A voir également:
- Msg pour kris6943
- Recuperer msg supprimé whatsapp - Guide
- Msg gratuit - Guide
- Cmd msg ✓ - Forum Réseau
- Extension msg - Forum Logiciels
- Ouvrir .msg sur mac - Forum MacOS
20 réponses
DeNisCoOl
Messages postés
2802
Date d'inscription
vendredi 19 août 2005
Statut
Membre
Dernière intervention
28 février 2011
224
23 août 2007 à 07:18
23 août 2007 à 07:18
Salut vehement,
Je me permet d'intervenir j'avais commencé à te répondre mais visiblement je me trompais a-squared a trouvé quelque chose.
Je connais assez bien Kaspersky je connais cette fenêtre de détection Invader je pensais que c'était une alerte de routine pour prévenir un risque potentiel.
Mais stp pourrais tu éviter de créer différent poste pour le même problème car il faut, aller à droite à gauche pour suivre ton problème.
En tout cas si tu veux recevoir de l'aide c'est la meilleur façon de procéder, sinon tu vas perdre ton temps et le notre.
il semble y avoir 1 adaware et 1 trojan dans le manuel d'utilisation de ton logiciel System Mechanic Professional 6 (pas gentil ces messieurs de iolo)
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{2E5BF31C-E816-4078-B0BB-CBB5152CB14E}.bak/{2E5BF31C-E816-4078-B0BB-CBB5152CB14E}.bak Détecter: Adware.Win32.BHO.av
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{8D26CB7B-21A9-4223-AABE-39F5AF2784A2}.bak/{8D26CB7B-21A9-4223-AABE-39F5AF2784A2}.bak Détecter: Adware.Win32.BHO.av
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{BA03F144-5A46-4E21-BA55-23DA3D5B9959}.bak/{BA03F144-5A46-4E21-BA55-23DA3D5B9959}.bak Détecter: Trojan.Win32.AddUser.o
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{C74CCC16-B3EB-4A26-95F0-869A338B4FB0}.bak/{C74CCC16-B3EB-4A26-95F0-869A338B4FB0}.bak Détecter: Trojan.Win32.AddUser.o
mIRC dans bureau et dans la restauration sur le disque C: et ton backup E: j'imagines? (pas dangereux tu peux ignorer, mIRC étant une passoire a-squared ne l'aime pas)
C:\Documents and Settings\Yannick\Bureau\mIRC\mirc.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
C:\System Volume Information\_restore{7FB53B00-BCE1-44E0-8057-95493260CDF8}\RP311\A0421787.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
E:\share or fuck you\music\extrem metal\ALL ON MIRC PROGRAM and setting video mirc and setting omenserve\SET UP program mirc\mirc621.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
E:\System Volume Information\_restore{7FB53B00-BCE1-44E0-8057-95493260CDF8}\RP311\A0421788.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
Si tu n'utilises plus mirc et si tu n'as pas besoin du manuel d'utilisation System Mechanic Professional 6 tu peux tout effacer.
Kaspersky ne considère pas mIRC comme dangereux donc il ne dit rien, c'est ce qui peut passer à travers mIRC que Kaspersky va bloquer.
A-squared le note comme Riskware (à risque c'est tout).
Pour ton autre logiciel c'est peut être identique.
Pour être vraiment sure, je passes tout en revu, certaines choses seront inutile ou te paraitront saugrenue mais il faut en parler pareil.
As tu encore kaspersky 6.0?
AVG7.5 l'as tu installé également avec Kaspersky?
Si oui à éviter absolument, car avoir 2 AV ralenti énormément l'ordi et réduit de beaucoup leur efficacité c'est l'effet inverse qu'escompté.
Si Kaspersky ne trouve rien, essayes 1 ou 2 de ces scan en ligne pour commencer (sur IE seulement).
F-secure http://support.f-secure.com/enu/home/ols.shtml
Nod32 Eset : https://www.eset.com/int/home/online-scanner/?i_agree=14
Bitdefender http://www.bitdefender.fr/scan_fr/scan8/ie.html
Vérifier que aucun logiciel suspect n'est présent.
C'est la méthode la plus simple et la plus rapide.
Démarrer/panneau de configuration
Ensuite, double cliquez sur « Ajout/Suppression de programmes ». Désinstallez tout programme inconnu ou malveillant. Pour vous aidez, tapez son nom dans Google. Si Google ne trouve rien, à supprimer directement.
-Spybot pour enlever les spywares https://www.safer-networking.org/download/
Voici son tutorial:
http://www.safer-networking.org/fr/tutorial/index.html
-CCleaner (en français) pour nettoyer les fichiers temporaires, cookies... ainsi que les clefs de la base de registre inutile.
https://filehippo.com/download_ccleaner/?2927
Pendant l'installation décocher l'option de la barre yahoo.
Son tutoriel en anglais: https://www.ccleaner.com/ccleaner/help
Une fois installé, aller dans Options/Propriétés/ Effacement sécurisé du fichier (lent) Type NSA (7 Passages).
C'est la meilleure config.
Bouton nettoyer, appuyer sur Analyse ensuite Lancer le nettoyage.
Ensuite sur le bouton Erreurs (base de registre) répéter 2 fois les étapes suivantes:
Chercher les erreurs- Réparer les erreurs sélectionnées
Ne pas oublier de sauvegarder au cas ou il supprimerait une mauvaise clef (peu probable)
Adaware2007 nouvelle version en anglais uniquement, mais très simple (appuyer sur cancel quand il demande les numéros de série pour avoir la version gratuite).
La première fois, appuyer sur le bouton update il va demander si vous voulez exécuter update cliquer yes.
Ensuite appuyer sur scan et la première fois, cocher full scan et appuyer sur scan (la fois suivante cocher smart scan, ce sera un scan des zones principales).
Ensuite
- Télécharger HiJackThis : http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html
- Renommer le fichier HiJackThis.exe en Scanner.exe pour cela, faire un clic droit sur le fichier HiJackThis.exe et choisir renommer dans la liste
- Taper Scanner.exe et Appuyer sur la touche Entrée.
- Génère un rapport en suivant ces indications :
- Double-clic sur Scanner.exe
- Exécuter le et cliquer sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Coller le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -
Cordialement,
Denis
Je me permet d'intervenir j'avais commencé à te répondre mais visiblement je me trompais a-squared a trouvé quelque chose.
Je connais assez bien Kaspersky je connais cette fenêtre de détection Invader je pensais que c'était une alerte de routine pour prévenir un risque potentiel.
Mais stp pourrais tu éviter de créer différent poste pour le même problème car il faut, aller à droite à gauche pour suivre ton problème.
En tout cas si tu veux recevoir de l'aide c'est la meilleur façon de procéder, sinon tu vas perdre ton temps et le notre.
il semble y avoir 1 adaware et 1 trojan dans le manuel d'utilisation de ton logiciel System Mechanic Professional 6 (pas gentil ces messieurs de iolo)
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{2E5BF31C-E816-4078-B0BB-CBB5152CB14E}.bak/{2E5BF31C-E816-4078-B0BB-CBB5152CB14E}.bak Détecter: Adware.Win32.BHO.av
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{8D26CB7B-21A9-4223-AABE-39F5AF2784A2}.bak/{8D26CB7B-21A9-4223-AABE-39F5AF2784A2}.bak Détecter: Adware.Win32.BHO.av
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{BA03F144-5A46-4E21-BA55-23DA3D5B9959}.bak/{BA03F144-5A46-4E21-BA55-23DA3D5B9959}.bak Détecter: Trojan.Win32.AddUser.o
C:\Program Files\iolo\System Mechanic Professional 6\Undo\Manual\{22578B53-ED79-4C10-8B46-C8E6F49BF8CA}\{C74CCC16-B3EB-4A26-95F0-869A338B4FB0}.bak/{C74CCC16-B3EB-4A26-95F0-869A338B4FB0}.bak Détecter: Trojan.Win32.AddUser.o
mIRC dans bureau et dans la restauration sur le disque C: et ton backup E: j'imagines? (pas dangereux tu peux ignorer, mIRC étant une passoire a-squared ne l'aime pas)
C:\Documents and Settings\Yannick\Bureau\mIRC\mirc.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
C:\System Volume Information\_restore{7FB53B00-BCE1-44E0-8057-95493260CDF8}\RP311\A0421787.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
E:\share or fuck you\music\extrem metal\ALL ON MIRC PROGRAM and setting video mirc and setting omenserve\SET UP program mirc\mirc621.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
E:\System Volume Information\_restore{7FB53B00-BCE1-44E0-8057-95493260CDF8}\RP311\A0421788.exe Détecter: Riskware.Client-IRC.Win32.mIRC.621
Si tu n'utilises plus mirc et si tu n'as pas besoin du manuel d'utilisation System Mechanic Professional 6 tu peux tout effacer.
Kaspersky ne considère pas mIRC comme dangereux donc il ne dit rien, c'est ce qui peut passer à travers mIRC que Kaspersky va bloquer.
A-squared le note comme Riskware (à risque c'est tout).
Pour ton autre logiciel c'est peut être identique.
Pour être vraiment sure, je passes tout en revu, certaines choses seront inutile ou te paraitront saugrenue mais il faut en parler pareil.
As tu encore kaspersky 6.0?
AVG7.5 l'as tu installé également avec Kaspersky?
Si oui à éviter absolument, car avoir 2 AV ralenti énormément l'ordi et réduit de beaucoup leur efficacité c'est l'effet inverse qu'escompté.
Si Kaspersky ne trouve rien, essayes 1 ou 2 de ces scan en ligne pour commencer (sur IE seulement).
F-secure http://support.f-secure.com/enu/home/ols.shtml
Nod32 Eset : https://www.eset.com/int/home/online-scanner/?i_agree=14
Bitdefender http://www.bitdefender.fr/scan_fr/scan8/ie.html
Vérifier que aucun logiciel suspect n'est présent.
C'est la méthode la plus simple et la plus rapide.
Démarrer/panneau de configuration
Ensuite, double cliquez sur « Ajout/Suppression de programmes ». Désinstallez tout programme inconnu ou malveillant. Pour vous aidez, tapez son nom dans Google. Si Google ne trouve rien, à supprimer directement.
-Spybot pour enlever les spywares https://www.safer-networking.org/download/
Voici son tutorial:
http://www.safer-networking.org/fr/tutorial/index.html
-CCleaner (en français) pour nettoyer les fichiers temporaires, cookies... ainsi que les clefs de la base de registre inutile.
https://filehippo.com/download_ccleaner/?2927
Pendant l'installation décocher l'option de la barre yahoo.
Son tutoriel en anglais: https://www.ccleaner.com/ccleaner/help
Une fois installé, aller dans Options/Propriétés/ Effacement sécurisé du fichier (lent) Type NSA (7 Passages).
C'est la meilleure config.
Bouton nettoyer, appuyer sur Analyse ensuite Lancer le nettoyage.
Ensuite sur le bouton Erreurs (base de registre) répéter 2 fois les étapes suivantes:
Chercher les erreurs- Réparer les erreurs sélectionnées
Ne pas oublier de sauvegarder au cas ou il supprimerait une mauvaise clef (peu probable)
Adaware2007 nouvelle version en anglais uniquement, mais très simple (appuyer sur cancel quand il demande les numéros de série pour avoir la version gratuite).
La première fois, appuyer sur le bouton update il va demander si vous voulez exécuter update cliquer yes.
Ensuite appuyer sur scan et la première fois, cocher full scan et appuyer sur scan (la fois suivante cocher smart scan, ce sera un scan des zones principales).
