A voir également:
- Un trojan qui persiste depuis quatre jours!!!
- Compte facebook suspendu 180 jours - Guide
- Compte instagram suspendu 180 jours - Guide
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Trojan wacatac ✓ - Forum Virus
70 réponses
bainoit
Messages postés
196
Date d'inscription
mercredi 14 novembre 2007
Statut
Membre
Dernière intervention
14 janvier 2008
9
15 nov. 2007 à 17:09
15 nov. 2007 à 17:09
essaye rogue remover il est spécialisé pour sa
Ce truc persiste toujours !!! je ne sais pas si j'ai fait un truc de travers mais quelqu'un aidez moi !!!! sinon je vais craquer !!! U___U'''
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
15 nov. 2007 à 17:32
15 nov. 2007 à 17:32
Salut avi
Commence comme ceci SVP:
Télécharge ComboFix.exe (par sUBs) sur ton Bureau:
< http://download.bleepingcomputer.com/sUBs/ComboFix.exe > -1,41 Mo (1.483.997 octets)
- Double clique sur l'icône de ComboFix.exe du bureau, [Exécuter] et suis les invites.
Tape 1 puis [Enter] . Accepter les alertes éventuelles. Laisse se dérouler le scan.
Lorsque le scan sera complété, un rapport apparaîtra sur le bureau.
Tu copies et colles ce rapport sur le forum
Et si tu le peux, donne-moi le premier rapport de ComboFix que tu as fait.
Merci
Al.
Commence comme ceci SVP:
Télécharge ComboFix.exe (par sUBs) sur ton Bureau:
< http://download.bleepingcomputer.com/sUBs/ComboFix.exe > -1,41 Mo (1.483.997 octets)
- Double clique sur l'icône de ComboFix.exe du bureau, [Exécuter] et suis les invites.
Tape 1 puis [Enter] . Accepter les alertes éventuelles. Laisse se dérouler le scan.
Lorsque le scan sera complété, un rapport apparaîtra sur le bureau.
Tu copies et colles ce rapport sur le forum
Et si tu le peux, donne-moi le premier rapport de ComboFix que tu as fait.
Merci
Al.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
et Voilà ce que tu as demandé sur combofix afideg:
ComboFix 07-11-08.1 - valou2007-11-16 0:46:44.2 - NTFSx86
Running from: C:\Documents and Settings\valou\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\valou\Bureau\Live Safety Center.lnk
C:\Documents and Settings\valou\Bureau\Online Security Guide.lnk
C:\Documents and Settings\valou\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\zobhdqqo.dllbox
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.
2007-11-16 00:16 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-11-15 23:40 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-11-15 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:22 <REP> d----c--- C:\hijackthis_199
2007-11-15 21:10 79,936 --a------ C:\WINDOWS\system32\pbfkwprl.dll
2007-11-15 21:07 85,056 --a------ C:\WINDOWS\system32\dngknxww.dll
2007-11-15 21:03 71,232 --a------ C:\WINDOWS\system32\mqplhvrx.exe
2007-11-15 06:54 4,528 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 06:52 <REP> d----c--- C:\SmitfraudFix
2007-11-15 06:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-15 06:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-15 06:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 06:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-15 06:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-15 06:25 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 06:24 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-15 06:24 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-15 06:24 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-15 06:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-15 06:24 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-15 06:23 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-15 06:23 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-15 06:01 212,843 --a--c--- C:\hijackthis_199.zip
2007-11-15 05:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-15 00:20 79,424 --a------ C:\WINDOWS\system32\tngygkox.dll
2007-11-15 00:05 672,020 --a------ C:\WINDOWS\system32\pmodtoxh.ini.ren
2007-11-15 00:05 85,056 --a------ C:\WINDOWS\system32\hxotdomp.dll.ren
2007-11-14 08:08 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 08:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 07:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 07:46 <REP> d-------- C:\Program Files\Yahoo!
2007-11-14 07:46 <REP> d-------- C:\Program Files\CCleaner
2007-11-13 14:56 71,232 --a------ C:\WINDOWS\system32\udxolurp.exe
2007-11-13 14:55 145,984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
2007-11-13 14:54 145,984 --a------ C:\WINDOWS\system32\owaxberp.dll
2007-11-12 17:28 35,328 --a------ C:\WINDOWS\system32\vtuvvwv.dll
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini2.ren
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini.ren
2007-11-12 17:26 35,328 --a------ C:\WINDOWS\system32\wvuusrq.dll
2007-11-12 17:22 <REP> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-12 17:22 <REP> d--hs---- C:\WINDOWS\dmFs6XJpZQ
2007-11-12 17:22 <REP> d----c--- C:\Temp\abW9
2007-11-12 17:22 <REP> d----c--- C:\Temp
2007-11-12 17:22 35,328 --a------ C:\WINDOWS\system32\khfcded.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-22 00:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-22 00:46 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-22 00:46 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 16:30 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 23:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:00 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2007-10-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2005-08-11 13:48:57 104 -csh--r C:\WINDOWS\system32\9060AE1E38.sys
2006-05-30 11:35:34 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ec34730-1724-4592-b5aa-e6560066ea37}]
2007-11-15 21:10 79936 --a------ C:\WINDOWS\System32\pbfkwprl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 14:55 145984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zobhdqqo.dll [2007-11-13 14:55 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 11:40]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-02 15:16 C:\WINDOWS\system32\Ati2mdxx.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 22:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 03:00]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-05-13 18:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-27 22:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-13 18:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 15:21]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:56]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-04-04 11:55]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 21:40 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-16 00:18]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42]
"71553283"="C:\WINDOWS\System32\dngknxww.dll" [2007-11-15 21:07]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 09:38]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zobhdqqo]
zobhdqqo.dll 2007-11-13 14:55 145984 C:\WINDOWS\system32\zobhdqqo.dll
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-27 13:39:26 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2005-11-02 08:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - valérie.job"
"2007-11-15 17:03:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 00:59:15
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A)w?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-16 1:04:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-15 22:25
.
--- E O F ---
ComboFix 07-11-08.1 - valou2007-11-16 0:46:44.2 - NTFSx86
Running from: C:\Documents and Settings\valou\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\valou\Bureau\Live Safety Center.lnk
C:\Documents and Settings\valou\Bureau\Online Security Guide.lnk
C:\Documents and Settings\valou\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\zobhdqqo.dllbox
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.
2007-11-16 00:16 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-11-15 23:40 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-11-15 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:22 <REP> d----c--- C:\hijackthis_199
2007-11-15 21:10 79,936 --a------ C:\WINDOWS\system32\pbfkwprl.dll
2007-11-15 21:07 85,056 --a------ C:\WINDOWS\system32\dngknxww.dll
2007-11-15 21:03 71,232 --a------ C:\WINDOWS\system32\mqplhvrx.exe
2007-11-15 06:54 4,528 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 06:52 <REP> d----c--- C:\SmitfraudFix
2007-11-15 06:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-15 06:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-15 06:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 06:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-15 06:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-15 06:25 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 06:24 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-15 06:24 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-15 06:24 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-15 06:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-15 06:24 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-15 06:23 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-15 06:23 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-15 06:01 212,843 --a--c--- C:\hijackthis_199.zip
2007-11-15 05:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-15 00:20 79,424 --a------ C:\WINDOWS\system32\tngygkox.dll
2007-11-15 00:05 672,020 --a------ C:\WINDOWS\system32\pmodtoxh.ini.ren
2007-11-15 00:05 85,056 --a------ C:\WINDOWS\system32\hxotdomp.dll.ren
2007-11-14 08:08 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 08:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 07:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 07:46 <REP> d-------- C:\Program Files\Yahoo!
2007-11-14 07:46 <REP> d-------- C:\Program Files\CCleaner
2007-11-13 14:56 71,232 --a------ C:\WINDOWS\system32\udxolurp.exe
2007-11-13 14:55 145,984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
2007-11-13 14:54 145,984 --a------ C:\WINDOWS\system32\owaxberp.dll
2007-11-12 17:28 35,328 --a------ C:\WINDOWS\system32\vtuvvwv.dll
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini2.ren
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini.ren
2007-11-12 17:26 35,328 --a------ C:\WINDOWS\system32\wvuusrq.dll
2007-11-12 17:22 <REP> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-12 17:22 <REP> d--hs---- C:\WINDOWS\dmFs6XJpZQ
2007-11-12 17:22 <REP> d----c--- C:\Temp\abW9
2007-11-12 17:22 <REP> d----c--- C:\Temp
2007-11-12 17:22 35,328 --a------ C:\WINDOWS\system32\khfcded.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-22 00:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-22 00:46 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-22 00:46 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 16:30 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 23:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:00 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2007-10-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2005-08-11 13:48:57 104 -csh--r C:\WINDOWS\system32\9060AE1E38.sys
2006-05-30 11:35:34 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ec34730-1724-4592-b5aa-e6560066ea37}]
2007-11-15 21:10 79936 --a------ C:\WINDOWS\System32\pbfkwprl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 14:55 145984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zobhdqqo.dll [2007-11-13 14:55 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 11:40]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-02 15:16 C:\WINDOWS\system32\Ati2mdxx.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 22:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 03:00]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-05-13 18:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-27 22:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-13 18:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 15:21]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:56]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-04-04 11:55]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 21:40 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-16 00:18]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42]
"71553283"="C:\WINDOWS\System32\dngknxww.dll" [2007-11-15 21:07]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 09:38]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zobhdqqo]
zobhdqqo.dll 2007-11-13 14:55 145984 C:\WINDOWS\system32\zobhdqqo.dll
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-27 13:39:26 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2005-11-02 08:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - valérie.job"
"2007-11-15 17:03:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 00:59:15
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A)w?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-16 1:04:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-15 22:25
.
--- E O F ---
et voilà le premier rapport de combofix que j'ai fait effectué comme je pouvais , désoler pour le double post !!!
ComboFix 07-11-08.1 - valou 2007-11-15 22:06:19.1 - NTFSx86
Running from: C:\Documents and Settings\valou\Bureau\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\valou\Bureau\Live Safety Center.lnk
C:\Documents and Settings\valou\Bureau\Online Security Guide.lnk
C:\Documents and Settings\valou\Favoris\Online Security Guide.lnk
C:\Documents and Settings\valou\ResErrors.log
C:\Program Files\BestsellerAntivirus
C:\Program Files\BestsellerAntivirus\history.db
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\k1
C:\WINDOWS\system32\k1\jumper83122.exe
C:\WINDOWS\system32\o4
C:\WINDOWS\system32\o4\revdrive33b.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\System32\ssqrp.dll
C:\WINDOWS\system32\zobhdqqo.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.
