37.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.BO
C:\Program Files\Norton AntiVirus\Quarantine\79C12F37.exe=>(Quarantine-2) Deleted
C:\Program Files\Norton AntiVirus\Quarantine\7400662B.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.DB
C:\Program Files\Norton AntiVirus\Quarantine\7400662B.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\7400662B.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\60124317.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\60124317.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\60124317.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\220C3E8D.exe=>(Quarantine-2) Infected GenPack:Trojan.Swizzor.GI
C:\Program Files\Norton AntiVirus\Quarantine\220C3E8D.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\220C3E8D.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\74031028.exe=>(Quarantine-2) Infected GenPack:Trojan.Downloader.Swizzor.CB
C:\Program Files\Norton AntiVirus\Quarantine\74031028.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\74031028.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.exe=>(Quarantine-2) Infected Trojan.Dialer.IS
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\647351CB.exe=>(Quarantine-2) Infected Trojan.Dialer.IS
C:\Program Files\Norton AntiVirus\Quarantine\647351CB.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\647351CB.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.tmp=>(Quarantine-2) Infected Trojan.Dialer.IS
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\2FCD639F.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\113D30DE.dl_=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\113D30DE.dl_=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\113D30DE.dl_ Moved
C:\Program Files\Norton AntiVirus\Quarantine\11472ED3.dll=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\11472ED3.dll=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\11472ED3.dll Moved
C:\Program Files\Norton AntiVirus\Quarantine\0461606B.tmp=>(Quarantine-2) Infected Generic.Zlob.FB44D61F
C:\Program Files\Norton AntiVirus\Quarantine\0461606B.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\0461606B.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\1F890C88.exe=>(Quarantine-2) Infected Trojan.Zlob.1.Gen
C:\Program Files\Norton AntiVirus\Quarantine\1F890C88.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\1F890C88.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\384F0D46.tmp=>(Quarantine-2) Infected Generic.Zlob.FB44D61F
C:\Program Files\Norton AntiVirus\Quarantine\384F0D46.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\384F0D46.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe=>(Quarantine-2) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe=>(Quarantine-2)=>(Embedded EXE o) Infected Trojan.Dialer.FU
C:\Program Files\Norton AntiVirus\Quarantine\37FC20ED.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\13C16EF4.dll=>(Quarantine-2) Infected Trojan.Spy.Delf.AR
C:\Program Files\Norton AntiVirus\Quarantine\13C16EF4.dll=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\13C16EF4.dll Moved
C:\Program Files\Norton AntiVirus\Quarantine\05E96205.exe=>(Quarantine-2) Infected Win32.Worm.P2P.Puce.G
C:\Program Files\Norton AntiVirus\Quarantine\05E96205.exe=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\05E96205.exe Moved
C:\Program Files\Norton AntiVirus\Quarantine\6E8F49E5.tmp=>(Quarantine-2) Infected Java.Trojan.Exploit.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\6E8F49E5.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6E8F49E5.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\6E9373E1.tmp=>(Quarantine-2) Infected Java.Trojan.ClassLoader.K
C:\Program Files\Norton AntiVirus\Quarantine\6E9373E1.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\6E9373E1.tmp Moved
C:\Program Files\Norton AntiVirus\Quarantine\7BD72981.tmp=>(Quarantine-2) Infected Java.Trojan.ClassLoader.K
C:\Program Files\Norton AntiVirus\Quarantine\7BD72981.tmp=>(Quarantine-2) Disinfection failed
C:\Program Files\Norton AntiVirus\Quarantine\7BD72981.tmp Moved
Ad-Aware 2007 Build
Log File Created on: 2007-06-19 19:03:01
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: ACER-73356C3771
Name of user performing scan: SYSTEM
System information
===========================
Number of processors: 1
Processor type: AMD Sempron(tm) Processor 3000+
Memory Available: 45%
Total Physical Memory: 469221376 Bytes
Available Physical Memory: 210829312 Bytes
Total Page File Size: 1105461248 Bytes
Available On Page File: 928677888 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1990746112 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)
Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3
Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Scanning registry for all users
Using permanent archive caching
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Logging Ad-Aware events
Blocking Pop-Ups aggressively
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Including Ad-aware command line parameters in log file
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Include reference summary in log file
Creating log file for removal operations
Including module info in log file
Include Alternate Data Stream details in log file
Create and save WebUpdate log file
Databaseinfo
===========================
Version number: 4
Build Number: 0
Build Date and Time: 2007/06/19 09:31:50
Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off
Item Scanned: 357365
Infections Detected: 9
Infections Ignored: 0
Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 2 2
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 6 6
File Hash Scan..: 0 0
Infections Found
===========================
Family Id: 926 Name: Win32.Spyware.Acoona Category: Spyware TAI:7
Item Id: 300018719 Value: Root: HKCR Path: clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}
Item Id: 300018734 Value: Root: HKLM Path: software\wise solutions\wise installation system\repair\c:/program files/accoona/install1.log
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com vuday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com pv1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com ih /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat estat.com e /
Item Id: 600000000 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat zedo.com PCA319390 /
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\christophe\Recent Count: 1
Items Ignored During Scan
===========================
Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sxs.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\program files\superantispyware\saswinlo.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\imaadp32.acm
c:\windows\system32\msadp32.acm
c:\windows\system32\msg711.acm
c:\windows\system32\msgsm32.acm
c:\windows\system32\tssoft32.acm
c:\windows\system32\tsd32.dll
c:\windows\system32\msg723.acm
c:\windows\system32\msaud32.acm
c:\windows\system32\sl_anet.acm
c:\windows\system32\iac25_32.ax
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
c:\windows\system32\lhacm.acm
c:\windows\system32\vdk32119.acm
c:\windows\system32\mobilev.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\xpsp2res.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\scecli.dll
c:\windows\system32\setupapi.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\program files\lavasoft\ad-aware 2007\update.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\grisoft\avg anti-spyware 7.5\engine.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\esent.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\ncprov.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\browseui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msutb.dll
c:\windows\system32\msctf.dll
c:\progra~1\window~2\wmpband.dll
c:\windows\system32\mpr.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\samlib.dll
c:\windows\system32\msi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\netshell.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\credui.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\mlang.dll
c:\windows\system32\rsaenh.dll
c:\program files\openoffice.org 2.1\program\shlxthdl.dll
c:\program files\openoffice.org 2.1\program\uwinapi.dll
c:\program files\openoffice.org 2.1\program\msvcr71.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\program files\openoffice.org 2.1\program\stlport_vc7145.dll
c:\program files\openoffice.org 2.1\program\msvcp71.dll
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\davclnt.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\secur32.dll
End of Scan Section
===========================
Cleaned Infections
===========================
Root: HKCR Path: clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}, Belonging to Win32.Spyware.Acoona
Root: HKLM Path: software\wise solutions\wise installation system\repair\c:/program files/accoona/install1.log, Belonging to Win32.Spyware.Acoona
End of Cleaned Infections
===========================
Cleaned Infections
===========================
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com uid /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com vuday1 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com pv1 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\cécile\Cookies\index.dat ad.yieldmanager.com ih /, Belonging to Tracking Cookie
MRU Path: C:\Documents and Settings\christophe\Recent Count: 1, Belonging to MRU Object
End of Cleaned Infections
===========================