Ensuite
- Télécharger HiJackThis : http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html
- Renommer le fichier HiJackThis.exe en Scanner.exe pour cela, faire un clic droit sur le fichier HiJackThis.exe et choisir renommer dans la liste
- Taper Scanner.exe et Appuyer sur la touche Entrée.
- Génère un rapport en suivant ces indications :
- Double-clic sur Scanner.exe
- Exécuter le et cliquer sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Coller le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -
Cordialement,
Denis
salut denis
jai fais toute se que tu ma di,le scan avec bit defender cour a sa fin me manque dinstaller le cleaner et reparer les degat causer,oui je sais tu ma di de paster un log de higthjackthis a la fin mais ma raison pour laquel je t ecris es pour tavertir que le link f-secure que tu ma donner es infecter par un trojan mon kaspersky la heureusement blocker,et pour se qui es des 2 anti virus non jai oublier de specifier que c etais avg7.5 anti spy ;),alors fais gaffe a se link,je te poste le log higthjackthis a la fin,ta reponse se averer pas mal plus efficace que toute tes coequipier merci bcp a date bitdefender a effacer un autre virus,mais la chose que je ne comprend pas ses comment ai je pu etre infecter comme ca je download pas dans explorer je ne download que dans mirc et ses des personne que je connais mes files de music nes pas infecter ou puis-je bien avoir ete infecter comme ca,entk je fini ce que tu ma indiquer mais mes program lag toujours je vais regarder par la fin ce que donne tes conseille et si jeprouve encore de la difficuleter je recommunic avec toi,je vais te poster comme jai di le log higjackthis quand tout ca sera fini.merci infiniment denis mon pc va deja bcp mieu;)
Vehement
jai fais toute se que tu ma di,le scan avec bit defender cour a sa fin me manque dinstaller le cleaner et reparer les degat causer,oui je sais tu ma di de paster un log de higthjackthis a la fin mais ma raison pour laquel je t ecris es pour tavertir que le link f-secure que tu ma donner es infecter par un trojan mon kaspersky la heureusement blocker,et pour se qui es des 2 anti virus non jai oublier de specifier que c etais avg7.5 anti spy ;),alors fais gaffe a se link,je te poste le log higthjackthis a la fin,ta reponse se averer pas mal plus efficace que toute tes coequipier merci bcp a date bitdefender a effacer un autre virus,mais la chose que je ne comprend pas ses comment ai je pu etre infecter comme ca je download pas dans explorer je ne download que dans mirc et ses des personne que je connais mes files de music nes pas infecter ou puis-je bien avoir ete infecter comme ca,entk je fini ce que tu ma indiquer mais mes program lag toujours je vais regarder par la fin ce que donne tes conseille et si jeprouve encore de la difficuleter je recommunic avec toi,je vais te poster comme jai di le log higjackthis quand tout ca sera fini.merci infiniment denis mon pc va deja bcp mieu;)
Vehement
bon voila le log hijackthis
mon ordi a deja gagner de la vitesse
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:57, on 2007-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
c:\program files\softwin\bitdefender9\vsserv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Yannick\Bureau\scanner.exe\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxymicrosoft.com:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\program files\softwin\bitdefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
mon ordi a deja gagner de la vitesse
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:57, on 2007-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
c:\program files\softwin\bitdefender9\vsserv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Yannick\Bureau\scanner.exe\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxymicrosoft.com:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\program files\softwin\bitdefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
DeNisCoOl
Messages postés
2802
Date d'inscription
vendredi 19 août 2005
Statut
Membre
Dernière intervention
28 février 2011
224
24 août 2007 à 06:10
24 août 2007 à 06:10
Vehement,
Il ne semble rien avoir, une seule chose mineur inutile c'est tout.
Fermes tes applications et ton navigateur.
ouvre HiJackthis
Coche la ligne suivante et Fix checked.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
tu peux aussi cocher les lignes suivantes pour diminuer le nombre de services qui tourne par défaut sur ton ordi (camera et souris logitech) cela permet d'avoir un accès plus rapide vers des paramètres ou un démarrage plus rapide la plupart du temps. si tu penses que tu n'en as pas besoin alors fix checked.
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Puis redémarre.
Pour ce qui est de f-secure le lien et l'installation sont sans danger, c'est un lien que j'utilise régulièrement et Kaspersky 7 ne dit plus rien depuis que je lui ai dit qu'il pouvait l'accepter.
Lis bien le message qu'il affiche.
Quand Kaspersky ne couine pas comme un porc que l'on va égorgé ce n'est pas un virus dangereux la plupart du temps, il faut juste vérifier ce qui a été bloqué.
F-Secure installe une application activeX, qui dans certains cas peut être un virus, mais pas dans le cas présent.
C'est toujours toi qui décide en dernier ressort de ce qu'il doit bloquer, lui ne fait que te dire ahhh là il y a peut être un problème, en quelque sorte il te demande, dis moi quoi faire.
Vas dans les paramètres ou la configuration de Kaspersky pour supprimer f-secure dans le menu menace et exclusions, règles d'exception ou quelque chose s'en rapprochant.
C'est toujours toi le boss de ton ordinateur.
Pour ton infection, il n'y pas longtemps je pensais avoir téléchargé un mp3 et c'était un virus.
Je l'avais oublié dans mon ordi je ne l'avais pas fait jouer, et quand j'ai voulu l'ouvrir Kaspersky a déclenché.
et mIRC je connais bien il y a des fenêtres pop up parfois qui s'ouvre et si on ne fait pas attention on charge quelque chose sans le savoir.
certains site internet peuvent être infecté, des logiciels, des jeux sans le savoir on s'infecte très facilement.
mais il y a différent niveau de menace, il ne faut pas paniquer.
sur 500 000 signatures de menaces en tout genre, il y en a peut être 500-1000 de vraiment dangereuses pour ton ordinateur, le reste c'est des menaces dérangeante pas plus, qui font perdre du temps.
Kaspersky AV n'a pas d'antispyware, juste la version security.
Pour cela spybot, a-squared, adaware sont utile, pour compléter ta panoplie.
Bye bye,
Denis
Il ne semble rien avoir, une seule chose mineur inutile c'est tout.
Fermes tes applications et ton navigateur.
ouvre HiJackthis
Coche la ligne suivante et Fix checked.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
tu peux aussi cocher les lignes suivantes pour diminuer le nombre de services qui tourne par défaut sur ton ordi (camera et souris logitech) cela permet d'avoir un accès plus rapide vers des paramètres ou un démarrage plus rapide la plupart du temps. si tu penses que tu n'en as pas besoin alors fix checked.
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Puis redémarre.
Pour ce qui est de f-secure le lien et l'installation sont sans danger, c'est un lien que j'utilise régulièrement et Kaspersky 7 ne dit plus rien depuis que je lui ai dit qu'il pouvait l'accepter.
Lis bien le message qu'il affiche.
Quand Kaspersky ne couine pas comme un porc que l'on va égorgé ce n'est pas un virus dangereux la plupart du temps, il faut juste vérifier ce qui a été bloqué.
F-Secure installe une application activeX, qui dans certains cas peut être un virus, mais pas dans le cas présent.
C'est toujours toi qui décide en dernier ressort de ce qu'il doit bloquer, lui ne fait que te dire ahhh là il y a peut être un problème, en quelque sorte il te demande, dis moi quoi faire.
Vas dans les paramètres ou la configuration de Kaspersky pour supprimer f-secure dans le menu menace et exclusions, règles d'exception ou quelque chose s'en rapprochant.
C'est toujours toi le boss de ton ordinateur.
Pour ton infection, il n'y pas longtemps je pensais avoir téléchargé un mp3 et c'était un virus.
Je l'avais oublié dans mon ordi je ne l'avais pas fait jouer, et quand j'ai voulu l'ouvrir Kaspersky a déclenché.
et mIRC je connais bien il y a des fenêtres pop up parfois qui s'ouvre et si on ne fait pas attention on charge quelque chose sans le savoir.
certains site internet peuvent être infecté, des logiciels, des jeux sans le savoir on s'infecte très facilement.
mais il y a différent niveau de menace, il ne faut pas paniquer.
sur 500 000 signatures de menaces en tout genre, il y en a peut être 500-1000 de vraiment dangereuses pour ton ordinateur, le reste c'est des menaces dérangeante pas plus, qui font perdre du temps.
Kaspersky AV n'a pas d'antispyware, juste la version security.
Pour cela spybot, a-squared, adaware sont utile, pour compléter ta panoplie.
Bye bye,
Denis
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonsoir denis car ici il fais nuit au canada
je ne sais pas comment de scan jai pu faire mais jai enfin trouver quelque chose jai le log kaspersky je sais pas pourquoi il ne trouvais rien mais entk je te paste le log je ne comprend pas pourquoi jai autant de vermine dans mon pc comme ca ,suis -je hacker???cest la question que je me pose maintenant,
jai ete voir pour essayer de faire un scan online avec trend micro et eu refuse le scan online.je ne sais pas si tu connais housecall jai employer sa et selon eux jaurais une faille dans mon ordi et il m indiquais les endroit d ou je serais attacker.mmm ca m'effrais un peu car je comprend pas comment toute cette shit serais arriver dans mon ordinateur quand je ne fais que downloader de simple music dans mirc.
Protection
----------
Total scanned: 19068
Detected: 46
Untreated: 0
Start time: 2007-08-23 16:49:03
Duration: 07:44:27
Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Clicker.HTML.Agent.a URL: http://www.affordablewebhosting.com/adscheaper.htm
detected: Trojan program Trojan-Downloader.VBS.Agent.p URL: http://www.lookme.biz/tet.php
detected: Trojan program Trojan-Downloader.VBS.Agent.p Script: http://www.wtorrent.com/[1]
detected: riskware Hidden data sending Running process: C:\Program Files\WinRAR\WinRAR.exe
detected: Trojan program Trojan-Downloader.JS.Psyme.jf URL: http://redhotsocks.org/ex/
detected: riskware Hidden data sending Running process: C:\WINDOWS\explorer.exe
detected: riskware Hidden install Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\Google Toolbar\swg216B.tmp
detected: riskware Hidden install Running process: C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\swg-2.0.301.7164\SearchWithGoogleUpdate_fr.exe
detected: riskware Hidden install Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\Google Toolbar\gus22B8.tmp
detected: riskware Hidden install Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\Google Toolbar\swg22BC.tmp
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Dialer\a2service.exe
detected: riskware Invader Running process: C:\WINDOWS\explorer.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\winlogon.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\services.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2start.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\svchost.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2wizard.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2service.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2guard.exe
detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\rundll32.exe
detected: riskware Invader Running process: C:\Program Files\MySpace\IM\Uninstall.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\~nsu.tmp\Au_.exe
detected: riskware Invader Running process: C:\Program Files\MySpace\IM\RegAllUsers.bat
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2HiJackFree.exe
detected: riskware Invader Running process: C:\Program Files\Internet Explorer\iexplore.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\mIRC\mirc.exe
detected: riskware Invader Running process: C:\Program Files\WinRAR\WinRAR.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2scan.exe
detected: riskware Invader Running process: C:\WINDOWS\Explorer.EXE
detected: riskware Invader Running process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\cisvc.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\BestialitY\Run.bat
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\JustDeath\RunOnce.bat
detected: riskware Invader Running process: C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\dumprep.exe
deleted: Trojan program Backdoor.Win32.IRCBot.acd File: C:\DOCUME~1\Yannick\LOCALS~1\Temp\TFR20.tmp/DSC515607.jpg-www.pictureland.com
detected: riskware Invader Running process: C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
deleted: Trojan program Backdoor.IRC.Zapchast File: C:\Documents and Settings\Yannick\Bureau\mIRC\control.ini
detected: riskware Invader Running process: C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe
detected: riskware Invader Running process: C:\Program Files\iolo\System Mechanic Professional 6\UninstallSMPro.exe
detected: riskware Invader Running process: C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\_iu14D2N.tmp
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
detected: riskware Invader Running process: C:\Program Files\Spybot - Search & Destroy\unins000.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\scanner.exe\scanner.exe.exe
Events
------
Time Event
---- -----
2007-07-05 22:04:05 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
2007-07-05 22:04:13 Real-time protection started.