2007-11-15 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:22 <REP> d----c--- C:\hijackthis_199
2007-11-15 21:10 79,936 --a------ C:\WINDOWS\system32\pbfkwprl.dll
2007-11-15 21:07 85,056 --a------ C:\WINDOWS\system32\dngknxww.dll
2007-11-15 21:03 71,232 --a------ C:\WINDOWS\system32\mqplhvrx.exe
2007-11-15 06:54 4,528 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 06:52 <REP> d----c--- C:\SmitfraudFix
2007-11-15 06:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-15 06:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-15 06:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 06:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-15 06:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-15 06:25 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 06:24 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-15 06:24 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-15 06:24 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-15 06:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-15 06:24 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-15 06:23 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-15 06:23 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-15 06:01 212,843 --a--c--- C:\hijackthis_199.zip
2007-11-15 05:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-15 00:20 79,424 --a------ C:\WINDOWS\system32\tngygkox.dll
2007-11-15 00:05 672,020 --a------ C:\WINDOWS\system32\pmodtoxh.ini.ren
2007-11-15 00:05 85,056 --a------ C:\WINDOWS\system32\hxotdomp.dll.ren
2007-11-14 08:08 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 08:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 07:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 07:46 <REP> d-------- C:\Program Files\Yahoo!
2007-11-14 07:46 <REP> d-------- C:\Program Files\CCleaner
2007-11-13 14:56 71,232 --a------ C:\WINDOWS\system32\udxolurp.exe
2007-11-13 14:55 145,984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
2007-11-13 14:54 145,984 --a------ C:\WINDOWS\system32\owaxberp.dll
2007-11-12 17:28 35,328 --a------ C:\WINDOWS\system32\vtuvvwv.dll
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini2.ren
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini.ren
2007-11-12 17:26 35,328 --a------ C:\WINDOWS\system32\wvuusrq.dll
2007-11-12 17:22 <REP> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-12 17:22 <REP> d--hs---- C:\WINDOWS\dmFs6XJpZQ
2007-11-12 17:22 <REP> d----c--- C:\Temp\abW9
2007-11-12 17:22 <REP> d----c--- C:\Temp
2007-11-12 17:22 35,328 --a------ C:\WINDOWS\system32\khfcded.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-22 00:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-22 00:46 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-22 00:46 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 14:01 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 23:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:00 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2007-10-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-09 13:27 808,720 ----a-w C:\WINDOWS\system32\pdrtvctl.dll
2007-09-09 13:27 210,704 ----a-w C:\WINDOWS\system32\pdrtvf2.dll
2007-09-09 13:27 206,608 ----a-w C:\WINDOWS\system32\pdrtvsvr.exe
2007-09-09 13:27 153,360 ----a-w C:\WINDOWS\system32\pdrtvf1.dll
2007-09-09 13:27 1,097,488 ----a-w C:\WINDOWS\system32\pavc.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2005-08-11 13:48:57 104 -csh--r C:\WINDOWS\system32\9060AE1E38.sys
2006-05-30 11:35:34 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ec34730-1724-4592-b5aa-e6560066ea37}]
2007-11-15 21:10 79936 --a------ C:\WINDOWS\System32\pbfkwprl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 14:55 145984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zobhdqqo.dll [2007-11-13 14:55 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 11:40]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-02 15:16 C:\WINDOWS\system32\Ati2mdxx.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 22:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 03:00]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-05-13 18:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-27 22:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-13 18:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 15:21]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:56]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-04-04 11:55]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 21:40 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-16 00:18]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42]
"71553283"="C:\WINDOWS\System32\dngknxww.dll" [2007-11-15 21:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 09:38]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zobhdqqo]
zobhdqqo.dll 2007-11-13 14:55 145984 C:\WINDOWS\system32\zobhdqqo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqrp.dll
R0 $sys$cor;$sys$cor;C:\WINDOWS\System32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\System32\$sys$filesystem\crater.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys
R2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
S3 CE3;Service de la carte Xircom Ethernet 10/100;C:\WINDOWS\System32\DRIVERS\ce3n5.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-27 13:39:26 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2005-11-02 08:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - valérie.job"
"2007-11-15 14:23:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 22:13:43
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A)w?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 22:25:29 - machine was rebooted
.
--- E O F ---
ComboFix 07-11-08.1 - valou 2007-11-15 22:06:19.1 - NTFSx86
Running from: C:\Documents and Settings\valou\Bureau\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\valou\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\valou\Bureau\Live Safety Center.lnk
C:\Documents and Settings\valou\Bureau\Online Security Guide.lnk
C:\Documents and Settings\valou\Favoris\Online Security Guide.lnk
C:\Documents and Settings\valou\ResErrors.log
C:\Program Files\BestsellerAntivirus
C:\Program Files\BestsellerAntivirus\history.db
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\UGA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\c3
C:\WINDOWS\system32\k1
C:\WINDOWS\system32\k1\jumper83122.exe
C:\WINDOWS\system32\o4
C:\WINDOWS\system32\o4\revdrive33b.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\System32\ssqrp.dll
C:\WINDOWS\system32\zobhdqqo.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))))))))
.
2007-11-15 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:22 <REP> d----c--- C:\hijackthis_199
2007-11-15 21:10 79,936 --a------ C:\WINDOWS\system32\pbfkwprl.dll
2007-11-15 21:07 85,056 --a------ C:\WINDOWS\system32\dngknxww.dll
2007-11-15 21:03 71,232 --a------ C:\WINDOWS\system32\mqplhvrx.exe
2007-11-15 06:54 4,528 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 06:52 <REP> d----c--- C:\SmitfraudFix
2007-11-15 06:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-15 06:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-15 06:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 06:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-15 06:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-15 06:25 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 06:24 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-15 06:24 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-15 06:24 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-15 06:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-15 06:24 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-15 06:23 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-15 06:23 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-15 06:01 212,843 --a--c--- C:\hijackthis_199.zip
2007-11-15 05:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-15 00:20 79,424 --a------ C:\WINDOWS\system32\tngygkox.dll
2007-11-15 00:05 672,020 --a------ C:\WINDOWS\system32\pmodtoxh.ini.ren
2007-11-15 00:05 85,056 --a------ C:\WINDOWS\system32\hxotdomp.dll.ren
2007-11-14 08:08 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 08:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 07:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 07:46 <REP> d-------- C:\Program Files\Yahoo!
2007-11-14 07:46 <REP> d-------- C:\Program Files\CCleaner
2007-11-13 14:56 71,232 --a------ C:\WINDOWS\system32\udxolurp.exe
2007-11-13 14:55 145,984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
2007-11-13 14:54 145,984 --a------ C:\WINDOWS\system32\owaxberp.dll
2007-11-12 17:28 35,328 --a------ C:\WINDOWS\system32\vtuvvwv.dll
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini2.ren
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini.ren
2007-11-12 17:26 35,328 --a------ C:\WINDOWS\system32\wvuusrq.dll
2007-11-12 17:22 <REP> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-12 17:22 <REP> d--hs---- C:\WINDOWS\dmFs6XJpZQ
2007-11-12 17:22 <REP> d----c--- C:\Temp\abW9
2007-11-12 17:22 <REP> d----c--- C:\Temp
2007-11-12 17:22 35,328 --a------ C:\WINDOWS\system32\khfcded.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-22 00:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-22 00:46 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-22 00:46 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 14:01 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 23:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:00 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2007-10-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-09 13:27 808,720 ----a-w C:\WINDOWS\system32\pdrtvctl.dll
2007-09-09 13:27 210,704 ----a-w C:\WINDOWS\system32\pdrtvf2.dll
2007-09-09 13:27 206,608 ----a-w C:\WINDOWS\system32\pdrtvsvr.exe
2007-09-09 13:27 153,360 ----a-w C:\WINDOWS\system32\pdrtvf1.dll
2007-09-09 13:27 1,097,488 ----a-w C:\WINDOWS\system32\pavc.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2005-08-11 13:48:57 104 -csh--r C:\WINDOWS\system32\9060AE1E38.sys
2006-05-30 11:35:34 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ec34730-1724-4592-b5aa-e6560066ea37}]
2007-11-15 21:10 79936 --a------ C:\WINDOWS\System32\pbfkwprl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 14:55 145984 --a------ C:\WINDOWS\system32\zobhdqqo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zobhdqqo.dll [2007-11-13 14:55 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 11:40]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-02 15:16 C:\WINDOWS\system32\Ati2mdxx.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 22:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 03:00]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-05-13 18:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-27 22:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-13 18:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 15:21]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:56]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-04-04 11:55]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 21:40 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-16 00:18]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42]
"71553283"="C:\WINDOWS\System32\dngknxww.dll" [2007-11-15 21:07]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 09:38]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zobhdqqo]
zobhdqqo.dll 2007-11-13 14:55 145984 C:\WINDOWS\system32\zobhdqqo.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ssqrp.dll
R0 $sys$cor;$sys$cor;C:\WINDOWS\System32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\System32\$sys$filesystem\crater.sys
R1 Cinemsup;Cinemsup;C:\WINDOWS\System32\drivers\Cinemsup.sys
R2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
S3 CE3;Service de la carte Xircom Ethernet 10/100;C:\WINDOWS\System32\DRIVERS\ce3n5.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-27 13:39:26 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2005-11-02 08:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - valérie.job"
"2007-11-15 14:23:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 22:13:43
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A)w?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-15 22:25:29 - machine was rebooted
.
--- E O F ---
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
15 nov. 2007 à 18:52
15 nov. 2007 à 18:52
Re,
Merci
Patiente, je passe à table.
À ce soir.
Fais ceci en attendanr SVP :
1)- Fais un ScanOnline PANDA( sous Internet explorer donc )< https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm >
•- Procédure : "Analyser votre pc" -> "suivant" -> remplir adresse mail (factice) -> Pays/Etat-région -> envoyer -> laisser se dérouler le téléchargement du contrôle ActiveX -> sélectionner "Poste de Travail" -> fermer la popup.
•- Un tuto < https://www.malekal.com/scan-antivirus-ligne-nod32/ > ) ou là < https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId23736 >
NOTE* A la fin du scanning, sauvegarde et fais un copier/coller du rapport d'analyse dans ta prochaine réponse
Attention!! Panda peut entrer en conflit avec autre antivirus . Par exemple, pour pouvoir télécharger le contrôle active x de Panda, il faut que tu désactives le bouclier web d'Avast le temps du scan.
2)- ScanOnline secuser.com http://support.f-secure.fr/fra/home/ols.shtml
Activer les Actives X
Merci
Al
Merci
Patiente, je passe à table.
À ce soir.
Fais ceci en attendanr SVP :
1)- Fais un ScanOnline PANDA( sous Internet explorer donc )< https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm >
•- Procédure : "Analyser votre pc" -> "suivant" -> remplir adresse mail (factice) -> Pays/Etat-région -> envoyer -> laisser se dérouler le téléchargement du contrôle ActiveX -> sélectionner "Poste de Travail" -> fermer la popup.
•- Un tuto < https://www.malekal.com/scan-antivirus-ligne-nod32/ > ) ou là < https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId23736 >
NOTE* A la fin du scanning, sauvegarde et fais un copier/coller du rapport d'analyse dans ta prochaine réponse
Attention!! Panda peut entrer en conflit avec autre antivirus . Par exemple, pour pouvoir télécharger le contrôle active x de Panda, il faut que tu désactives le bouclier web d'Avast le temps du scan.