2007-07-05 22:08:09 Please restart your computer to complete the installation of new or updated protection components.
2007-07-05 22:08:09 Please restart your computer to complete the installation of new or updated protection components.
2007-07-05 22:08:14 Update completed successfully.
2007-07-05 22:17:25 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
2007-07-05 22:17:36 Real-time protection started.
2007-07-05 22:25:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:25:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/jptc.dat: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient1.zip/offun.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient10.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient11.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient12.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient13.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient14.zip/offun.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient15.zip/tmzvjjo.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient15.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient16.zip/tmzvjjoA.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient16.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient5.zip/jptc.dat: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient6.zip/offun.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient7.zip/tmzvjjo.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient8.zip/tmzvjjoA.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DLLpartagemanquante.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DLLpartagemanquante.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/pf79.exe: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer4.zip/cfin: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer5.zip/cfout.txt: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Jupilites.zip/msupdate32.dll: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Jupilites.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Locksky.zip/hard.lck: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Locksky.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor.zip/uninstall_nmon.vbs: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip/netmon.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor10.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor11.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor12.zip/uninstall_nmon.vbs: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor13.zip/netmon.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/domains.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/log.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor6.zip/uninstall_nmon.vbs: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor7.zip/netmon.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor8.zip/domains.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor8.zip/log.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/zlbw.dll: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/teller2.chk: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/winstall.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/winsub.xml: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/zlbw.dll: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/winsub.xml: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip/winstall.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/symsvcsa.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip/gimmygames1.dat: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip/_iu14D2N.tmp: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip/z12.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/winsub.xml: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/secure32.html: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/secure32.html: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/zlbw.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/symsvcsa.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip/tool5.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/base001.avd: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur000.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur001.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur002.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur003.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/SpySheriff.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/Uninstall.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip/SpySheriff.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff3.zip/removed.wav: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff4.zip/notfound.wav: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff5.zip/found.wav: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/base.avd: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/base002.avd: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur000.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur001.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur002.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur003.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/SpySheriff.dvm: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/Uninstall.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff8.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick.zip/Sskknwrd.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick1.zip/Ssk.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick10.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick11.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick12.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick13.zip/Sskuknwrd.dll: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick14.zip/Sskknwrd.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/Ssk.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/SskBho.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/SskCore.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/Ssk.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/Ssk3RepairInstall.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/SskBho.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/SskCore.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/Ssk.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/SskBho.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/SskCore.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick8.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip/$_2341233.TMP: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip/$_2341234.TMP: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UCmore.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destro
je ne sais pas comment de scan jai pu faire mais jai enfin trouver quelque chose jai le log kaspersky je sais pas pourquoi il ne trouvais rien mais entk je te paste le log je ne comprend pas pourquoi jai autant de vermine dans mon pc comme ca ,suis -je hacker???cest la question que je me pose maintenant,
jai ete voir pour essayer de faire un scan online avec trend micro et eu refuse le scan online.je ne sais pas si tu connais housecall jai employer sa et selon eux jaurais une faille dans mon ordi et il m indiquais les endroit d ou je serais attacker.mmm ca m'effrais un peu car je comprend pas comment toute cette shit serais arriver dans mon ordinateur quand je ne fais que downloader de simple music dans mirc.
Protection
----------
Total scanned: 19068
Detected: 46
Untreated: 0
Start time: 2007-08-23 16:49:03
Duration: 07:44:27
Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Clicker.HTML.Agent.a URL: http://www.affordablewebhosting.com/adscheaper.htm
detected: Trojan program Trojan-Downloader.VBS.Agent.p URL: http://www.lookme.biz/tet.php
detected: Trojan program Trojan-Downloader.VBS.Agent.p Script: http://www.wtorrent.com/[1]
detected: riskware Hidden data sending Running process: C:\Program Files\WinRAR\WinRAR.exe
detected: Trojan program Trojan-Downloader.JS.Psyme.jf URL: http://redhotsocks.org/ex/
detected: riskware Hidden data sending Running process: C:\WINDOWS\explorer.exe
detected: riskware Hidden install Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\Google Toolbar\swg216B.tmp
detected: riskware Hidden install Running process: C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\swg-2.0.301.7164\SearchWithGoogleUpdate_fr.exe
detected: riskware Hidden install Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\Google Toolbar\gus22B8.tmp
detected: riskware Hidden install Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\Google Toolbar\swg22BC.tmp
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Dialer\a2service.exe
detected: riskware Invader Running process: C:\WINDOWS\explorer.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\winlogon.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\services.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2start.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\svchost.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2wizard.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2service.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2guard.exe
detected: riskware Invader Running process: C:\WINDOWS\System32\svchost.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\rundll32.exe
detected: riskware Invader Running process: C:\Program Files\MySpace\IM\Uninstall.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\~nsu.tmp\Au_.exe
detected: riskware Invader Running process: C:\Program Files\MySpace\IM\RegAllUsers.bat
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2HiJackFree.exe
detected: riskware Invader Running process: C:\Program Files\Internet Explorer\iexplore.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\mIRC\mirc.exe
detected: riskware Invader Running process: C:\Program Files\WinRAR\WinRAR.exe
detected: riskware Invader Running process: C:\Program Files\a-squared Anti-Malware\a2scan.exe
detected: riskware Invader Running process: C:\WINDOWS\Explorer.EXE
detected: riskware Invader Running process: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\cisvc.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\BestialitY\Run.bat
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\JustDeath\RunOnce.bat
detected: riskware Invader Running process: C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
detected: riskware Invader Running process: C:\WINDOWS\system32\dumprep.exe
deleted: Trojan program Backdoor.Win32.IRCBot.acd File: C:\DOCUME~1\Yannick\LOCALS~1\Temp\TFR20.tmp/DSC515607.jpg-www.pictureland.com
detected: riskware Invader Running process: C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
deleted: Trojan program Backdoor.IRC.Zapchast File: C:\Documents and Settings\Yannick\Bureau\mIRC\control.ini
detected: riskware Invader Running process: C:\Program Files\iolo\System Mechanic Professional 6\SysMech6.exe
detected: riskware Invader Running process: C:\Program Files\iolo\System Mechanic Professional 6\UninstallSMPro.exe
detected: riskware Invader Running process: C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\_iu14D2N.tmp
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
detected: riskware Invader Running process: C:\Program Files\Spybot - Search & Destroy\unins000.exe
detected: riskware Invader Running process: C:\Documents and Settings\Yannick\Bureau\scanner.exe\scanner.exe.exe
Events
------
Time Event
---- -----
2007-07-05 22:04:05 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
2007-07-05 22:04:13 Real-time protection started.
2007-07-05 22:08:09 Please restart your computer to complete the installation of new or updated protection components.
2007-07-05 22:08:09 Please restart your computer to complete the installation of new or updated protection components.
2007-07-05 22:08:14 Update completed successfully.
2007-07-05 22:17:25 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
2007-07-05 22:17:36 Real-time protection started.
2007-07-05 22:25:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:25:58 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:26:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3372): attempt to load new or modified module was blocked.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/jptc.dat: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient1.zip/offun.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient10.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient11.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient12.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient13.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient14.zip/offun.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient15.zip/tmzvjjo.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient15.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient16.zip/tmzvjjoA.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient16.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient5.zip/jptc.dat: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient6.zip/offun.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient7.zip/tmzvjjo.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient8.zip/tmzvjjoA.exe: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:11 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DLLpartagemanquante.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DLLpartagemanquante.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/pf79.exe: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer4.zip/cfin: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer5.zip/cfout.txt: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Jupilites.zip/msupdate32.dll: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Jupilites.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Lefichierdedmarragenexistepas1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Localisationerrone4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Locksky.zip/hard.lck: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Locksky.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:12 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor.zip/uninstall_nmon.vbs: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip/netmon.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor10.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor11.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor12.zip/uninstall_nmon.vbs: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor13.zip/netmon.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/domains.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/log.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor6.zip/uninstall_nmon.vbs: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor7.zip/netmon.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor8.zip/domains.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor8.zip/log.txt: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/zlbw.dll: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/teller2.chk: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/winstall.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/winsub.xml: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/zlbw.dll: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/winsub.xml: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip/winstall.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/symsvcsa.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip/gimmygames1.dat: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip/_iu14D2N.tmp: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip/z12.exe: is password protected.
2007-07-05 22:30:13 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/winsub.xml: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/secure32.html: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/secure32.html: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/zlbw.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/symsvcsa.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip/tool5.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/base001.avd: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur000.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur001.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur002.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/heur003.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/SpySheriff.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/Uninstall.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip/SpySheriff.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff3.zip/removed.wav: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff4.zip/notfound.wav: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff5.zip/found.wav: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/base.avd: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/base002.avd: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur000.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur001.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur002.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur003.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/SpySheriff.dvm: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/Uninstall.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff8.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick.zip/Sskknwrd.dll: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick1.zip/Ssk.exe: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick10.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick10.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick11.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:14 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick11.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick12.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick12.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick13.zip/Sskuknwrd.dll: is password protected.
2007-07-05 22:30:15 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick13.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick14.zip/Sskknwrd.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick14.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/Ssk.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/SskBho.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/SskCore.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick15.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/Ssk.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/Ssk3RepairInstall.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/SskBho.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/SskCore.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/Ssk.exe: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/SskBho.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/SskCore.dll: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick6.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick6.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick7.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick7.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick8.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick8.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick9.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:16 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SurfSideKick9.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip/$_2341233.TMP: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip/$_2341234.TMP: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UCmore.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusDisableNotify4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify2.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify2.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify3.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify3.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify4.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify4.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify5.zip/sbRecovery.reg: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify5.zip/sbRecovery.ini: is password protected.
2007-07-05 22:30:17 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destro
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify6.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify6.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify7.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify7.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify8.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify8.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify9.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify9.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager1.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager1.zip/sbRecovery.ini: is password protected.
2007-07-08 06:21:10 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 62.117.85.87. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 06:43:41 Please restart your computer to complete the installation of new or updated protection components.
2007-07-08 06:43:43 Update completed successfully.
2007-07-08 08:18:14 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 83.50.71.244. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 10:43:41 Update completed successfully.
2007-07-08 12:55:05 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 201.93.248.247. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 13:20:35 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 82.83.216.62. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 14:44:41 Update completed successfully.
2007-07-08 18:43:40 Update completed successfully.
2007-07-08 20:01:23 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 201.223.233.54. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 22:43:52 Update completed successfully.
2007-07-08 23:16:24 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 201.216.7.49. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-09 02:43:21 Update completed successfully.
2007-07-09 05:39:16 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 203.111.237.11. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-09 06:43:21 Update completed successfully.
2007-07-09 10:44:49 Update completed successfully.
2007-07-09 13:22:52 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 85.125.144.34. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-09 14:02:17 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:43:52 Update completed successfully.
2007-07-09 18:45:08 Update completed successfully.
2007-07-09 18:49:32 The outgoing enrypted connection to server 72.247.200.80 on port 443 will be checked for viruses by certificate substitution.
2007-07-09 18:50:46 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 18:50:46 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 18:50:47 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 18:50:47 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 23:05:44 Update completed successfully.
2007-07-10 03:49:01 Update error: incorrect signature.
2007-07-10 06:44:49 Update completed successfully.
2007-07-10 10:44:44 Update completed successfully.
2007-07-10 13:33:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 13:33:26 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 13:33:26 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 13:33:27 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 14:46:27 Update completed successfully.
2007-07-10 15:54:29 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 12060): attempt to load new or modified module was blocked.
2007-07-10 15:54:49 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 12060): attempt to load new or modified module was blocked.
2007-07-10 15:54:50 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 12060): attempt to load new or modified module was blocked.
2007-07-10 15:54:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:54:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:54:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:54:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:55:09 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11636): attempt to load new or modified module was blocked.
2007-07-10 15:55:35 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 7716): attempt to load new or modified module was blocked.
2007-07-10 15:56:52 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11740): attempt to load new or modified module was blocked.
2007-07-10 15:58:41 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 10796): attempt to load new or modified module was blocked.
2007-07-10 15:59:33 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11332): attempt to load new or modified module was blocked.
2007-07-10 15:59:56 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 10852): attempt to load new or modified module was blocked.
2007-07-10 16:01:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:01:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:01:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:01:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:02:17 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to perform suspicious actions was blocked.
2007-07-10 16:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to perform suspicious actions was blocked.
2007-07-10 16:05:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 10100): attempt to load new or modified module was blocked.
2007-07-10 16:11:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:11:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:11:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:11:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:13:19 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11048): attempt to load new or modified module was blocked.
2007-07-10 16:13:57 The outgoing enrypted connection to server 209.73.168.74 on port 443 will be checked for viruses by certificate substitution.
2007-07-10 16:14:00 The outgoing enrypted connection to server 209.73.168.74 on port 443 checking for viruses by certificate substitution named login.yahoo.com.
2007-07-10 16:30:20 Real-time protection started.
2007-07-10 16:39:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 16:39:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 16:39:19 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 16:39:19 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 18:24:53 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:24:53 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:25:03 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:25:03 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:25:25 Process (PID 2772) tried to access Kaspersky Anti-Virus process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 18:25:25 Process (PID 2772) tried to access Kaspersky Anti-Virus process (PID 1824), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 18:45:25 Please restart your computer to complete the installation of new or updated protection components.
2007-07-10 18:45:26 Update completed successfully.
2007-07-10 21:19:16 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:16 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:17 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:17 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:17 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:18 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:36 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:39 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:58 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:58 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:20:07 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:20:07 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:20:29 Process (PID 3196) tried to access Kaspersky Anti-Virus process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 21:20:29 Process (PID 3196) tried to access Kaspersky Anti-Virus process (PID 1824), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 22:44:28 Update completed successfully.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:34 Process (PID 3568) tried to access Kaspersky Anti-Virus process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-11 01:29:35 Process (PID 3568) tried to access Kaspersky Anti-Virus process (PID 1824), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-11 02:09:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:09:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:09:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:09:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:31:01 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 76.170.48.119. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 02:44:22 Update completed successfully.
2007-07-11 05:31:53 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to perform suspicious actions was blocked.
2007-07-11 05:31:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to perform suspicious actions was blocked.
2007-07-11 06:02:39 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 84.194.185.106. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 06:45:03 Update completed successfully.
2007-07-11 11:04:13 Update completed successfully.
2007-07-11 12:02:54 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 74.99.170.161. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 14:45:51 Update completed successfully.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to perform suspicious actions was blocked.
2007-07-11 17:17:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to perform suspicious actions was blocked.
2007-07-11 17:19:32 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 17:19:32 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 17:19:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 17:19:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 18:45:19 Update completed successfully.
2007-07-11 19:06:24 Real-time protection started.
2007-07-11 19:07:04 Process (PID 660) tried to access Kaspersky Anti-Virus process (PID 1592), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-11 19:10:07 The application C:\WINDOWS\System32\svchost.exe cannot establish connection with server 207.134.223.90. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 19:10:51 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3424): attempt to load new or modified module was blocked.
2007-07-11 19:11:09 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3596): attempt to load new or modified module was blocked.
2007-07-11 19:17:49 Real-time protection started.
2007-07-11 19:18:16 The application C:\WINDOWS\System32\svchost.exe cannot establish connection with server 207.134.223.90. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 19:19:14 The outgoing enrypted connection to server 209.73.168.74 on port 443 will be checked for viruses by certificate substitution.
2007-07-11 19:19:15 The outgoing enrypted connection to server 209.73.168.74 on port 443 checking for viruses by certificate substitution named login.yahoo.com.
2007-07-11 19:19:18 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3888): attempt to load new or modified module was blocked.
2007-07-11 19:19:29 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 4036): attempt to load new or modified module was blocked.
2007-07-11 19:20:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3504): attempt to load new or modified module was blocked.
2007-07-11 19:21:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 488): attempt to load new or modified module was blocked.
2007-07-11 19:26:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3752): attempt to load new or modified module was blocked.
2007-07-11 19:36:37 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 1636): attempt to load new or modified module was blocked.
2007-07-11 19:42:59 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 2888): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:35:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 20:35:30 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 20:35:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 20:44:16 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3468): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:02:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 21:02:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:05 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 68.150.221.2. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:37:06 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 1912): attempt to load new or modified module was blocked.
2007-07-11 21:40:43 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 72.94.198.154. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 21:51:39 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:51:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:51:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:51:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:47:37 Please restart your computer to complete the installation of new or updated protection components.
2007-07-11 22:47:50 Update completed successfully.
2007-07-11 22:50:03 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:03 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:04 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:04 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:37 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:50:37 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:50:37 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:50:38 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 23:01:49 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 23:01:49 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 23:01:49 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
le log es tres long sa ma pri 2 msg pour te le montrer ,et voila,mes probleme son les meme ,je clic droit sur une files et sa freeze je ne voi que limage de mon desk et je suis oubliger de rebooter,mes icone en double dans le controle panel,mes program lag,jouvre un program et des dll dun autre program sexecute,ma connection disconnect parfois,mon service pack2 infecter je lai mi en quarantaine,system mechanic avan que je le desinstall mindiquais un erreur pas reparable sur mon disque c,
a peu pres tout ,mtn je vais faire se que tu ma demander avec higthjackthis,
merci de maider ses tres apprecier
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify6.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify7.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify7.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify8.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify8.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify9.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallDisableNotify9.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterFirewallOverride.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager.zip/sbRecovery.ini: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager1.zip/sbRecovery.reg: is password protected.
2007-07-08 05:04:23 File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterTaskManager1.zip/sbRecovery.ini: is password protected.
2007-07-08 06:21:10 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 62.117.85.87. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 06:43:41 Please restart your computer to complete the installation of new or updated protection components.
2007-07-08 06:43:43 Update completed successfully.
2007-07-08 08:18:14 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 83.50.71.244. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 10:43:41 Update completed successfully.
2007-07-08 12:55:05 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 201.93.248.247. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 13:20:35 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 82.83.216.62. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 14:44:41 Update completed successfully.
2007-07-08 18:43:40 Update completed successfully.
2007-07-08 20:01:23 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 201.223.233.54. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-08 22:43:52 Update completed successfully.
2007-07-08 23:16:24 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 201.216.7.49. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-09 02:43:21 Update completed successfully.
2007-07-09 05:39:16 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 203.111.237.11. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-09 06:43:21 Update completed successfully.
2007-07-09 10:44:49 Update completed successfully.
2007-07-09 13:22:52 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 85.125.144.34. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-09 14:02:17 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6844): attempt to load new or modified module was blocked.
2007-07-09 14:43:52 Update completed successfully.
2007-07-09 18:45:08 Update completed successfully.
2007-07-09 18:49:32 The outgoing enrypted connection to server 72.247.200.80 on port 443 will be checked for viruses by certificate substitution.
2007-07-09 18:50:46 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 18:50:46 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 18:50:47 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 18:50:47 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 6988): attempt to load new or modified module was blocked.
2007-07-09 23:05:44 Update completed successfully.
2007-07-10 03:49:01 Update error: incorrect signature.
2007-07-10 06:44:49 Update completed successfully.
2007-07-10 10:44:44 Update completed successfully.
2007-07-10 13:33:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 13:33:26 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 13:33:26 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 13:33:27 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 12176): attempt to load new or modified module was blocked.
2007-07-10 14:46:27 Update completed successfully.
2007-07-10 15:54:29 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 12060): attempt to load new or modified module was blocked.
2007-07-10 15:54:49 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 12060): attempt to load new or modified module was blocked.
2007-07-10 15:54:50 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 12060): attempt to load new or modified module was blocked.
2007-07-10 15:54:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:54:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:54:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:54:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 9716): attempt to load new or modified module was blocked.
2007-07-10 15:55:09 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11636): attempt to load new or modified module was blocked.
2007-07-10 15:55:35 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 7716): attempt to load new or modified module was blocked.
2007-07-10 15:56:52 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11740): attempt to load new or modified module was blocked.
2007-07-10 15:58:41 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 10796): attempt to load new or modified module was blocked.
2007-07-10 15:59:33 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11332): attempt to load new or modified module was blocked.
2007-07-10 15:59:56 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 10852): attempt to load new or modified module was blocked.
2007-07-10 16:01:24 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:01:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:01:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:01:25 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to load new or modified module was blocked.
2007-07-10 16:02:17 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to perform suspicious actions was blocked.
2007-07-10 16:02:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 10360): attempt to perform suspicious actions was blocked.
2007-07-10 16:05:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 10100): attempt to load new or modified module was blocked.
2007-07-10 16:11:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:11:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:11:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:11:11 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 11736): attempt to load new or modified module was blocked.
2007-07-10 16:13:19 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 11048): attempt to load new or modified module was blocked.
2007-07-10 16:13:57 The outgoing enrypted connection to server 209.73.168.74 on port 443 will be checked for viruses by certificate substitution.
2007-07-10 16:14:00 The outgoing enrypted connection to server 209.73.168.74 on port 443 checking for viruses by certificate substitution named login.yahoo.com.
2007-07-10 16:30:20 Real-time protection started.
2007-07-10 16:39:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 16:39:18 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 16:39:19 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 16:39:19 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3644): attempt to load new or modified module was blocked.
2007-07-10 18:24:53 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:24:53 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:25:03 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:25:03 Process C:\WINDOWS\system32\dwwin.exe (PID: 3440): attempt to load new or modified module was blocked.
2007-07-10 18:25:25 Process (PID 2772) tried to access Kaspersky Anti-Virus process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 18:25:25 Process (PID 2772) tried to access Kaspersky Anti-Virus process (PID 1824), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 18:45:25 Please restart your computer to complete the installation of new or updated protection components.
2007-07-10 18:45:26 Update completed successfully.
2007-07-10 21:19:16 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:16 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:17 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:17 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:17 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:18 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:36 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:39 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:58 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:19:58 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:20:07 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:20:07 Process C:\WINDOWS\system32\dwwin.exe (PID: 1560): attempt to load new or modified module was blocked.
2007-07-10 21:20:29 Process (PID 3196) tried to access Kaspersky Anti-Virus process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 21:20:29 Process (PID 3196) tried to access Kaspersky Anti-Virus process (PID 1824), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-10 22:44:28 Update completed successfully.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:20 Process C:\WINDOWS\system32\dwwin.exe (PID: 3088): attempt to load new or modified module was blocked.
2007-07-11 01:29:34 Process (PID 3568) tried to access Kaspersky Anti-Virus process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-11 01:29:35 Process (PID 3568) tried to access Kaspersky Anti-Virus process (PID 1824), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-11 02:09:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:09:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:09:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:09:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to load new or modified module was blocked.