2)- ScanOnline secuser.com http://support.f-secure.fr/fra/home/ols.shtml
Activer les Actives X
Merci
Al
et me revoilà !! voilà le rapport en question sous panda:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-16 03:06:54
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2004 10.00.10 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@doubleclick[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@fastclick[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@clickbank[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@bluestreak[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@smartadserver[1].txt
00508894 Rootkit/XCP HackTools Yes 1 Yes No C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\udxolurp.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mqplhvrx.exe
02688348 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\ZOBHDQQO.DLL
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\owaxberp.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-16 03:06:54
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2004 10.00.10 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@doubleclick[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@fastclick[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@clickbank[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@bluestreak[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@smartadserver[1].txt
00508894 Rootkit/XCP HackTools Yes 1 Yes No C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\udxolurp.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mqplhvrx.exe
02688348 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\ZOBHDQQO.DLL
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\owaxberp.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
une partie du rapport est mal sortie le revoilà ici!
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-16 03:06:54
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2004 10.00.10 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@doubleclick[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@fastclick[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@clickbank[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@bluestreak[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@smartadserver[1].txt
00508894 Rootkit/XCP HackTools Yes 1 Yes No C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\udxolurp.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mqplhvrx.exe
02688348 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\ZOBHDQQO.DLL
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\owaxberp.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-11-16 03:06:54
PROTECTIONS: 1
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Antivirus 2004 10.00.10 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@doubleclick[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@fastclick[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@clickbank[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@weborama[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@bluestreak[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\valérie\Cookies\valérie@smartadserver[1].txt
00508894 Rootkit/XCP HackTools Yes 1 Yes No C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\udxolurp.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\mqplhvrx.exe
02688348 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\SYSTEM32\ZOBHDQQO.DLL
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\owaxberp.dll
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
15 nov. 2007 à 21:24
15 nov. 2007 à 21:24
Merci
C'est pas de la tarte cette infection.
Nous n'aurons pas fini ce soir.
A1)- Poste le rapport ScanOnline secuser s'il y en a un. SVP.
B2)- Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau
dans ta prochaine réponse.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
C3)- Effectuer un eScan Antivirus Toolkit < https://www.malekal.com/tutorial-escan-antivirus-toolkit/ >
À exécuter en mode sans échec (< http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 > ) et restauration système désactivée (< http://www.libellules.ch/desactiver_restauration.php > afin de pouvoir effectuer un nettoyage complet.
Étape 1:
Télécharge eScan Antivirus Toolkit ici:
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau > puis [Exécuter]
Dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky)
< https://www.hiboox.com >
Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").
< https://www.hiboox.com >
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier "Kaspersky" ; ensuite, double-clique sur le fichier kavupd.exe.
< https://www.hiboox.com >
Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).
4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.
Ne pas lancer le scan tout de suite !
Étape 3:
•- Désactive la restauration système :
"Démarrer"> clic droit sur "Poste de Travail"> "Propriétés système"> onglet "Restauration du système"> cocher la case "Désactiver la Restauration du système" > [Appliquer] >OK
Pour la suite, tu n’auras pas accès à Internet, ni donc à CCM ; copie ou imprime donc la procédure suivante pour ne rien oublier .
•- Redémarre en mode Sans Échec :
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 >
Choisir sa session habituelle, (pas le compte "Administrateur" ou une autre).
Étape 4:
Sous le Mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier « mwavscan.com » situé dans le dossier C:\Kaspersky
2.) Double-clique sur « mwavscan.com » ; l'interface d'eScan va apparaître à l'écran.
3.) Coche les options comme indiquées sur cette page < https://www.malekal.com/fichiers/eScan/eScan3.png > ; c’est-à-dire:
- Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, (et non "Program Files").
6.) Puis en bas à droite, clic sur « Scan Clean » et laisse l’outil vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras « Scan Completed ». Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre « Virus Log Information » (la deuxième, au bas) dans le fichier texte, et sauvegarde-le sur le bureau ( pour le retrouver facilement – donne-lui un nom, par ex KAS -).
(eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum).
Ferme le programme.
Redémarre ton PC en mode Normal.
Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
D)- Relance une analyse ComboFix.
Sois patient surtout.
Et ne fais rien d'autre que ce qui est demandé.
Merci
C'est pas de la tarte cette infection.
Nous n'aurons pas fini ce soir.
A1)- Poste le rapport ScanOnline secuser s'il y en a un. SVP.
B2)- Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau
dans ta prochaine réponse.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.
C3)- Effectuer un eScan Antivirus Toolkit < https://www.malekal.com/tutorial-escan-antivirus-toolkit/ >
À exécuter en mode sans échec (< http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 > ) et restauration système désactivée (< http://www.libellules.ch/desactiver_restauration.php > afin de pouvoir effectuer un nettoyage complet.
Étape 1:
Télécharge eScan Antivirus Toolkit ici:
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau > puis [Exécuter]
Dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky)
< https://www.hiboox.com >
Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").
< https://www.hiboox.com >
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier "Kaspersky" ; ensuite, double-clique sur le fichier kavupd.exe.
< https://www.hiboox.com >
Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).
4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.
Ne pas lancer le scan tout de suite !
Étape 3:
•- Désactive la restauration système :
"Démarrer"> clic droit sur "Poste de Travail"> "Propriétés système"> onglet "Restauration du système"> cocher la case "Désactiver la Restauration du système" > [Appliquer] >OK
Pour la suite, tu n’auras pas accès à Internet, ni donc à CCM ; copie ou imprime donc la procédure suivante pour ne rien oublier .
•- Redémarre en mode Sans Échec :
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 >
Choisir sa session habituelle, (pas le compte "Administrateur" ou une autre).
Étape 4:
Sous le Mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier « mwavscan.com » situé dans le dossier C:\Kaspersky
2.) Double-clique sur « mwavscan.com » ; l'interface d'eScan va apparaître à l'écran.
3.) Coche les options comme indiquées sur cette page < https://www.malekal.com/fichiers/eScan/eScan3.png > ; c’est-à-dire:
- Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, (et non "Program Files").
6.) Puis en bas à droite, clic sur « Scan Clean » et laisse l’outil vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras « Scan Completed ». Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre « Virus Log Information » (la deuxième, au bas) dans le fichier texte, et sauvegarde-le sur le bureau ( pour le retrouver facilement – donne-lui un nom, par ex KAS -).
(eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum).
Ferme le programme.
Redémarre ton PC en mode Normal.
Ensuite réactive ta restauration système
Clic droit sur « Poste de travail », puis sur « Propriétés »,
Vas sur l’onglet « Restauration système »
Tu décoches la case « Désactiver la restauration »
Termine par [Appliquer] [OK]
Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
D)- Relance une analyse ComboFix.
Sois patient surtout.
Et ne fais rien d'autre que ce qui est demandé.
Merci
le rapport scan online comme fait :
F-Secure Online Scanner 3.1.5 - Scanning Report - Friday, November 16, 2007 05:33:02Scanning
Report
Friday, November 16, 2007 03:55:48 - 05:33:00
Computer name: LUMINA
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 16 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.VB.bsp (virus)
C:\WINDOWS\SYSTEM32\RMA01YY\RMA01YY1065.EXE (Renamed)
Trojan.Win32.Obfuscated.kp (virus)
C:\WINDOWS\SYSTEM32\MQPLHVRX.EXE (Renamed)
C:\WINDOWS\SYSTEM32\UDXOLURP.EXE (Renamed)
Vundo.gen42 (virus)
C:\WINDOWS\SYSTEM32\KHFCDED.DLL
C:\WINDOWS\SYSTEM32\VTUVVWV.DLL
C:\WINDOWS\SYSTEM32\WVUUSRQ.DLL
W32/Malware.JR (virus)
C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
Statistics
Scanned:
Files: 32910
System: 5080
Not scanned: 9
Actions:
Disinfected: 1
Renamed: 3
Deleted: 0
None: 12
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\DHCPCSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\WZCDLG.DLL
C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-11-15
F-Secure AVP: 7.0.171, 2007-11-15
F-Secure Orion: 1.2.37, 2007-11-15
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.19.0, 2007-10-12
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT
MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR
BZ2 HQX
Use Advanced heuristics
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure Online Scanner 3.1.5 - Scanning Report - Friday, November 16, 2007 05:33:02Scanning
Report
Friday, November 16, 2007 03:55:48 - 05:33:00
Computer name: LUMINA
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 16 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.VB.bsp (virus)
C:\WINDOWS\SYSTEM32\RMA01YY\RMA01YY1065.EXE (Renamed)
Trojan.Win32.Obfuscated.kp (virus)
C:\WINDOWS\SYSTEM32\MQPLHVRX.EXE (Renamed)
C:\WINDOWS\SYSTEM32\UDXOLURP.EXE (Renamed)
Vundo.gen42 (virus)
C:\WINDOWS\SYSTEM32\KHFCDED.DLL
C:\WINDOWS\SYSTEM32\VTUVVWV.DLL
C:\WINDOWS\SYSTEM32\WVUUSRQ.DLL
W32/Malware.JR (virus)
C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
Statistics
Scanned:
Files: 32910
System: 5080
Not scanned: 9
Actions:
Disinfected: 1
Renamed: 3
Deleted: 0
None: 12
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\DHCPCSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\WZCDLG.DLL
C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-11-15
F-Secure AVP: 7.0.171, 2007-11-15
F-Secure Orion: 1.2.37, 2007-11-15
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.19.0, 2007-10-12
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT
MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR
BZ2 HQX
Use Advanced heuristics
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
Le rapport VBG.txt est fait :
[11/16/2007, 5:41:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\valou\Bureau\VirtumundoBeGone.exe" )
[11/16/2007, 5:42:00] - Detected System Information:
[11/16/2007, 5:42:00] - Windows Version: 5.1.2600, Service Pack 1
[11/16/2007, 5:42:00] - Current Username: valou (Admin)
[11/16/2007, 5:42:00] - Windows is in NORMAL mode.
[11/16/2007, 5:42:00] - Searching for Browser Helper Objects:
[11/16/2007, 5:42:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/16/2007, 5:42:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/16/2007, 5:42:00] - BHO 3: {4ec34730-1724-4592-b5aa-e6560066ea37} ()
[11/16/2007, 5:42:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:00] - Checking for HKLM\...\Winlogon\Notify\pbfkwprl
[11/16/2007, 5:42:00] - Key not found: HKLM\...\Winlogon\Notify\pbfkwprl, continuing.
[11/16/2007, 5:42:00] - BHO 4: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/16/2007, 5:42:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:00] - Checking for HKLM\...\Winlogon\Notify\zobhdqqo
[11/16/2007, 5:42:00] - Found: HKLM\...\Winlogon\Notify\zobhdqqo - This is probably Virtumundo.
[11/16/2007, 5:42:00] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[11/16/2007, 5:42:00] - BHO list has been changed! Starting over...
[11/16/2007, 5:42:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/16/2007, 5:42:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/16/2007, 5:42:00] - BHO 3: {4ec34730-1724-4592-b5aa-e6560066ea37} ()
[11/16/2007, 5:42:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:00] - Checking for HKLM\...\Winlogon\Notify\pbfkwprl
[11/16/2007, 5:42:00] - Key not found: HKLM\...\Winlogon\Notify\pbfkwprl, continuing.
[11/16/2007, 5:42:00] - BHO 4: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/16/2007, 5:42:00] - ALERT: Found MSEvents Object!
[11/16/2007, 5:42:00] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/16/2007, 5:42:01] - BHO 6: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/16/2007, 5:42:01] - Finished Searching Browser Helper Objects
[11/16/2007, 5:42:01] - *** Detected MSEvents Object
[11/16/2007, 5:42:01] - Trying to remove MSEvents Object...
[11/16/2007, 5:42:02] - Terminating Process: IEXPLORE.EXE
[11/16/2007, 5:42:02] - Terminating Process: RUNDLL32.EXE
[11/16/2007, 5:42:02] - Disabling Automatic Shell Restart
[11/16/2007, 5:42:02] - Terminating Process: EXPLORER.EXE
[11/16/2007, 5:42:03] - Suspending the NT Session Manager System Service
[11/16/2007, 5:42:03] - Terminating Windows NT Logon/Logoff Manager
[11/16/2007, 5:42:03] - Re-enabling Automatic Shell Restart
[11/16/2007, 5:42:03] - File to disable: C:\WINDOWS\system32\zobhdqqo.dll
[11/16/2007, 5:42:03] - Renaming C:\WINDOWS\system32\zobhdqqo.dll -> C:\WINDOWS\system32\zobhdqqo.dll.vir
[11/16/2007, 5:42:03] - File successfully renamed!
[11/16/2007, 5:42:03] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/16/2007, 5:42:04] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/16/2007, 5:42:05] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/16/2007, 5:42:06] - Deleting ATLEvents/MSEvents Registry entries
[11/16/2007, 5:42:06] - Removing HKLM\...\Winlogon\Notify\zobhdqqo
[11/16/2007, 5:42:06] - Searching for Browser Helper Objects:
[11/16/2007, 5:42:06] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/16/2007, 5:42:06] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/16/2007, 5:42:06] - BHO 3: {4ec34730-1724-4592-b5aa-e6560066ea37} ()
[11/16/2007, 5:42:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:06] - Checking for HKLM\...\Winlogon\Notify\pbfkwprl
[11/16/2007, 5:42:06] - Key not found: HKLM\...\Winlogon\Notify\pbfkwprl, continuing.
[11/16/2007, 5:42:06] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/16/2007, 5:42:06] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/16/2007, 5:42:06] - Finished Searching Browser Helper Objects
[11/16/2007, 5:42:06] - Finishing up...
[11/16/2007, 5:42:06] - A restart is needed.
[11/16/2007, 5:42:16] - Attempting to Restart via STOP error (Blue Screen!)
[11/16/2007, 5:41:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\valou\Bureau\VirtumundoBeGone.exe" )
[11/16/2007, 5:42:00] - Detected System Information:
[11/16/2007, 5:42:00] - Windows Version: 5.1.2600, Service Pack 1
[11/16/2007, 5:42:00] - Current Username: valou (Admin)
[11/16/2007, 5:42:00] - Windows is in NORMAL mode.
[11/16/2007, 5:42:00] - Searching for Browser Helper Objects:
[11/16/2007, 5:42:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/16/2007, 5:42:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/16/2007, 5:42:00] - BHO 3: {4ec34730-1724-4592-b5aa-e6560066ea37} ()
[11/16/2007, 5:42:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:00] - Checking for HKLM\...\Winlogon\Notify\pbfkwprl
[11/16/2007, 5:42:00] - Key not found: HKLM\...\Winlogon\Notify\pbfkwprl, continuing.
[11/16/2007, 5:42:00] - BHO 4: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[11/16/2007, 5:42:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:00] - Checking for HKLM\...\Winlogon\Notify\zobhdqqo
[11/16/2007, 5:42:00] - Found: HKLM\...\Winlogon\Notify\zobhdqqo - This is probably Virtumundo.
[11/16/2007, 5:42:00] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[11/16/2007, 5:42:00] - BHO list has been changed! Starting over...
[11/16/2007, 5:42:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/16/2007, 5:42:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/16/2007, 5:42:00] - BHO 3: {4ec34730-1724-4592-b5aa-e6560066ea37} ()
[11/16/2007, 5:42:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:00] - Checking for HKLM\...\Winlogon\Notify\pbfkwprl
[11/16/2007, 5:42:00] - Key not found: HKLM\...\Winlogon\Notify\pbfkwprl, continuing.
[11/16/2007, 5:42:00] - BHO 4: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[11/16/2007, 5:42:00] - ALERT: Found MSEvents Object!
[11/16/2007, 5:42:00] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/16/2007, 5:42:01] - BHO 6: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/16/2007, 5:42:01] - Finished Searching Browser Helper Objects
[11/16/2007, 5:42:01] - *** Detected MSEvents Object
[11/16/2007, 5:42:01] - Trying to remove MSEvents Object...
[11/16/2007, 5:42:02] - Terminating Process: IEXPLORE.EXE
[11/16/2007, 5:42:02] - Terminating Process: RUNDLL32.EXE
[11/16/2007, 5:42:02] - Disabling Automatic Shell Restart
[11/16/2007, 5:42:02] - Terminating Process: EXPLORER.EXE
[11/16/2007, 5:42:03] - Suspending the NT Session Manager System Service
[11/16/2007, 5:42:03] - Terminating Windows NT Logon/Logoff Manager
[11/16/2007, 5:42:03] - Re-enabling Automatic Shell Restart
[11/16/2007, 5:42:03] - File to disable: C:\WINDOWS\system32\zobhdqqo.dll
[11/16/2007, 5:42:03] - Renaming C:\WINDOWS\system32\zobhdqqo.dll -> C:\WINDOWS\system32\zobhdqqo.dll.vir
[11/16/2007, 5:42:03] - File successfully renamed!
[11/16/2007, 5:42:03] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/16/2007, 5:42:04] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/16/2007, 5:42:05] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[11/16/2007, 5:42:06] - Deleting ATLEvents/MSEvents Registry entries
[11/16/2007, 5:42:06] - Removing HKLM\...\Winlogon\Notify\zobhdqqo
[11/16/2007, 5:42:06] - Searching for Browser Helper Objects:
[11/16/2007, 5:42:06] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[11/16/2007, 5:42:06] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[11/16/2007, 5:42:06] - BHO 3: {4ec34730-1724-4592-b5aa-e6560066ea37} ()
[11/16/2007, 5:42:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/16/2007, 5:42:06] - Checking for HKLM\...\Winlogon\Notify\pbfkwprl
[11/16/2007, 5:42:06] - Key not found: HKLM\...\Winlogon\Notify\pbfkwprl, continuing.
[11/16/2007, 5:42:06] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[11/16/2007, 5:42:06] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[11/16/2007, 5:42:06] - Finished Searching Browser Helper Objects
[11/16/2007, 5:42:06] - Finishing up...
[11/16/2007, 5:42:06] - A restart is needed.
[11/16/2007, 5:42:16] - Attempting to Restart via STOP error (Blue Screen!)
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
15 nov. 2007 à 23:22
15 nov. 2007 à 23:22
Courage!
ENFIN TERMINER et voilà le raport mwav.log TXTje ne sais pas si c'est de cette partie du rappoet dont tu parles mais voilà ce que ça donne:
Fri Nov 16 09:40:17 2007 => ***** Checking for specific ITW Viruses *****
Fri Nov 16 09:40:17 2007 => Checking for Welchia Virus...
Fri Nov 16 09:40:17 2007 => Checking for LovGate Virus...
Fri Nov 16 09:40:17 2007 => Checking for CodeRed Virus...
Fri Nov 16 09:40:17 2007 => Checking for OpaServ Virus...
Fri Nov 16 09:40:17 2007 => Checking for Sobig.e Virus...
Fri Nov 16 09:40:17 2007 => Checking for Winupie Virus...
Fri Nov 16 09:40:17 2007 => Checking for Swen Virus...
Fri Nov 16 09:40:17 2007 => Checking for JS.Fortnight Virus...
Fri Nov 16 09:40:17 2007 => Checking for Novarg Virus...
Fri Nov 16 09:40:17 2007 => Checking for Pagabot Virus...
Fri Nov 16 09:40:17 2007 => Checking for Parite.b Virus...
Fri Nov 16 09:40:17 2007 => Checking for Parite.a Virus...
Fri Nov 16 09:40:18 2007 => ***** Scanning complete. *****
Fri Nov 16 09:40:18 2007 => Total Number of Files Scanned: 61060
Fri Nov 16 09:40:18 2007 => Total Number of Virus(es) Found: 22
Fri Nov 16 09:40:18 2007 => Total Number of Disinfected Files: 0
Fri Nov 16 09:40:18 2007 => Total Number of Files Renamed: 5
Fri Nov 16 09:40:18 2007 => Total Number of Deleted Files: 4
Fri Nov 16 09:40:18 2007 => Total Number of Errors: 17
Fri Nov 16 09:40:18 2007 => Time Elapsed: 02:07:51
Fri Nov 16 09:40:18 2007 => Virus Database Date: 2007/11/16
Fri Nov 16 09:40:18 2007 => Virus Database Count: 460059
Fri Nov 16 09:40:18 2007 => Scan Completed.
Fri Nov 16 09:40:17 2007 => ***** Checking for specific ITW Viruses *****
Fri Nov 16 09:40:17 2007 => Checking for Welchia Virus...
Fri Nov 16 09:40:17 2007 => Checking for LovGate Virus...
Fri Nov 16 09:40:17 2007 => Checking for CodeRed Virus...
Fri Nov 16 09:40:17 2007 => Checking for OpaServ Virus...
Fri Nov 16 09:40:17 2007 => Checking for Sobig.e Virus...
Fri Nov 16 09:40:17 2007 => Checking for Winupie Virus...
Fri Nov 16 09:40:17 2007 => Checking for Swen Virus...
Fri Nov 16 09:40:17 2007 => Checking for JS.Fortnight Virus...
Fri Nov 16 09:40:17 2007 => Checking for Novarg Virus...
Fri Nov 16 09:40:17 2007 => Checking for Pagabot Virus...
Fri Nov 16 09:40:17 2007 => Checking for Parite.b Virus...
Fri Nov 16 09:40:17 2007 => Checking for Parite.a Virus...