2007-07-11 02:31:01 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 76.170.48.119. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 02:44:22 Update completed successfully.
2007-07-11 05:31:53 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to perform suspicious actions was blocked.
2007-07-11 05:31:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 2900): attempt to perform suspicious actions was blocked.
2007-07-11 06:02:39 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 84.194.185.106. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 06:45:03 Update completed successfully.
2007-07-11 11:04:13 Update completed successfully.
2007-07-11 12:02:54 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 74.99.170.161. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 14:45:51 Update completed successfully.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 15:08:12 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3516): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 16:18:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 212): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:10 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to load new or modified module was blocked.
2007-07-11 17:17:56 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to perform suspicious actions was blocked.
2007-07-11 17:17:57 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5060): attempt to perform suspicious actions was blocked.
2007-07-11 17:19:32 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 17:19:32 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 17:19:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 17:19:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 5628): attempt to load new or modified module was blocked.
2007-07-11 18:45:19 Update completed successfully.
2007-07-11 19:06:24 Real-time protection started.
2007-07-11 19:07:04 Process (PID 660) tried to access Kaspersky Anti-Virus process (PID 1592), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
2007-07-11 19:10:07 The application C:\WINDOWS\System32\svchost.exe cannot establish connection with server 207.134.223.90. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 19:10:51 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3424): attempt to load new or modified module was blocked.
2007-07-11 19:11:09 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3596): attempt to load new or modified module was blocked.
2007-07-11 19:17:49 Real-time protection started.
2007-07-11 19:18:16 The application C:\WINDOWS\System32\svchost.exe cannot establish connection with server 207.134.223.90. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 19:19:14 The outgoing enrypted connection to server 209.73.168.74 on port 443 will be checked for viruses by certificate substitution.
2007-07-11 19:19:15 The outgoing enrypted connection to server 209.73.168.74 on port 443 checking for viruses by certificate substitution named login.yahoo.com.
2007-07-11 19:19:18 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3888): attempt to load new or modified module was blocked.
2007-07-11 19:19:29 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 4036): attempt to load new or modified module was blocked.
2007-07-11 19:20:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3504): attempt to load new or modified module was blocked.
2007-07-11 19:21:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 488): attempt to load new or modified module was blocked.
2007-07-11 19:26:57 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3752): attempt to load new or modified module was blocked.
2007-07-11 19:36:37 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 1636): attempt to load new or modified module was blocked.
2007-07-11 19:42:59 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 2888): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:15:36 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1572): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:32:22 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:34:35 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3244): attempt to load new or modified module was blocked.
2007-07-11 20:35:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 20:35:30 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 20:35:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 20:44:16 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 3468): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:55:59 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 20:59:00 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:02:21 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 21:02:23 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to perform suspicious actions was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:18:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:19:28 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:20:05 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 68.150.221.2. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:33 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:54 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:24:55 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:25:01 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:31:15 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:37:06 Process C:\Program Files\MSN Messenger\msnmsgr.exe (PID: 1912): attempt to load new or modified module was blocked.
2007-07-11 21:40:43 The application C:\Program Files\Soulseek\slsk.exe cannot establish connection with server 72.94.198.154. Please check your internet connection settings. If you have a firewall installed, check that the application avp.exe is allowed internet access.
2007-07-11 21:51:39 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:51:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:51:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 21:51:40 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:47:37 Please restart your computer to complete the installation of new or updated protection components.
2007-07-11 22:47:50 Update completed successfully.
2007-07-11 22:50:03 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:03 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:04 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:04 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:05 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:06 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 1568): attempt to load new or modified module was blocked.
2007-07-11 22:50:37 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:50:37 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:50:37 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:50:38 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 22:55:43 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 23:01:49 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 23:01:49 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
2007-07-11 23:01:49 Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3908): attempt to load new or modified module was blocked.
le log es tres long sa ma pri 2 msg pour te le montrer ,et voila,mes probleme son les meme ,je clic droit sur une files et sa freeze je ne voi que limage de mon desk et je suis oubliger de rebooter,mes icone en double dans le controle panel,mes program lag,jouvre un program et des dll dun autre program sexecute,ma connection disconnect parfois,mon service pack2 infecter je lai mi en quarantaine,system mechanic avan que je le desinstall mindiquais un erreur pas reparable sur mon disque c,
a peu pres tout ,mtn je vais faire se que tu ma demander avec higthjackthis,
merci de maider ses tres apprecier
DeNisCoOl
Messages postés
2802
Date d'inscription
vendredi 19 août 2005
Statut
Membre
Dernière intervention
28 février 2011
224
24 août 2007 à 08:57
24 août 2007 à 08:57
Salut Vehement,
Ouf c'est le log de Kaspersky?
Visiblement oui ça s'étend on va employer les grands moyens alors.
D'abord un firewall pour boucher les trous de la passoire hehe
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
Tutoriel ci dessous:
https://kerio.probb.fr/t1-tuto-pour-kerio-4-2
Ensuite scan avec des anti-espions (en mode sans échec):
smit fraud fix
1/ http://telechargement.zebulon.fr/smitfraudfix.html
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
3/ une fois le rapport effectué si il détecte quelque chose refaire comme en 2/ mais redémarrer en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Cette fois ci sélectionner l'option 2 et appuyer sur entrée pour commencer la désinfection. Lorsque le programme demande si tu veux nettoyer le registre fait oui en tapant 0 et entrée.
(Colle le rapport)
______________________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________________
combofix voir procédure ici:
http://mickael.barroux.free.fr/securite/combofix.php
(Colle le rapport)
________________________________
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
http://kerio.probb.fr/tuto-Clean-h37.html
• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
_____________________________
Ensuite pour finir coller le log HiJackThis -
Cordialement,
Denis
Ouf c'est le log de Kaspersky?
Visiblement oui ça s'étend on va employer les grands moyens alors.
D'abord un firewall pour boucher les trous de la passoire hehe
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
Tutoriel ci dessous:
https://kerio.probb.fr/t1-tuto-pour-kerio-4-2
Ensuite scan avec des anti-espions (en mode sans échec):
smit fraud fix
1/ http://telechargement.zebulon.fr/smitfraudfix.html
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
3/ une fois le rapport effectué si il détecte quelque chose refaire comme en 2/ mais redémarrer en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Cette fois ci sélectionner l'option 2 et appuyer sur entrée pour commencer la désinfection. Lorsque le programme demande si tu veux nettoyer le registre fait oui en tapant 0 et entrée.
(Colle le rapport)
______________________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
______________________________
combofix voir procédure ici:
http://mickael.barroux.free.fr/securite/combofix.php
(Colle le rapport)
________________________________
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
http://kerio.probb.fr/tuto-Clean-h37.html
• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
_____________________________
Ensuite pour finir coller le log HiJackThis -
Cordialement,
Denis
resalut denis
jai fermer internet en mode sans echec je sais pas si cetais ok entk
le log smithfraud es vraiment trop long pour le paster ici denis je retourne avec sdfix maintenant
voici le premier log mais le 2eme en mode sans echec es vraiment trop long sa me prendrais comme 10 a 20 post pour que tu puisse le voir
SmitFraudFix v2.195
Rapport fait à 4:12:29,34, 2007-08-24
Executé à partir de C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9BDF3D93-AB26-423B-9BA1-32D1D0249D14}: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9BDF3D93-AB26-423B-9BA1-32D1D0249D14}: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=142.169.1.16 199.84.242.22
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vehement
jai fermer internet en mode sans echec je sais pas si cetais ok entk
le log smithfraud es vraiment trop long pour le paster ici denis je retourne avec sdfix maintenant
voici le premier log mais le 2eme en mode sans echec es vraiment trop long sa me prendrais comme 10 a 20 post pour que tu puisse le voir
SmitFraudFix v2.195
Rapport fait à 4:12:29,34, 2007-08-24
Executé à partir de C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9BDF3D93-AB26-423B-9BA1-32D1D0249D14}: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9BDF3D93-AB26-423B-9BA1-32D1D0249D14}: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=142.169.1.16 199.84.242.22
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=142.169.1.16 199.84.242.22
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Vehement
voici le log de sdfix denis jappreci bcp cette aide de ta part merci bcp
et jai fais la meme chose jai disconnecter internet en mode sans echec
SDFix: Version 1.100
Run by Yannick on 2007-08-24 at 05:00
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Program Files\\UltraVNC\\vncviewer.exe"="C:\\Program Files\\UltraVNC\\vncviewer.exe:*:Enabled:VNCViewer"
"C:\\Program Files\\MysteryScRiPTv2\\MysteryScRiPT V2.exe"="C:\\Program Files\\MysteryScRiPTv2\\MysteryScRiPT V2.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\dossier yann\\MasterBot\\MasterBot.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\dossier yann\\MasterBot\\MasterBot.exe:*:Enabled:IRC Client"
"C:\\Documents and Settings\\Yannick\\Mes documents\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\windrop\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Mes documents\\TriviaBot2004v2.3\\TriviaBot.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\TriviaBot2004v2.3\\TriviaBot.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(Tuning)\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(Tuning)\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\\Documents and Settings\\Yannick\\Bureau\\patch russ wow\\WoW-2.0.0.5991-frFR-Installer-downloader.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\patch russ wow\\WoW-2.0.0.5991-frFR-Installer-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\\Documents and Settings\\Yannick\\Bureau\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\W4RL0RD\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\W4RL0RD\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\download\\Windrop (1)\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\download\\Windrop (1)\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\lllNeCrOlll\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\lllNeCrOlll\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\DarkSpirit\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\DarkSpirit\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\bestiality\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\bestiality\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\windrop2\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\windrop2\\windrop\\eggdrop.exe:*:Disabled:eggdrop.exe"
"C:\\Documents and Settings\\Yannick\\Mes documents\\eXtreme\\mIRC.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\eXtreme\\mIRC.exe:*:Disabled:eXtreme mIRCüý"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Disabled:IncrediMail"
"C:\\Documents and Settings\\Yannick\\Mes documents\\arnac ou pas\\incredimail_install.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\arnac ou pas\\incredimail_install.exe:*:Disabled:IncrediMail Installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\program file\\mirc6.2\\mirc.exe"="C:\\Documents and Settings\\Yannick\\program file\\mirc6.2\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\program file\\mirc2\\mirc.exe"="C:\\Documents and Settings\\Yannick\\program file\\mirc2\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(HT12)\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(HT12)\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XDCC.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XDCC.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XchatClone\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XchatClone\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Scorpv4\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Scorpv4\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\RedScript\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\RedScript\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\PScript\\Pscript.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\PScript\\Pscript.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\program script et +\\PolarisX_2.01\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\program script et +\\PolarisX_2.01\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\PolarisX_2.01\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\PolarisX_2.01\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Nomed\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Nomed\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\MiRCfullPro\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\MiRCfullPro\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\mIRC.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\mIRC.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\max\\MaX 6.12\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\max\\MaX 6.12\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Invincible_script-v12\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Invincible_script-v12\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\frosen script\\frosen.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\frosen script\\frosen.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Absar's Script\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Absar's Script\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\XpS(HT12)\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\XpS(HT12)\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\xdcc-warez-ftp\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\xdcc-warez-ftp\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\clone_normal\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\clone_normal\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc2.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc2.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc3\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc3\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\max\\MaX 6.12\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\max\\MaX 6.12\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\invision\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\invision\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Invincible_script-v1\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Invincible_script-v1\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\ChaoticScript\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\ChaoticScript\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\2448Script\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\2448Script\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Yannick\\Bureau\\kiri\\Kiri.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\kiri\\Kiri.exe:*:Enabled:Kiri"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Documents and Settings\Yannick\Local Settings\Application Data\Microsoft\Messenger\yannic_27@hotmail.com\Sharing Folders\spector9002@hotmail.com\Thumbs.db
Finished
bon jy vais maintenant avec combofix
Vehement
et jai fais la meme chose jai disconnecter internet en mode sans echec
SDFix: Version 1.100
Run by Yannick on 2007-08-24 at 05:00
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Program Files\\UltraVNC\\vncviewer.exe"="C:\\Program Files\\UltraVNC\\vncviewer.exe:*:Enabled:VNCViewer"