Fri Nov 16 09:40:18 2007 => ***** Scanning complete. *****
Fri Nov 16 09:40:18 2007 => Total Number of Files Scanned: 61060
Fri Nov 16 09:40:18 2007 => Total Number of Virus(es) Found: 22
Fri Nov 16 09:40:18 2007 => Total Number of Disinfected Files: 0
Fri Nov 16 09:40:18 2007 => Total Number of Files Renamed: 5
Fri Nov 16 09:40:18 2007 => Total Number of Deleted Files: 4
Fri Nov 16 09:40:18 2007 => Total Number of Errors: 17
Fri Nov 16 09:40:18 2007 => Time Elapsed: 02:07:51
Fri Nov 16 09:40:18 2007 => Virus Database Date: 2007/11/16
Fri Nov 16 09:40:18 2007 => Virus Database Count: 460059
Fri Nov 16 09:40:18 2007 => Scan Completed.
voilà le nouveau rapport COMBOFIX :
ComboFix 07-11-08.1 - valérie 2007-11-16 10:32:44.3 - NTFSx86
Running from: C:\Documents and Settings\valérie\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\valérie\Bureau\Live Safety Center.lnk
C:\Documents and Settings\valérie\Bureau\Online Security Guide.lnk
C:\Documents and Settings\valérie\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\zobhdqqo.dllbox
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))))))))
.
2007-11-16 06:52 <REP> d----c--- C:\Kaspersky
2007-11-16 02:48 <REP> d-------- C:\Program Files\Panda Security
2007-11-16 00:16 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-11-15 23:40 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-11-15 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:22 <REP> d----c--- C:\hijackthis_199
2007-11-15 21:10 79,936 --a------ C:\WINDOWS\system32\pbfkwprl.dll
2007-11-15 21:07 85,056 --a------ C:\WINDOWS\system32\dngknxww.dll
2007-11-15 06:54 4,528 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 06:52 <REP> d----c--- C:\SmitfraudFix
2007-11-15 06:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-15 06:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-15 06:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 06:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-15 06:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-15 06:25 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 06:24 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-15 06:24 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-15 06:24 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-15 06:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-15 06:24 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-15 06:23 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-15 06:23 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-15 06:01 212,843 --a--c--- C:\hijackthis_199.zip
2007-11-15 05:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-15 00:20 79,424 --a------ C:\WINDOWS\system32\tngygkox.dll
2007-11-15 00:05 672,020 --a------ C:\WINDOWS\system32\pmodtoxh.ini.ren
2007-11-15 00:05 85,056 --a------ C:\WINDOWS\system32\hxotdomp.dll.ren
2007-11-14 08:08 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 08:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 07:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 07:46 <REP> d-------- C:\Program Files\Yahoo!
2007-11-14 07:46 <REP> d-------- C:\Program Files\CCleaner
2007-11-13 14:55 145,984 --a------ C:\WINDOWS\system32\zobhdqqo.dll.vir
2007-11-13 14:54 145,984 --a------ C:\WINDOWS\system32\owaxberp.dll
2007-11-12 17:28 35,328 --a------ C:\WINDOWS\system32\vtuvvwv.dll
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini2.ren
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini.ren
2007-11-12 17:26 35,328 --a------ C:\WINDOWS\system32\wvuusrq.dll
2007-11-12 17:22 <REP> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-12 17:22 <REP> d--hs---- C:\WINDOWS\dmFs6XJpZQ
2007-11-12 17:22 <REP> d----c--- C:\Temp\abW9
2007-11-12 17:22 <REP> d----c--- C:\Temp
2007-11-12 17:22 35,328 --a------ C:\WINDOWS\system32\khfcded.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-22 00:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-22 00:46 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-22 00:46 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 02:32 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 23:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:00 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2007-10-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2005-08-11 13:48:57 104 -csh--r C:\WINDOWS\system32\9060AE1E38.sys
2006-05-30 11:35:34 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_22.14.36.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-21 06:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll
+ 2007-05-07 08:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-05-07 08:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
+ 2007-05-07 08:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2007-07-18 06:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ec34730-1724-4592-b5aa-e6560066ea37}]
2007-11-15 21:10 79936 --a------ C:\WINDOWS\System32\pbfkwprl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 11:40]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-02 15:16 C:\WINDOWS\system32\Ati2mdxx.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 22:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 03:00]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-05-13 18:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-27 22:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-13 18:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 15:21]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:56]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-04-04 11:55]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 21:40 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-16 00:18]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42]
"71553283"="C:\WINDOWS\System32\dngknxww.dll" [2007-11-15 21:07]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 09:38]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-27 13:39:26 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2005-11-02 08:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - valérie.job"
"2007-11-16 03:03:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 10:37:39
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A)w?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-16 11:07:07 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 01:04
C:\ComboFix3.txt ... 2007-11-15 22:25
.
--- E O F ---
Et enfin il n'y a plus d'alerte virus, plus d'icones live safety center et online security guide sur mon bureau, tout à disparu et semble redevenu à la normal , mais encore plus important quel antivirus gratuit je pourrais utiliser pour sécuriser mon pc et quel manipulation je pourais faire pour protéger mon ordi efficacement contre tout ces virus ?
Sinon merci de m'avoir aider efficacement : ) j'ai cru que j' arriverais jamais à m'en sortir.
ComboFix 07-11-08.1 - valérie 2007-11-16 10:32:44.3 - NTFSx86
Running from: C:\Documents and Settings\valérie\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\valérie\Bureau\Live Safety Center.lnk
C:\Documents and Settings\valérie\Bureau\Online Security Guide.lnk
C:\Documents and Settings\valérie\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\zobhdqqo.dllbox
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))))))))
.
2007-11-16 06:52 <REP> d----c--- C:\Kaspersky
2007-11-16 02:48 <REP> d-------- C:\Program Files\Panda Security
2007-11-16 00:16 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-11-15 23:40 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-11-15 22:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 21:22 <REP> d----c--- C:\hijackthis_199
2007-11-15 21:10 79,936 --a------ C:\WINDOWS\system32\pbfkwprl.dll
2007-11-15 21:07 85,056 --a------ C:\WINDOWS\system32\dngknxww.dll
2007-11-15 06:54 4,528 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-15 06:52 <REP> d----c--- C:\SmitfraudFix
2007-11-15 06:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-15 06:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-15 06:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-15 06:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-15 06:52 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-15 06:25 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 06:24 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-15 06:24 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-15 06:24 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-15 06:24 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-15 06:24 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-15 06:23 <REP> d-------- C:\Program Files\Trojan Remover
2007-11-15 06:23 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-15 06:01 212,843 --a--c--- C:\hijackthis_199.zip
2007-11-15 05:01 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-15 00:20 79,424 --a------ C:\WINDOWS\system32\tngygkox.dll
2007-11-15 00:05 672,020 --a------ C:\WINDOWS\system32\pmodtoxh.ini.ren
2007-11-15 00:05 85,056 --a------ C:\WINDOWS\system32\hxotdomp.dll.ren
2007-11-14 08:08 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 08:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 07:47 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-14 07:46 <REP> d-------- C:\Program Files\Yahoo!
2007-11-14 07:46 <REP> d-------- C:\Program Files\CCleaner
2007-11-13 14:55 145,984 --a------ C:\WINDOWS\system32\zobhdqqo.dll.vir
2007-11-13 14:54 145,984 --a------ C:\WINDOWS\system32\owaxberp.dll
2007-11-12 17:28 35,328 --a------ C:\WINDOWS\system32\vtuvvwv.dll
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini2.ren
2007-11-12 17:27 288,307 --a------ C:\WINDOWS\system32\prqss.ini.ren
2007-11-12 17:26 35,328 --a------ C:\WINDOWS\system32\wvuusrq.dll
2007-11-12 17:22 <REP> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-12 17:22 <REP> d--hs---- C:\WINDOWS\dmFs6XJpZQ
2007-11-12 17:22 <REP> d----c--- C:\Temp\abW9
2007-11-12 17:22 <REP> d----c--- C:\Temp
2007-11-12 17:22 35,328 --a------ C:\WINDOWS\system32\khfcded.dll
2007-10-25 10:26 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2007-10-22 00:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-22 00:46 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-22 00:46 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 02:32 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 23:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:00 --------- d-----w C:\Program Files\Microsoft Picture It! 9
2007-10-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2005-08-11 13:48:57 104 -csh--r C:\WINDOWS\system32\9060AE1E38.sys
2006-05-30 11:35:34 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2007-11-15_22.14.36.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-21 06:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll
+ 2007-05-07 08:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-05-07 08:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
+ 2007-05-07 08:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2007-07-18 06:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ec34730-1724-4592-b5aa-e6560066ea37}]
2007-11-15 21:10 79936 --a------ C:\WINDOWS\System32\pbfkwprl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 11:40]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-02 15:16 C:\WINDOWS\system32\Ati2mdxx.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 22:05]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 03:00]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-05-13 18:34]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-27 22:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-05-13 18:54]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 15:21]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 07:01]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:56]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-04-04 11:55]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 21:40 C:\WINDOWS\AGRSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-11 00:49]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-11-16 00:18]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42]
"71553283"="C:\WINDOWS\System32\dngknxww.dll" [2007-11-15 21:07]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 09:38]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-10-27 13:39:26 C:\WINDOWS\Tasks\Connexion Facile à Internet.job"
"2005-11-02 08:45:30 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - valérie.job"
"2007-11-16 03:03:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 10:37:39
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A)w?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-16 11:07:07 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 01:04
C:\ComboFix3.txt ... 2007-11-15 22:25
.
--- E O F ---
Et enfin il n'y a plus d'alerte virus, plus d'icones live safety center et online security guide sur mon bureau, tout à disparu et semble redevenu à la normal , mais encore plus important quel antivirus gratuit je pourrais utiliser pour sécuriser mon pc et quel manipulation je pourais faire pour protéger mon ordi efficacement contre tout ces virus ?
Sinon merci de m'avoir aider efficacement : ) j'ai cru que j' arriverais jamais à m'en sortir.
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
16 nov. 2007 à 12:58
16 nov. 2007 à 12:58
Bonjour et bravo pour ces résultats.
Mais ATTENTION, ce n'est pas fini.
Il faut maintenant nettoyer.
A)- Tu me donnes ceci: Fri Nov 16 09:40:18 2007 => ***** Scanning complete. *****
Fri Nov 16 09:40:18 2007 => Total Number of Files Scanned: 61060
Fri Nov 16 09:40:18 2007 => Total Number of Virus(es) Found: 22
Fri Nov 16 09:40:18 2007 => Total Number of Disinfected Files: 0
Fri Nov 16 09:40:18 2007 => Total Number of Files Renamed: 5
Fri Nov 16 09:40:18 2007 => Total Number of Deleted Files: 4 ==> à vérifier.
Fri Nov 16 09:40:18 2007 => Total Number of Errors: 17
Fri Nov 16 09:40:18 2007 => Time Elapsed: 02:07:51
Fri Nov 16 09:40:18 2007 => Virus Database Date: 2007/11/16
Fri Nov 16 09:40:18 2007 => Virus Database Count: 460059
Mais j'ai besoin des détails.
Peux-tu me livrer le rapport complet, s'il vous plaît.
S'il est trop long, découpe-le en plusieurs livraisons.