"C:\\Program Files\\MysteryScRiPTv2\\MysteryScRiPT V2.exe"="C:\\Program Files\\MysteryScRiPTv2\\MysteryScRiPT V2.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\dossier yann\\MasterBot\\MasterBot.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\dossier yann\\MasterBot\\MasterBot.exe:*:Enabled:IRC Client"
"C:\\Documents and Settings\\Yannick\\Mes documents\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\windrop\\eggdrop.exe:*:Enabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Mes documents\\TriviaBot2004v2.3\\TriviaBot.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\TriviaBot2004v2.3\\TriviaBot.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(Tuning)\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(Tuning)\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\\Documents and Settings\\Yannick\\Bureau\\patch russ wow\\WoW-2.0.0.5991-frFR-Installer-downloader.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\patch russ wow\\WoW-2.0.0.5991-frFR-Installer-downloader.exe:*:Disabled:Blizzard Downloader"
"C:\\Documents and Settings\\Yannick\\Bureau\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\W4RL0RD\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\W4RL0RD\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nymphe\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\download\\Windrop (1)\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\download\\Windrop (1)\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\lllNeCrOlll\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\lllNeCrOlll\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\DarkSpirit\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\DarkSpirit\\windrop\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\bestiality\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\bestiality\\eggdrop.exe:*:Disabled:eggdrop"
"C:\\Documents and Settings\\Yannick\\Bureau\\windrop2\\windrop\\eggdrop.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\windrop2\\windrop\\eggdrop.exe:*:Disabled:eggdrop.exe"
"C:\\Documents and Settings\\Yannick\\Mes documents\\eXtreme\\mIRC.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\eXtreme\\mIRC.exe:*:Disabled:eXtreme mIRCüý"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Disabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Disabled:IncrediMail"
"C:\\Documents and Settings\\Yannick\\Mes documents\\arnac ou pas\\incredimail_install.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\arnac ou pas\\incredimail_install.exe:*:Disabled:IncrediMail Installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\program file\\mirc6.2\\mirc.exe"="C:\\Documents and Settings\\Yannick\\program file\\mirc6.2\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\program file\\mirc2\\mirc.exe"="C:\\Documents and Settings\\Yannick\\program file\\mirc2\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(HT12)\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XpS(HT12)\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XDCC.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XDCC.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\XchatClone\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\XchatClone\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Scorpv4\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Scorpv4\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\RedScript\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\RedScript\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\PScript\\Pscript.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\PScript\\Pscript.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\program script et +\\PolarisX_2.01\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\program script et +\\PolarisX_2.01\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\PolarisX_2.01\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\PolarisX_2.01\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Nomed\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Nomed\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\MiRCfullPro\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\MiRCfullPro\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\mIRC.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\mIRC.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\max\\MaX 6.12\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\max\\MaX 6.12\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Invincible_script-v12\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Invincible_script-v12\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\frosen script\\frosen.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\frosen script\\frosen.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Mes documents\\Absar's Script\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Mes documents\\Absar's Script\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\XpS(HT12)\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\XpS(HT12)\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\xdcc-warez-ftp\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\xdcc-warez-ftp\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\clone_normal\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Nomed\\clone_normal\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc2.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc6.2\\mirc2.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\mirc3\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\mirc3\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\max\\MaX 6.12\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\max\\MaX 6.12\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\invision\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\invision\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Invincible_script-v1\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Invincible_script-v1\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\Invincible\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\Invincible\\Invincible\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\ChaoticScript\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\ChaoticScript\\mirc.exe:*:Disabled:mIRC"
"C:\\Documents and Settings\\Yannick\\Bureau\\2448Script\\mirc.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\2448Script\\mirc.exe:*:Disabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Yannick\\Bureau\\kiri\\Kiri.exe"="C:\\Documents and Settings\\Yannick\\Bureau\\kiri\\Kiri.exe:*:Enabled:Kiri"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\FlashFXP\\flashfxp.exe"="C:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP v3"
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Documents and Settings\Yannick\Local Settings\Application Data\Microsoft\Messenger\yannic_27@hotmail.com\Sharing Folders\spector9002@hotmail.com\Thumbs.db
Finished
bon jy vais maintenant avec combofix
Vehement
oh my god la vitesse es revenu je crois:D
jai le log avec combofix
2log
ComboFix 07-08-17.2 - "Yannick" 2007-08-24 5:34:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.498 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\winsysupd71.dat
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))
2007-08-24 05:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 04:57 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-24 04:01 1,386 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-24 03:42 <REP> d-------- C:\Program Files\Sunbelt Software
2007-08-23 16:24 <REP> d-------- C:\Program Files\CCleaner
2007-08-23 04:17 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-08-21 01:19 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-08-21 01:18 <REP> d-------- C:\Program Files\a-squared Anti-Dialer
2007-08-15 17:12 <REP> d-------- C:\Program Files\MSXML 4.0
2007-08-12 04:57 <REP> d-------- C:\Program Files\uTorrent
2007-08-12 04:57 <REP> d-------- C:\DOCUME~1\Yannick\APPLIC~1\uTorrent
2007-08-08 16:09 <REP> d-------- C:\Program Files\BitComet
2007-08-03 12:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 14:08 <REP> d-------- C:\VA-Bloodtrial-Rising_Tide-Split-2007-hXc
2007-07-29 13:42 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-07-29 13:41 <REP> d-------- C:\Program Files\FlashFXP
2007-07-26 10:23 <REP> d-------- C:\DOCUME~1\Yannick\APPLIC~1\WinRAR
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-24 05:56 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-08-24 05:56 26387232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-24 05:49 465952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-24 05:49 45800 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-24 05:49 357272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-24 05:40 1946 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-24 05:33 --------- d-------- C:\Program Files\Kaspersky Lab
2007-08-24 04:11 --------- d-------- C:\Program Files\Common Files
2007-08-23 21:07 --------- d-------- C:\Program Files\Soulseek
2007-08-23 16:30 --------- d-------- C:\Program Files\GetRight
2007-08-23 06:34 --------- d-------- C:\Program Files\XoftSpySE
2007-08-21 12:17 --------- d-------- C:\Program Files\MySpace
2007-08-15 05:58 --------- d-------- C:\DOCUME~1\Yannick\APPLIC~1\GrabIt
2007-08-12 02:29 --------- d-------- C:\Program Files\Google
2007-08-08 17:45 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-27 15:47 --------- d-------- C:\Program Files\WinAce
2007-07-16 23:02 --------- d-------- C:\Program Files\MSN Messenger
2007-07-14 20:38 --------- d-------- C:\Program Files\MP3Detective
2007-07-14 20:35 --------- d-------- C:\DOCUME~1\Yannick\APPLIC~1\Chequers Software
2007-07-05 20:48 --------- d-------- C:\Program Files\nod32-ESET
2007-06-27 16:37 --------- d-------- C:\Program Files\GrabIt
2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 09:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-05-02 00:09 24265736 --a------ C:\Program Files\dotnetfx.exe
2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"a-squared"="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [2007-08-21 11:47]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 12:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^desktop(2).ini]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop(2).ini
backup=C:\WINDOWS\pss\desktop(2).iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yannick^Menu Démarrer^Programmes^Démarrage^desktop(2).ini]
path=C:\Documents and Settings\Yannick\Menu Démarrer\Programmes\Démarrage\desktop(2).ini
backup=C:\WINDOWS\pss\desktop(2).iniStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kiri]
C:\Program Files\Kiri\Kiri.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R0 FPA_RTP;FPA_RTP;C:\WINDOWS\system32\Drivers\FSTOPW.SYS
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys
R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Program Files\a-squared Anti-Dialer\a2service.exe"
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
S2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
S2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender9\regspy.sys
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
Contents of the 'Scheduled Tasks' folder
2007-05-12 12:34:37 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
2007-08-24 09:50:57 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-21 07:00:18 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 05:52:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\(VFILT)]
Completion time: 2007-08-24 6:01:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-24 06:01
--- E O F ---
-------------------------(((2eme log de quarantaine)))-------------------------------------------------------------------------------------------------------
[code]
2006-02-11 22:23 0 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\winsysupd71.dat.vir
2007-08-24 05:43 1060 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.cf
2007-08-24 05:43 196 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-08-24 05:43 3634 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.cf
Structure du dossier
Le num‚ro de s‚rie du volume est C8F6-AE8D
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| winsysupd71.dat.vir
|
\---Registry_backups
LEGACY_NWSAPAGENT.reg.cf
services_nm.reg.cf
services_NwSapAgent.reg.cf
[/code]
jy vais maintenant avec cleanerzip
je sens deja la diference entk la vitesse a changer:D je vais voir avec le temp si mes program lag encore et si mes probleme on fini
merveilleux se program sa refais les cle de registre si jai bien vu :)
alors tien moi au courant si toute les log son ok si jnai pas fais derreur ou quelque chose de meme et pour le combofix jai rester en mode normal et jai rester internet ouvert
la je cleanzip et je refais quelque scan
en espoir d avoir eliminer sa de mon ordi et que les intru nentre plus dans mon pc jespere que le firewall ne block pas les dccchat avec mirc a cauz jutilise des eggdrop entk tien moi au courant des log stp
gros merci
Vehement
jai le log avec combofix
2log
ComboFix 07-08-17.2 - "Yannick" 2007-08-24 5:34:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.498 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\winsysupd71.dat
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))
2007-08-24 05:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 04:57 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-24 04:01 1,386 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-24 03:42 <REP> d-------- C:\Program Files\Sunbelt Software
2007-08-23 16:24 <REP> d-------- C:\Program Files\CCleaner
2007-08-23 04:17 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-08-21 01:19 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-08-21 01:18 <REP> d-------- C:\Program Files\a-squared Anti-Dialer
2007-08-15 17:12 <REP> d-------- C:\Program Files\MSXML 4.0
2007-08-12 04:57 <REP> d-------- C:\Program Files\uTorrent
2007-08-12 04:57 <REP> d-------- C:\DOCUME~1\Yannick\APPLIC~1\uTorrent
2007-08-08 16:09 <REP> d-------- C:\Program Files\BitComet
2007-08-03 12:49 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-29 14:08 <REP> d-------- C:\VA-Bloodtrial-Rising_Tide-Split-2007-hXc
2007-07-29 13:42 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-07-29 13:41 <REP> d-------- C:\Program Files\FlashFXP
2007-07-26 10:23 <REP> d-------- C:\DOCUME~1\Yannick\APPLIC~1\WinRAR
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-24 05:56 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-08-24 05:56 26387232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-24 05:49 465952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-24 05:49 45800 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-24 05:49 357272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-24 05:40 1946 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-08-24 05:33 --------- d-------- C:\Program Files\Kaspersky Lab
2007-08-24 04:11 --------- d-------- C:\Program Files\Common Files
2007-08-23 21:07 --------- d-------- C:\Program Files\Soulseek
2007-08-23 16:30 --------- d-------- C:\Program Files\GetRight
2007-08-23 06:34 --------- d-------- C:\Program Files\XoftSpySE
2007-08-21 12:17 --------- d-------- C:\Program Files\MySpace
2007-08-15 05:58 --------- d-------- C:\DOCUME~1\Yannick\APPLIC~1\GrabIt
2007-08-12 02:29 --------- d-------- C:\Program Files\Google
2007-08-08 17:45 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-27 15:47 --------- d-------- C:\Program Files\WinAce
2007-07-16 23:02 --------- d-------- C:\Program Files\MSN Messenger
2007-07-14 20:38 --------- d-------- C:\Program Files\MP3Detective
2007-07-14 20:35 --------- d-------- C:\DOCUME~1\Yannick\APPLIC~1\Chequers Software
2007-07-05 20:48 --------- d-------- C:\Program Files\nod32-ESET
2007-06-27 16:37 --------- d-------- C:\Program Files\GrabIt
2007-06-26 02:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 09:22 1037312 --a------ C:\WINDOWS\explorer.exe
2007-05-02 00:09 24265736 --a------ C:\Program Files\dotnetfx.exe
2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 11:09]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"a-squared"="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [2007-08-21 11:47]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 12:12]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^desktop(2).ini]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop(2).ini
backup=C:\WINDOWS\pss\desktop(2).iniCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yannick^Menu Démarrer^Programmes^Démarrage^desktop(2).ini]
path=C:\Documents and Settings\Yannick\Menu Démarrer\Programmes\Démarrage\desktop(2).ini
backup=C:\WINDOWS\pss\desktop(2).iniStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kiri]
C:\Program Files\Kiri\Kiri.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
"C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
C:\Program Files\XoftSpySE\xoftspy.exe -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R0 FPA_RTP;FPA_RTP;C:\WINDOWS\system32\Drivers\FSTOPW.SYS
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys
R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Program Files\a-squared Anti-Dialer\a2service.exe"
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
S2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
S2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender9\regspy.sys
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
Contents of the 'Scheduled Tasks' folder
2007-05-12 12:34:37 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe
2007-08-24 09:50:57 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-21 07:00:18 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 05:52:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\(VFILT)]
Completion time: 2007-08-24 6:01:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-24 06:01
--- E O F ---
-------------------------(((2eme log de quarantaine)))-------------------------------------------------------------------------------------------------------
[code]
2006-02-11 22:23 0 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\winsysupd71.dat.vir
2007-08-24 05:43 1060 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.cf
2007-08-24 05:43 196 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-08-24 05:43 3634 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.cf
Structure du dossier
Le num‚ro de s‚rie du volume est C8F6-AE8D
C:\QOOBOX
\---Quarantine
+---C
| \---WINDOWS
| winsysupd71.dat.vir
|
\---Registry_backups
LEGACY_NWSAPAGENT.reg.cf
services_nm.reg.cf
services_NwSapAgent.reg.cf
[/code]
jy vais maintenant avec cleanerzip
je sens deja la diference entk la vitesse a changer:D je vais voir avec le temp si mes program lag encore et si mes probleme on fini
merveilleux se program sa refais les cle de registre si jai bien vu :)
alors tien moi au courant si toute les log son ok si jnai pas fais derreur ou quelque chose de meme et pour le combofix jai rester en mode normal et jai rester internet ouvert
la je cleanzip et je refais quelque scan
en espoir d avoir eliminer sa de mon ordi et que les intru nentre plus dans mon pc jespere que le firewall ne block pas les dccchat avec mirc a cauz jutilise des eggdrop entk tien moi au courant des log stp
gros merci
Vehement
salut denis jai un prob je px pas faire le cleaner en mode sans echec il ne saffiche pas en mode sans echec
devrais le faire en mode normal?
cest ce que jai fais je lai fais en mode normal avec internet disconnecter
jattend ta reponse :)
Vehement
devrais le faire en mode normal?
cest ce que jai fais je lai fais en mode normal avec internet disconnecter
jattend ta reponse :)
Vehement
bon XoftspySe a detecter ca
c:\DOCUME~1\Yannick\LOCALS~1\Temp\regbackup.regbackup.reg
[HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\shellextension]
[HKEY_CLASSES_ROOT\directory\shellex\contextmenuhandlers\shellextension]
[HKEY_CLASSES_ROOT\drive\shellex\contextmenuhandlers\shellextension]
[HKEY_LOCAL_MACHINE\software\classes\*\shellex\contextmenuhandlers\shellextension]
[HKEY_LOCAL_MACHINE\software\classes\directory\shellex\contextmenuhandlers\shellextension]
[HKEY_LOCAL_MACHINE\software\classes\drive\shellex\contextmenuhandlers\shellextension]
a-squared dialer a detecter sa
c:\DOCUMENT AND SETTING\Yannick\Bureau\combofix\combofix.exe\nircmd.exe Heuristic.Dialer.RAS
jutilise des eggdrop jimagine qu il essai de me hacker par mes port ouvert de mes eggdrops
mon pc a gagner de la vitesse mes sa lag un peu encore
apres tous ca jai un probleme qui es apparu chaque link envoyer (comme exemple si tu m envoie un link je peu l ouvrir mais la page ne veux pas sagrandir au maximum je suis oubliger de cliquer sur explorer et entrer le link manuellement dans le explorer et la tout fonctionne mais si sa vien de quelqu un alors je peux l ouvrir mais la page ne s agrandi pas .je scan avec kaspersky et avg7,5 anti spy mais ses pas terminer encore j attend que sa finisse,
en espoir de fixer tout sa
alors j attend ta reponse Denis
Vehement
c:\DOCUME~1\Yannick\LOCALS~1\Temp\regbackup.regbackup.reg
[HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\shellextension]
[HKEY_CLASSES_ROOT\directory\shellex\contextmenuhandlers\shellextension]
[HKEY_CLASSES_ROOT\drive\shellex\contextmenuhandlers\shellextension]
[HKEY_LOCAL_MACHINE\software\classes\*\shellex\contextmenuhandlers\shellextension]
[HKEY_LOCAL_MACHINE\software\classes\directory\shellex\contextmenuhandlers\shellextension]
[HKEY_LOCAL_MACHINE\software\classes\drive\shellex\contextmenuhandlers\shellextension]
a-squared dialer a detecter sa
c:\DOCUMENT AND SETTING\Yannick\Bureau\combofix\combofix.exe\nircmd.exe Heuristic.Dialer.RAS
jutilise des eggdrop jimagine qu il essai de me hacker par mes port ouvert de mes eggdrops
mon pc a gagner de la vitesse mes sa lag un peu encore
apres tous ca jai un probleme qui es apparu chaque link envoyer (comme exemple si tu m envoie un link je peu l ouvrir mais la page ne veux pas sagrandir au maximum je suis oubliger de cliquer sur explorer et entrer le link manuellement dans le explorer et la tout fonctionne mais si sa vien de quelqu un alors je peux l ouvrir mais la page ne s agrandi pas .je scan avec kaspersky et avg7,5 anti spy mais ses pas terminer encore j attend que sa finisse,
en espoir de fixer tout sa
alors j attend ta reponse Denis
Vehement
DeNisCoOl
Messages postés
2802
Date d'inscription
vendredi 19 août 2005
Statut
Membre
Dernière intervention
28 février 2011
224
24 août 2007 à 17:54
24 août 2007 à 17:54
ok, je vais regarder ça en rentrant chez moi cette après midi.
bye bye
Denis
bye bye
Denis
DeNisCoOl
Messages postés
2802
Date d'inscription
vendredi 19 août 2005
Statut
Membre
Dernière intervention
28 février 2011
224
25 août 2007 à 01:27
25 août 2007 à 01:27
salut,
Ou as tu placé clean.exe? sur ton bureau?
Quand tu as redémarré en mode sans échec tu es retourné sur ton profil?
Sinon il est dans un autre dossier.
Je ne penses pas que cela soit le cas mais au cas ou regardes si tu ne dois pas afficher les fichiers systèmes.
Outils/Options des dossiers, onglet affichage (.
A part ça je ne vois rien, mais je ne suis pas assez calé sur ces logiciels pour te le confirmer vraiment.
Il semble y avoir des chose en quarantaine dans Qoobox.
Repasses un coup de Spybot, AdAware, A-squared, Kaspersky plus un scan en ligne F-Secure.
Puis refait un log HiJackthis là je pourrais vraiment te dire si tout est ok.
Merci,
Denis
Ou as tu placé clean.exe? sur ton bureau?
Quand tu as redémarré en mode sans échec tu es retourné sur ton profil?
Sinon il est dans un autre dossier.
Je ne penses pas que cela soit le cas mais au cas ou regardes si tu ne dois pas afficher les fichiers systèmes.
Outils/Options des dossiers, onglet affichage (.
A part ça je ne vois rien, mais je ne suis pas assez calé sur ces logiciels pour te le confirmer vraiment.
Il semble y avoir des chose en quarantaine dans Qoobox.
Repasses un coup de Spybot, AdAware, A-squared, Kaspersky plus un scan en ligne F-Secure.
Puis refait un log HiJackthis là je pourrais vraiment te dire si tout est ok.
Merci,
Denis
le clean.exe je l ai dezipper sur le bureau mais en mode sans echec il es nulpart.il on infecter le data registre de mon anti virus kaspersky
mon saboter les cookies .je ne pouvais plus entrer dans mais email et je ne pouvais plus apercevoir les cookie quand je tecrivais
le cookie code lol.
la jai desintasller le firewall tu ma donner pour le changer contre sygate parce que sa block mes envoie de fichier dans mirc mais mon mirc crash toujours jy comprend rien
et jai lanti virus trend micro version trial expirer
pas l droit au update
et cest ca qui ma sauver et adaware2007 et xoftspy ma vielle version
et la nouvelle mon tous enlever des vermine aussi je te paste le log de trend micro
mais avant xoftspy a detecter ISTBar(registrekeymalaware) et Mirar(registrekeyworm)et TorrentQ supposement ses effacer.
je download en torrent quelque fois entk jvas faire plus attention la prochaine fois.
mais la cause de sa es un mauvais site que jallais il mavais lair pas dangereux pourtant mais ...ca l air que oui
log trend micro ce qui a eliminer supposement
"Spyware Scan Logs","2007/08/26","HOMEUSER"
"Time","Area","Item Name","Detected Resource","Target","Action"
"00:03","ActiveX and other downloaded software","http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab","C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x,C:\WINDOWS\bdoscandellang.ini,C:\WINDOWS\bdoscandel.exe,C:\WINDOWS\Downloaded Program Files\live.ini,C:\WINDOWS\Downloaded Program Files\scanoptions.tsi,C:\WINDOWS\Downloaded Program Files\lang.ini,C:\WINDOWS\Downloaded Program Files\ipsupd.dll,C:\WINDOWS\Downloaded Program Files\bdupd.dll,C:\WINDOWS\Downloaded Program Files\libfn.dll,","BDSCANONLINE Control","Detected"
"00:04","ActiveX and other downloaded software","http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab","C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x,C:\WINDOWS\bdoscandellang.ini,C:\WINDOWS\bdoscandel.exe,C:\WINDOWS\Downloaded Program Files\live.ini,C:\WINDOWS\Downloaded Program Files\scanoptions.tsi,C:\WINDOWS\Downloaded Program Files\lang.ini,C:\WINDOWS\Downloaded Program Files\ipsupd.dll,C:\WINDOWS\Downloaded Program Files\bdupd.dll,C:\WINDOWS\Downloaded Program Files\libfn.dll,","BDSCANONLINE Control","Detected"
"00:05","ActiveX and other downloaded software","http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab","C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x,C:\WINDOWS\bdoscandellang.ini,C:\WINDOWS\bdoscandel.exe,C:\WINDOWS\Downloaded Program Files\live.ini,C:\WINDOWS\Downloaded Program Files\scanoptions.tsi,C:\WINDOWS\Downloaded Program Files\lang.ini,C:\WINDOWS\Downloaded Program Files\ipsupd.dll,C:\WINDOWS\Downloaded Program Files\bdupd.dll,C:\WINDOWS\Downloaded Program Files\libfn.dll,","BDSCANONLINE Control","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect",""00:07","Registry","Dialer_WinMovie","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Adware_MediaMotor","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:11","Registry","Adware_MediaMotor","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:12","Registry","Adware_MediaMotor","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:12","Registry","Adware_MediaMotor","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:12","Registry","Adware_MediaMotor","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:17","File System","Freeloader_Smitfraud","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","dumphive.exe","Detected"
"00:17","File System","RAP_Generic","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","swxcacls.exe","Detected"
"00:58","File System","Freeloader_Smitfraud","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix\","dumphive.exe","Detected"
"00:58","File System","RAP_Generic","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix\","swxcacls.exe","Detected"
"01:04","File System","RAP_Generic","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","swxcacls.exe","Quarantined"
"01:19","File System","Freeloader_Smitfraud","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","dumphive.exe","Quarantined"
(((log highjackthis )))
Logfile of HijackThis v1.99.1
Scan saved at 14:39:15, on 2007-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\softwin\bitdefender9\vsserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Soulseek\slsk.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Yannick\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxymicrosoft.com:80
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Kiri] C:\Program Files\Kiri\Kiri.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\program files\softwin\bitdefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
mon program lag toujours et jessai de trouver dautre program pour aider a la desinfection la bataille continue!!!