Merci.
B)- Commence le nettoyage par ceci: ==> Si tu as le moindre doute, stoppe et demande.
(c'est simple -comme souvent avec ces PC- mais il faut déjà l'avoir fait) ==> je te fais confiance.
Première action: Vérifier si cette donnée : C:\WINDOWS\System32\ssqrp.dll existe encore.
Deuxième action: Si elle existe encore, il nous faut supprimer la donnée C:\WINDOWS\System32\ssqrp.dll dans cette clé HKEY_LOCAL_MACHINE, en suivant ce chemin [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
À gauche dans le panneau de droite, il y a cette valeur :"Authentication Packages"= msv1_0
À droite de cette valeur, et sur la même ligne, il y a cette donnée : C:\WINDOWS\System32\ssqrp.dll qu'il va falloir supprimer.
Mais ATTENTION; fais comme ceci :
(Si la donnée citée ci-avant n'existe plus, tu stoppes et tu me l'annonces). Merci.
Vas dans "démarrer"/"exécuter" et tape regedit puis valide avec [OK].
Dans le panneau de gauche, navigue en cochant sur le signe "+" depuis HKEY_LOCAL_MACHINE jusqu'à la sous-clé en gras "lsa", puis clique une fois sur le petit dossier jaune "lsa" pour l'ouvrir :
Dans le panneau de droite, double-clique sur "Authentication Packages".
Dans le champ "données" (à droite sur la même ligne), tu dois avoir msv1_0 C:\WINDOWS\system32\mljjh.dll
Supprime tout ce qui est derrière (à la suite de) msv1_0 ==> ATTENTION: Ne supprime surtout pas msv1_0
Donc, ne supprime que C:\WINDOWS\System32\ssqrp.dll (Sélectionner/Clic-droit/Supprimer)
Valide par [OK] ou [Enter]
Vérifie dans le panneau de droite que pour la valeur "Authentication Packages" il soit toujours bien inscrit tout à droite la donnée: msv1_0 .
C'est très important, si tu as le moindre doute pour la modification de cette sous-clé, ou des questions, demande-moi.
Si c'est bon, referme l'éditeur de registre et redémarre ton PC.
(Si tu as suivi correctement ces instructions, tu ne devrais avoir aucun problème au redémarrage).
Bonne chance.
Au vu du décalage horaire sur le rapport ComboFix, d'où es-tu?
Bonne journée depuis la Belgique.
Al.
Mais ATTENTION, ce n'est pas fini.
Il faut maintenant nettoyer.
A)- Tu me donnes ceci: Fri Nov 16 09:40:18 2007 => ***** Scanning complete. *****
Fri Nov 16 09:40:18 2007 => Total Number of Files Scanned: 61060
Fri Nov 16 09:40:18 2007 => Total Number of Virus(es) Found: 22
Fri Nov 16 09:40:18 2007 => Total Number of Disinfected Files: 0
Fri Nov 16 09:40:18 2007 => Total Number of Files Renamed: 5
Fri Nov 16 09:40:18 2007 => Total Number of Deleted Files: 4 ==> à vérifier.
Fri Nov 16 09:40:18 2007 => Total Number of Errors: 17
Fri Nov 16 09:40:18 2007 => Time Elapsed: 02:07:51
Fri Nov 16 09:40:18 2007 => Virus Database Date: 2007/11/16
Fri Nov 16 09:40:18 2007 => Virus Database Count: 460059
Mais j'ai besoin des détails.
Peux-tu me livrer le rapport complet, s'il vous plaît.
S'il est trop long, découpe-le en plusieurs livraisons.
Merci.
B)- Commence le nettoyage par ceci: ==> Si tu as le moindre doute, stoppe et demande.
(c'est simple -comme souvent avec ces PC- mais il faut déjà l'avoir fait) ==> je te fais confiance.
Première action: Vérifier si cette donnée : C:\WINDOWS\System32\ssqrp.dll existe encore.
Deuxième action: Si elle existe encore, il nous faut supprimer la donnée C:\WINDOWS\System32\ssqrp.dll dans cette clé HKEY_LOCAL_MACHINE, en suivant ce chemin [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
À gauche dans le panneau de droite, il y a cette valeur :"Authentication Packages"= msv1_0
À droite de cette valeur, et sur la même ligne, il y a cette donnée : C:\WINDOWS\System32\ssqrp.dll qu'il va falloir supprimer.
Mais ATTENTION; fais comme ceci :
(Si la donnée citée ci-avant n'existe plus, tu stoppes et tu me l'annonces). Merci.
Vas dans "démarrer"/"exécuter" et tape regedit puis valide avec [OK].
Dans le panneau de gauche, navigue en cochant sur le signe "+" depuis HKEY_LOCAL_MACHINE jusqu'à la sous-clé en gras "lsa", puis clique une fois sur le petit dossier jaune "lsa" pour l'ouvrir :
Dans le panneau de droite, double-clique sur "Authentication Packages".
Dans le champ "données" (à droite sur la même ligne), tu dois avoir msv1_0 C:\WINDOWS\system32\mljjh.dll
Supprime tout ce qui est derrière (à la suite de) msv1_0 ==> ATTENTION: Ne supprime surtout pas msv1_0
Donc, ne supprime que C:\WINDOWS\System32\ssqrp.dll (Sélectionner/Clic-droit/Supprimer)
Valide par [OK] ou [Enter]
Vérifie dans le panneau de droite que pour la valeur "Authentication Packages" il soit toujours bien inscrit tout à droite la donnée: msv1_0 .
C'est très important, si tu as le moindre doute pour la modification de cette sous-clé, ou des questions, demande-moi.
Si c'est bon, referme l'éditeur de registre et redémarre ton PC.
(Si tu as suivi correctement ces instructions, tu ne devrais avoir aucun problème au redémarrage).
Bonne chance.
Au vu du décalage horaire sur le rapport ComboFix, d'où es-tu?
Bonne journée depuis la Belgique.
Al.
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
16 nov. 2007 à 16:14
16 nov. 2007 à 16:14
(suite1)
A)- Assure toi d'avoir accès aux dossiers/fichiers cachés :
Soit en faisant : Ouvrir un dossier, n'importe lequel. Aller dans "Outils" >"Options des dossiers" > "Affichage"
Soit en faisant « Démarrer »/ »PanneauConfiguration/OptionsDossiers /onglet « Affichage »
et là :
cocher la case devant les lignes:
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher la case devant les lignes:
- masquer les extensions des fichiers dont le type est connu
- masquer les fichiers protégés du système d'exploitation
Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.
Puis cliquer APPLIQUER à TOUS les Dossiers > [OK]
Si tu n'es pas à l'aise dans la navigation des dossiers, je t'invite à suivre ce tutorial : < http://www.malekal.com/rechercher_fichiers.php >
Supprime les éléments suivants écrits en caractères gras:
C:\WINDOWS\SYSTEM32\RMA01YY <== le dossier
C:\WINDOWS\SYSTEM32\MQPLHVRX.EXE <== le fichier renommé avec une double extension (.exe.ren Par exemple)
C:\WINDOWS\SYSTEM32\UDXOLURP.EXE <== le fichier renommé avec une double extension (.exe.ren Par exemple)
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk <== le raccourci
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk <== le raccourci
B)- Recherche C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
et si tu le trouves, donne-moi le chemin exact, éventuellement sans les $ si c'est le cas;
ensuite fais-le analyser chez VirusTotal, comme ceci: °- Vas là </souligne>:< https://www.virustotal.com/gui/ >
•- sur la page qui s'affiche tu cliques sur "parcourir"
•- ensuite sur la nouvelle page qui s'affiche, tu suis le chemin "réellement trouvé" du fichier $SYS$DRMSERVER.EXE
c'est-à-dire via "Poste de travail" > C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\ (avec ou sans les $)
•- quand tu as trouvé le premier fichier $SYS$DRMSERVER.EXE, tu fais "ouvrir" ( sur cette dernière page affichée)
•- le fichier $SYS$DRMSERVER.EXE se retrouve alors ainsi dans la fenêtre de Virustotal, pour l'analyse
•- là, tu cliques sur "send file" ( de la page de Virustotal )
•- et tu attends le résultat (il faut parfois patienter)
•- que tu postes sur le forum ( par un copier/coller de tout le texte de l’analyse )
Merci pour ta collaboration
C)- Supprime le ComboFix que tu possèdes, ainsi que ses composants dont les quarantaines ou backups; comme ceci:
Supprime le dossier Qoobox (il est à la racine de ton disque dur c:\)
Supprime tous les rapports situés. (C:\ComboFix-quarantined-files.txt ; C:\ComboFix.txt ; C:\ComboFix2.txt ; C:\ComboFix3.txt ... ; C:\ComboFix-Do.txt)
Supprime l'application téléchargée. (ComboFix.exe)
D)- Télécharge VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer.
Si tel est le cas, l'outil se lancera au prochain redémarrage.
Il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
C'est quasi fini.
Encore un petit effort.
Al.
A)- Assure toi d'avoir accès aux dossiers/fichiers cachés :
Soit en faisant : Ouvrir un dossier, n'importe lequel. Aller dans "Outils" >"Options des dossiers" > "Affichage"
Soit en faisant « Démarrer »/ »PanneauConfiguration/OptionsDossiers /onglet « Affichage »
et là :
cocher la case devant les lignes:
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher la case devant les lignes:
- masquer les extensions des fichiers dont le type est connu
- masquer les fichiers protégés du système d'exploitation
Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.
Puis cliquer APPLIQUER à TOUS les Dossiers > [OK]
Si tu n'es pas à l'aise dans la navigation des dossiers, je t'invite à suivre ce tutorial : < http://www.malekal.com/rechercher_fichiers.php >
Supprime les éléments suivants écrits en caractères gras:
C:\WINDOWS\SYSTEM32\RMA01YY <== le dossier
C:\WINDOWS\SYSTEM32\MQPLHVRX.EXE <== le fichier renommé avec une double extension (.exe.ren Par exemple)
C:\WINDOWS\SYSTEM32\UDXOLURP.EXE <== le fichier renommé avec une double extension (.exe.ren Par exemple)
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk <== le raccourci
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk <== le raccourci
B)- Recherche C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\$SYS$DRMSERVER.EXE
et si tu le trouves, donne-moi le chemin exact, éventuellement sans les $ si c'est le cas;
ensuite fais-le analyser chez VirusTotal, comme ceci: °- Vas là </souligne>:< https://www.virustotal.com/gui/ >
•- sur la page qui s'affiche tu cliques sur "parcourir"
•- ensuite sur la nouvelle page qui s'affiche, tu suis le chemin "réellement trouvé" du fichier $SYS$DRMSERVER.EXE
c'est-à-dire via "Poste de travail" > C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\ (avec ou sans les $)
•- quand tu as trouvé le premier fichier $SYS$DRMSERVER.EXE, tu fais "ouvrir" ( sur cette dernière page affichée)
•- le fichier $SYS$DRMSERVER.EXE se retrouve alors ainsi dans la fenêtre de Virustotal, pour l'analyse
•- là, tu cliques sur "send file" ( de la page de Virustotal )
•- et tu attends le résultat (il faut parfois patienter)
•- que tu postes sur le forum ( par un copier/coller de tout le texte de l’analyse )
Merci pour ta collaboration
C)- Supprime le ComboFix que tu possèdes, ainsi que ses composants dont les quarantaines ou backups; comme ceci:
Supprime le dossier Qoobox (il est à la racine de ton disque dur c:\)
Supprime tous les rapports situés. (C:\ComboFix-quarantined-files.txt ; C:\ComboFix.txt ; C:\ComboFix2.txt ; C:\ComboFix3.txt ... ; C:\ComboFix-Do.txt)
Supprime l'application téléchargée. (ComboFix.exe)
D)- Télécharge VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer.
Si tel est le cas, l'outil se lancera au prochain redémarrage.
Il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
C'est quasi fini.
Encore un petit effort.
Al.
Bonjour , et enfin je suis de retour pour te livrer le rapport au complet:
Partie 1
Fri Nov 16 06:52:49 2007 => **********************************************************
Fri Nov 16 06:52:49 2007 => eScan AntiVirus Toolkit Utility.
Fri Nov 16 06:52:49 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Nov 16 06:52:49 2007 => **********************************************************
Fri Nov 16 06:52:49 2007 => Version 4.4.7
Fri Nov 16 06:52:49 2007 => Log File: C:\KASPER~1\mwav.log
Fri Nov 16 06:52:50 2007 => Latest Date of files inside MWAV: 04 Sep 2007 00:11:30.
Fri Nov 16 06:52:54 2007 => AV Library Loaded...
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavss.exe
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavss.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavssi.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\ipc.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\main.avi
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\virus.avi
Fri Nov 16 06:52:54 2007 => Virus Database Date: 2007/09/04
Fri Nov 16 06:52:54 2007 => Virus Database Count: 403200
Fri Nov 16 07:29:48 2007 => **********************************************************
Fri Nov 16 07:29:48 2007 => eScan AntiVirus Toolkit Utility.
Fri Nov 16 07:29:48 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Nov 16 07:29:48 2007 => **********************************************************
Fri Nov 16 07:29:48 2007 => Version 4.4.7
Fri Nov 16 07:29:48 2007 => Log File: C:\KASPER~1\mwav.log
Fri Nov 16 07:29:57 2007 => Latest Date of files inside MWAV: 16 Nov 2007 01:21:28.
Fri Nov 16 07:30:08 2007 => AV Library Loaded...
Fri Nov 16 07:30:08 2007 => Scanning File C:\KASPER~1\kavss.exe
Fri Nov 16 07:30:08 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Fri Nov 16 07:30:08 2007 => Scanning File C:\KASPER~1\kavss.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\kavssi.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\ipc.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\main.avi
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\virus.avi
Fri Nov 16 07:30:10 2007 => Virus Database Date: 2007/11/16
Fri Nov 16 07:30:10 2007 => Virus Database Count: 460059
Fri Nov 16 07:32:24 2007 => **********************************************************
Fri Nov 16 07:32:24 2007 => eScan AntiVirus Toolkit Utility.
Fri Nov 16 07:32:24 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Nov 16 07:32:24 2007 =>
Fri Nov 16 07:32:24 2007 => Support: support@mwti.net
Fri Nov 16 07:32:24 2007 => Web: https://www.escanav.com/en/index.asp
Fri Nov 16 07:32:24 2007 => **********************************************************
Fri Nov 16 07:32:24 2007 => Version 4.4.7
Fri Nov 16 07:32:24 2007 => Log File: C:\KASPER~1\mwav.log
Fri Nov 16 07:32:24 2007 => Latest Date of files inside MWAV: 16 Nov 2007 01:21:28.
Fri Nov 16 07:32:24 2007 => Options Selected by User:
Fri Nov 16 07:32:24 2007 => Memory Check: Enabled
Fri Nov 16 07:32:24 2007 => Registry Check: Enabled
Fri Nov 16 07:32:24 2007 => StartUp Folder Check: Enabled
Fri Nov 16 07:32:24 2007 => System Folder Check: Enabled
Fri Nov 16 07:32:24 2007 => System Area Check: Disabled
Fri Nov 16 07:32:24 2007 => Services Check: Enabled
Fri Nov 16 07:32:24 2007 => Drive Check: Enabled
Fri Nov 16 07:32:24 2007 => All Drive Check :Disabled
Fri Nov 16 07:32:24 2007 => Scanning Type: Scan And Clean
Fri Nov 16 07:32:24 2007 => Drive Selected = C:\
Fri Nov 16 07:32:24 2007 => Folder Check: Disabled
Fri Nov 16 07:32:24 2007 => ***** Scanning Memory Files *****
Fri Nov 16 07:32:24 2007 => Scanning File C:\WINDOWS\system32\services.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Fri Nov 16 07:32:25 2007 => Scanning File C:\Kaspersky\mwavscan.com
Fri Nov 16 07:32:25 2007 => Scanning File C:\Kaspersky\kavss.exe
Fri Nov 16 07:32:25 2007 => ***** Scanning Registry Files *****
Fri Nov 16 07:32:25 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Fri Nov 16 07:32:25 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Fri Nov 16 07:32:25 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\System32\stobject.dll
Fri Nov 16 07:32:25 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Fri Nov 16 07:32:25 2007 => {02478D38-C3F9-4EFB-9B51-7695ECA05670} = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Fri Nov 16 07:32:25 2007 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
Fri Nov 16 07:32:26 2007 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Fri Nov 16 07:32:26 2007 => Scanning File C:\PROGRA~1\Adobe\ACROBA~2.0\ActiveX\ACROIE~1.DLL
Fri Nov 16 07:32:26 2007 => {4ec34730-1724-4592-b5aa-e6560066ea37} = C:\WINDOWS\System32\pbfkwprl.dll
Fri Nov 16 07:32:26 2007 => Scanning File C:\WINDOWS\System32\pbfkwprl.dll
Fri Nov 16 07:32:26 2007 => {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar3.dll
Fri Nov 16 07:32:26 2007 => Scanning File c:\PROGRA~1\google\GOOGLE~3.DLL
Fri Nov 16 07:32:26 2007 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Program Files\Norton AntiVirus\NavShExt.dll
Fri Nov 16 07:32:26 2007 => Scanning File C:\PROGRA~1\NORTON~1\NavShExt.dll
Fri Nov 16 07:32:26 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Fri Nov 16 07:32:26 2007 => Scanning File C:\WINDOWS\Explorer.exe
Fri Nov 16 07:32:26 2007 => Scanning File C:\WINDOWS\system32\userinit.exe
Fri Nov 16 07:32:26 2007 => Scanning HKCU\Control Panel\Desktop
Fri Nov 16 07:32:27 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\Apoint2K\Apoint.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\WINDOWS\system32\Ati2mdxx.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\HPQ\DEFAUL~1\cpqset.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\Java\J2RE14~1.2_0\bin\jusched.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\HPQ\QUICKL~1\EabServr.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Sonic\UPDATE~1\sgtray.exe
Fri Nov 16 07:32:28 2007 => ERROR!!! Invalid Entry HPHUPD05 = c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe. Removing it.
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccApp.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\WkUFind.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\NeroCheck.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\SYMNET~1\SNDMon.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWUSC~1.EXE
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\Wanadoo\Watch.exe
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\Wanadoo\GestMaj.exe
Fri Nov 16 07:32:29 2007 => *** File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe having Size Restriction ***
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe [**]
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\TROJAN~1\Trjscan.exe
Fri Nov 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Fri Nov 16 07:32:30 2007 => Scanning File C:\PROGRA~1\A-SQUA~1\a2guard.exe
Fri Nov 16 07:32:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Fri Nov 16 07:32:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Fri Nov 16 07:32:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Fri Nov 16 07:32:31 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Nov 16 07:32:31 2007 => Scanning File C:\PROGRA~1\Wanadoo\Shell.exe
Fri Nov 16 07:32:31 2007 => Scanning File C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE
Fri Nov 16 07:32:31 2007 => Scanning File C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\ADOBEU~1.EXE
Fri Nov 16 07:32:32 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Fri Nov 16 07:32:32 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Fri Nov 16 07:32:32 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Fri Nov 16 07:32:32 2007 => Scanning HKCR\txtfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\comfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\exefile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\dllfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\batfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\piffile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\scrfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\scrfile\shell\config\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\regfile\shell\open\command
Fri Nov 16 07:32:32 2007 => ***** Scanning StartUp Folders *****
Fri Nov 16 07:32:32 2007 => ***** Scanning C:\Documents and Settings\valérie\Menu Démarrer\Démarrage Folder *****
Fri Nov 16 07:32:32 2007 => Scanning Folder: C:\Documents and Settings\valérie\Menu Démarrer\Démarrage\*.*
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\valérie\Menu Démarrer\Démarrage\desktop.ini
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\valérie\Menu Démarrer\Démarrage\WkCalRem.LNK
Fri Nov 16 07:32:32 2007 => ***** Scanning C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Folder *****
Fri Nov 16 07:32:32 2007 => Scanning Folder: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.*
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
Fri Nov 16 07:32:32 2007 => ***** Scanning Service Files *****
Fri Nov 16 07:32:32 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Fri Nov 16 07:32:32 2007 => Scanning File C:\WINDOWS\System32\Drivers\$sys$cor.sys
Fri Nov 16 07:32:32 2007 => Scanning File C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\CRATER.SYS
Fri Nov 16 07:32:32 2007 => Scanning File C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
Fri Nov 16 07:32:33 2007 => Scanning File C:\PROGRA~1\A-SQUA~1\A2SERV~1.EXE
Fri Nov 16 07:32:33 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPIEC.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\drivers\aeaudio.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\AGRSM.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\Apfiltr.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\arp1394.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.SYS
Fri Nov 16 07:32:35 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\bcmwl5.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atisgkaf.sys
Fri Nov 16 07:32:36 2007 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\VALRIE~1\LOCALS~1\Temp\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme...
Fri Nov 16 07:32:36 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccEvtMgr.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccPwdSvc.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccSetMgr.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\CDProxyServ.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ce3n5.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\compbatt.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\tiumflt.sys
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\EABFILTR.SYS
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\EABUSB.SYS
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\system32\services.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\FTRTSVC.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\gearsec.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\PROGRA~1\Google\Common\GOOGLE~1\GOOGLE~1.EXE
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\HPZid412.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\HPZius12.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\imapi.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\intelide.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\intelppm.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\msdtc.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\msiexec.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Fri Nov 16 07:32:42 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.SYS
Fri Nov 16 07:32:42 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.SYS
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nic1394.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nscirda.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ohci1394.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\SOURCE~1\OSE.EXE
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\SYSTEM32\PCANDIS5.SYS
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\pcmcia.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\system32\services.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasirda.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\locator.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\rsvp.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\R8139n51.SYS
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.SYS
Fri Nov 16 07:32:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\SAVRTPEL.SYS
Fri Nov 16 07:32:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\SAVScan.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\drivers\smwdm.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\SNDSrvc.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\PROGRA~1\SYMANTEC\SYMEVENT.SYS
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Fri Nov 16 07:32:48 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\SECURI~1\SymWSC.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\drivers\tiumfwl.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\wdfmgr.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\ups.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbohci.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\wmiacpi.sys
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Partie 1
Fri Nov 16 06:52:49 2007 => **********************************************************
Fri Nov 16 06:52:49 2007 => eScan AntiVirus Toolkit Utility.