Vehement
mon saboter les cookies .je ne pouvais plus entrer dans mais email et je ne pouvais plus apercevoir les cookie quand je tecrivais
le cookie code lol.
la jai desintasller le firewall tu ma donner pour le changer contre sygate parce que sa block mes envoie de fichier dans mirc mais mon mirc crash toujours jy comprend rien
et jai lanti virus trend micro version trial expirer
pas l droit au update
et cest ca qui ma sauver et adaware2007 et xoftspy ma vielle version
et la nouvelle mon tous enlever des vermine aussi je te paste le log de trend micro
mais avant xoftspy a detecter ISTBar(registrekeymalaware) et Mirar(registrekeyworm)et TorrentQ supposement ses effacer.
je download en torrent quelque fois entk jvas faire plus attention la prochaine fois.
mais la cause de sa es un mauvais site que jallais il mavais lair pas dangereux pourtant mais ...ca l air que oui
log trend micro ce qui a eliminer supposement
"Spyware Scan Logs","2007/08/26","HOMEUSER"
"Time","Area","Item Name","Detected Resource","Target","Action"
"00:03","ActiveX and other downloaded software","http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab","C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x,C:\WINDOWS\bdoscandellang.ini,C:\WINDOWS\bdoscandel.exe,C:\WINDOWS\Downloaded Program Files\live.ini,C:\WINDOWS\Downloaded Program Files\scanoptions.tsi,C:\WINDOWS\Downloaded Program Files\lang.ini,C:\WINDOWS\Downloaded Program Files\ipsupd.dll,C:\WINDOWS\Downloaded Program Files\bdupd.dll,C:\WINDOWS\Downloaded Program Files\libfn.dll,","BDSCANONLINE Control","Detected"
"00:04","ActiveX and other downloaded software","http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab","C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x,C:\WINDOWS\bdoscandellang.ini,C:\WINDOWS\bdoscandel.exe,C:\WINDOWS\Downloaded Program Files\live.ini,C:\WINDOWS\Downloaded Program Files\scanoptions.tsi,C:\WINDOWS\Downloaded Program Files\lang.ini,C:\WINDOWS\Downloaded Program Files\ipsupd.dll,C:\WINDOWS\Downloaded Program Files\bdupd.dll,C:\WINDOWS\Downloaded Program Files\libfn.dll,","BDSCANONLINE Control","Detected"
"00:05","ActiveX and other downloaded software","http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab","C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x,C:\WINDOWS\bdoscandellang.ini,C:\WINDOWS\bdoscandel.exe,C:\WINDOWS\Downloaded Program Files\live.ini,C:\WINDOWS\Downloaded Program Files\scanoptions.tsi,C:\WINDOWS\Downloaded Program Files\lang.ini,C:\WINDOWS\Downloaded Program Files\ipsupd.dll,C:\WINDOWS\Downloaded Program Files\bdupd.dll,C:\WINDOWS\Downloaded Program Files\libfn.dll,","BDSCANONLINE Control","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz","*","Detected"
"00:07","Registry","Dialer_FreeConnect",""00:07","Registry","Dialer_WinMovie","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\linkautomatici.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:07","Registry","Dialer_WinMovie","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","Adware_MedLoad","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","TSPY_LowZones.BR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_YesLimited","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xbeta69.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:08","Registry","Dialer_PornDial","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:09","Registry","Downloader_Sxload","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sxload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywinnings.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\f1organizer.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:10","Registry","TSPY_Agent.NR","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\topconverting.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","Adware_MSInfo","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet-optimizer.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","TSPY_Small","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\movies-etc.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Dialer_FreeConnect","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com","*","Detected"
"00:11","Registry","Adware_MediaMotor","HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:11","Registry","Adware_MediaMotor","HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:12","Registry","Adware_MediaMotor","HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:12","Registry","Adware_MediaMotor","HKU\S-1-5-21-1659004503-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:12","Registry","Adware_MediaMotor","HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mmohsix.com","*","Detected"
"00:17","File System","Freeloader_Smitfraud","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","dumphive.exe","Detected"
"00:17","File System","RAP_Generic","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","swxcacls.exe","Detected"
"00:58","File System","Freeloader_Smitfraud","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix\","dumphive.exe","Detected"
"00:58","File System","RAP_Generic","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix\","swxcacls.exe","Detected"
"01:04","File System","RAP_Generic","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","swxcacls.exe","Quarantined"
"01:19","File System","Freeloader_Smitfraud","C:\Documents and Settings\Yannick\Bureau\smitfraud anti spy\SmitfraudFix","dumphive.exe","Quarantined"
(((log highjackthis )))
Logfile of HijackThis v1.99.1
Scan saved at 14:39:15, on 2007-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\softwin\bitdefender9\vsserv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Soulseek\slsk.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Yannick\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxymicrosoft.com:80
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Kiri] C:\Program Files\Kiri\Kiri.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_components/control/activex/TmHcmsX.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49E71DB9-E803-43BA-AF81-1CAF61A6C4CB} (F-Secure Online Scanner 3.2) - https://www.f-secure.com/en/home/support
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Dialer\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\program files\softwin\bitdefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
mon program lag toujours et jessai de trouver dautre program pour aider a la desinfection la bataille continue!!!
Vehement
DeNisCoOl
Messages postés
2802
Date d'inscription
vendredi 19 août 2005
Statut
Membre
Dernière intervention
28 février 2011
224
26 août 2007 à 21:16
26 août 2007 à 21:16
salut,
arrêtes mIRC pour le moment car tu dois peut être te réinfecter.
trend micro sur le log je vois juste detected rien de plus.
as tu désactivé la restauration système? (clic droit sur poste de travail / onglet restauration système / cocher désactiver)
ensuite essayes cette procédure Navilog:
https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html
Option 1 pour Recherche.
Puis **SI** il détectes quelques chose, redémarres en mode sans échec (tapoter bouton F8) et exécutes l'option 2 (Désinfection automatique...)
(colle le log du scan)
Enuiste repasses un scan en ligne Bitdefender
(colle le log du scan)
Spybot
colle un autre HiJackthis
bye
Denis
arrêtes mIRC pour le moment car tu dois peut être te réinfecter.
trend micro sur le log je vois juste detected rien de plus.
as tu désactivé la restauration système? (clic droit sur poste de travail / onglet restauration système / cocher désactiver)
ensuite essayes cette procédure Navilog:
https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html
Option 1 pour Recherche.
Puis **SI** il détectes quelques chose, redémarres en mode sans échec (tapoter bouton F8) et exécutes l'option 2 (Désinfection automatique...)
(colle le log du scan)
Enuiste repasses un scan en ligne Bitdefender
(colle le log du scan)
Spybot
colle un autre HiJackthis
bye
Denis
Search Navipromo version 2.0.9 commencé le 2007-08-26 à 15:45:33,62
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Yannick\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.
[+] Started on 08/26/07 at 15:45:44.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .......................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 08/26/07 at 15:51:57 (return code = 0).
*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
Fichiers trouvés :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
3)Recherche Certificats :
Certificat Egroup absent !
*** Analyse Terminé le 2007-08-26 à 15:53:34,43 ***
Vehement
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Executé en mode normal
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Yannick\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.
[+] Started on 08/26/07 at 15:45:44.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .......................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 08/26/07 at 15:51:57 (return code = 0).
*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
Fichiers trouvés :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Recherche fichiers ***
*** Recherche cles registre ***
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
Recherche Clé Magic Control
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
3)Recherche Certificats :
Certificat Egroup absent !
*** Analyse Terminé le 2007-08-26 à 15:53:34,43 ***
Vehement
DeNisCoOl
Messages postés
2802
Date d'inscription
vendredi 19 août 2005
Statut
Membre
Dernière intervention
28 février 2011
224
27 août 2007 à 04:41
27 août 2007 à 04:41
salut,
Semble t-il Navilog n'a rien trouvé
Repasses un scan en ligne Bitdefender
(colle le log du scan)
Spybot
colle un autre HiJackthis
bye
Denis
Semble t-il Navilog n'a rien trouvé
Repasses un scan en ligne Bitdefender
(colle le log du scan)
Spybot
colle un autre HiJackthis
bye
Denis
voici le log navilog en mode sans echec
Clean Navipromo version 2.0.9 commencé le 2007-08-27 à 1:46:36,73
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
*** Recherche avec GenericNaviSearch ***
!!! Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
Fichiers trouvés supprimés avec backups :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Yannick\Application Data ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Yannick\Local Settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Certificats :
Certificat Egroup absent !
*** Sauvegarde du registre vers dossier Backupnavi ***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Erreur application fixreg
Le registre n'a pas été nettoyé !
*** Nettoyage termine le 2007-08-27 à 1:52:57,14 ***
apres que tu maille di de desamorcer la restoration system trend micro a trouver ceci juste le nom meffrais je lai remover en espoir qu il es remover generic_grayware c:\sdfix\apps\cliptext.exe
je scan avec trend micro,et les autre
je te recommunic
Vehement
Clean Navipromo version 2.0.9 commencé le 2007-08-27 à 1:46:36,73
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 20.08.2007 a 22h30 by IL-MAFIOSO
Mode suppression automatique avec prise en charge résultats Blacklight
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
*** Recherche avec GenericNaviSearch ***
!!! Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
Fichiers trouvés supprimés avec backups :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Suppression dossiers dans C:\WINDOWS ***
*** Suppression dossiers dans C:\Program Files ***
*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Suppression dossiers dans C:\Documents and Settings\Yannick\Application Data ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Yannick\Local Settings\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche et Suppression Heuristique :
*
**
***
****
*****
******
*******
********
3)Certificats :
Certificat Egroup absent !
*** Sauvegarde du registre vers dossier Backupnavi ***
sauvegarde du registre réalise avec succes !
*** Nettoyage registre ***
Erreur application fixreg
Le registre n'a pas été nettoyé !
*** Nettoyage termine le 2007-08-27 à 1:52:57,14 ***
apres que tu maille di de desamorcer la restoration system trend micro a trouver ceci juste le nom meffrais je lai remover en espoir qu il es remover generic_grayware c:\sdfix\apps\cliptext.exe
je scan avec trend micro,et les autre
je te recommunic
Vehement