Fri Nov 16 06:52:49 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Nov 16 06:52:49 2007 => **********************************************************
Fri Nov 16 06:52:49 2007 => Version 4.4.7
Fri Nov 16 06:52:49 2007 => Log File: C:\KASPER~1\mwav.log
Fri Nov 16 06:52:50 2007 => Latest Date of files inside MWAV: 04 Sep 2007 00:11:30.
Fri Nov 16 06:52:54 2007 => AV Library Loaded...
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavss.exe
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavss.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavssi.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\ipc.dll
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\main.avi
Fri Nov 16 06:52:54 2007 => Scanning File C:\KASPER~1\virus.avi
Fri Nov 16 06:52:54 2007 => Virus Database Date: 2007/09/04
Fri Nov 16 06:52:54 2007 => Virus Database Count: 403200
Fri Nov 16 07:29:48 2007 => **********************************************************
Fri Nov 16 07:29:48 2007 => eScan AntiVirus Toolkit Utility.
Fri Nov 16 07:29:48 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Nov 16 07:29:48 2007 => **********************************************************
Fri Nov 16 07:29:48 2007 => Version 4.4.7
Fri Nov 16 07:29:48 2007 => Log File: C:\KASPER~1\mwav.log
Fri Nov 16 07:29:57 2007 => Latest Date of files inside MWAV: 16 Nov 2007 01:21:28.
Fri Nov 16 07:30:08 2007 => AV Library Loaded...
Fri Nov 16 07:30:08 2007 => Scanning File C:\KASPER~1\kavss.exe
Fri Nov 16 07:30:08 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Fri Nov 16 07:30:08 2007 => Scanning File C:\KASPER~1\kavss.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\kavssi.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\ipc.dll
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\main.avi
Fri Nov 16 07:30:09 2007 => Scanning File C:\KASPER~1\virus.avi
Fri Nov 16 07:30:10 2007 => Virus Database Date: 2007/11/16
Fri Nov 16 07:30:10 2007 => Virus Database Count: 460059
Fri Nov 16 07:32:24 2007 => **********************************************************
Fri Nov 16 07:32:24 2007 => eScan AntiVirus Toolkit Utility.
Fri Nov 16 07:32:24 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Fri Nov 16 07:32:24 2007 =>
Fri Nov 16 07:32:24 2007 => Support: support@mwti.net
Fri Nov 16 07:32:24 2007 => Web: https://www.escanav.com/en/index.asp
Fri Nov 16 07:32:24 2007 => **********************************************************
Fri Nov 16 07:32:24 2007 => Version 4.4.7
Fri Nov 16 07:32:24 2007 => Log File: C:\KASPER~1\mwav.log
Fri Nov 16 07:32:24 2007 => Latest Date of files inside MWAV: 16 Nov 2007 01:21:28.
Fri Nov 16 07:32:24 2007 => Options Selected by User:
Fri Nov 16 07:32:24 2007 => Memory Check: Enabled
Fri Nov 16 07:32:24 2007 => Registry Check: Enabled
Fri Nov 16 07:32:24 2007 => StartUp Folder Check: Enabled
Fri Nov 16 07:32:24 2007 => System Folder Check: Enabled
Fri Nov 16 07:32:24 2007 => System Area Check: Disabled
Fri Nov 16 07:32:24 2007 => Services Check: Enabled
Fri Nov 16 07:32:24 2007 => Drive Check: Enabled
Fri Nov 16 07:32:24 2007 => All Drive Check :Disabled
Fri Nov 16 07:32:24 2007 => Scanning Type: Scan And Clean
Fri Nov 16 07:32:24 2007 => Drive Selected = C:\
Fri Nov 16 07:32:24 2007 => Folder Check: Disabled
Fri Nov 16 07:32:24 2007 => ***** Scanning Memory Files *****
Fri Nov 16 07:32:24 2007 => Scanning File C:\WINDOWS\system32\services.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Fri Nov 16 07:32:25 2007 => Scanning File C:\Kaspersky\mwavscan.com
Fri Nov 16 07:32:25 2007 => Scanning File C:\Kaspersky\kavss.exe
Fri Nov 16 07:32:25 2007 => ***** Scanning Registry Files *****
Fri Nov 16 07:32:25 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Fri Nov 16 07:32:25 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Fri Nov 16 07:32:25 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri Nov 16 07:32:25 2007 => Scanning File C:\WINDOWS\System32\stobject.dll
Fri Nov 16 07:32:25 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Fri Nov 16 07:32:25 2007 => {02478D38-C3F9-4EFB-9B51-7695ECA05670} = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Fri Nov 16 07:32:25 2007 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
Fri Nov 16 07:32:26 2007 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Fri Nov 16 07:32:26 2007 => Scanning File C:\PROGRA~1\Adobe\ACROBA~2.0\ActiveX\ACROIE~1.DLL
Fri Nov 16 07:32:26 2007 => {4ec34730-1724-4592-b5aa-e6560066ea37} = C:\WINDOWS\System32\pbfkwprl.dll
Fri Nov 16 07:32:26 2007 => Scanning File C:\WINDOWS\System32\pbfkwprl.dll
Fri Nov 16 07:32:26 2007 => {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar3.dll
Fri Nov 16 07:32:26 2007 => Scanning File c:\PROGRA~1\google\GOOGLE~3.DLL
Fri Nov 16 07:32:26 2007 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Program Files\Norton AntiVirus\NavShExt.dll
Fri Nov 16 07:32:26 2007 => Scanning File C:\PROGRA~1\NORTON~1\NavShExt.dll
Fri Nov 16 07:32:26 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Fri Nov 16 07:32:26 2007 => Scanning File C:\WINDOWS\Explorer.exe
Fri Nov 16 07:32:26 2007 => Scanning File C:\WINDOWS\system32\userinit.exe
Fri Nov 16 07:32:26 2007 => Scanning HKCU\Control Panel\Desktop
Fri Nov 16 07:32:27 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\Apoint2K\Apoint.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\WINDOWS\system32\Ati2mdxx.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\HPQ\DEFAUL~1\cpqset.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\Java\J2RE14~1.2_0\bin\jusched.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Fri Nov 16 07:32:27 2007 => Scanning File C:\PROGRA~1\HPQ\QUICKL~1\EabServr.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Sonic\UPDATE~1\sgtray.exe
Fri Nov 16 07:32:28 2007 => ERROR!!! Invalid Entry HPHUPD05 = c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe. Removing it.
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccApp.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\WORKSS~1\WkUFind.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\NeroCheck.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\SYMNET~1\SNDMon.exe
Fri Nov 16 07:32:28 2007 => Scanning File C:\PROGRA~1\HEWLET~1\HPSOFT~1\HPWUSC~1.EXE
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\Wanadoo\Watch.exe
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\Wanadoo\GestMaj.exe
Fri Nov 16 07:32:29 2007 => *** File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe having Size Restriction ***
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe [**]
Fri Nov 16 07:32:29 2007 => Scanning File C:\PROGRA~1\TROJAN~1\Trjscan.exe
Fri Nov 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Fri Nov 16 07:32:30 2007 => Scanning File C:\PROGRA~1\A-SQUA~1\a2guard.exe
Fri Nov 16 07:32:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Fri Nov 16 07:32:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Fri Nov 16 07:32:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Fri Nov 16 07:32:31 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri Nov 16 07:32:31 2007 => Scanning File C:\PROGRA~1\Wanadoo\Shell.exe
Fri Nov 16 07:32:31 2007 => Scanning File C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE
Fri Nov 16 07:32:31 2007 => Scanning File C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\ADOBEU~1.EXE
Fri Nov 16 07:32:32 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Fri Nov 16 07:32:32 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Fri Nov 16 07:32:32 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Fri Nov 16 07:32:32 2007 => Scanning HKCR\txtfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\comfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\exefile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\dllfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\batfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\piffile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\scrfile\shell\open\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\scrfile\shell\config\command
Fri Nov 16 07:32:32 2007 => Scanning HKCR\regfile\shell\open\command
Fri Nov 16 07:32:32 2007 => ***** Scanning StartUp Folders *****
Fri Nov 16 07:32:32 2007 => ***** Scanning C:\Documents and Settings\valérie\Menu Démarrer\Démarrage Folder *****
Fri Nov 16 07:32:32 2007 => Scanning Folder: C:\Documents and Settings\valérie\Menu Démarrer\Démarrage\*.*
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\valérie\Menu Démarrer\Démarrage\desktop.ini
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\valérie\Menu Démarrer\Démarrage\WkCalRem.LNK
Fri Nov 16 07:32:32 2007 => ***** Scanning C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Folder *****
Fri Nov 16 07:32:32 2007 => Scanning Folder: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.*
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
Fri Nov 16 07:32:32 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
Fri Nov 16 07:32:32 2007 => ***** Scanning Service Files *****
Fri Nov 16 07:32:32 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Fri Nov 16 07:32:32 2007 => Scanning File C:\WINDOWS\System32\Drivers\$sys$cor.sys
Fri Nov 16 07:32:32 2007 => Scanning File C:\WINDOWS\SYSTEM32\$SYS$FILESYSTEM\CRATER.SYS
Fri Nov 16 07:32:32 2007 => Scanning File C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe
Fri Nov 16 07:32:33 2007 => Scanning File C:\PROGRA~1\A-SQUA~1\A2SERV~1.EXE
Fri Nov 16 07:32:33 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPIEC.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\drivers\aeaudio.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\AGRSM.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\Apfiltr.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\arp1394.sys
Fri Nov 16 07:32:34 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.SYS
Fri Nov 16 07:32:35 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\bcmwl5.sys
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atisgkaf.sys
Fri Nov 16 07:32:36 2007 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\VALRIE~1\LOCALS~1\Temp\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme...
Fri Nov 16 07:32:36 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccEvtMgr.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccPwdSvc.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\ccSetMgr.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\CDProxyServ.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ce3n5.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\compbatt.sys
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri Nov 16 07:32:36 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\tiumflt.sys
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Fri Nov 16 07:32:37 2007 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\EABFILTR.SYS
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\EABUSB.SYS
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\system32\services.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\FTRTSVC.exe
Fri Nov 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\gearsec.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\PROGRA~1\Google\Common\GOOGLE~1\GOOGLE~1.EXE
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\HPZid412.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\HPZius12.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\imapi.exe
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\intelide.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\intelppm.sys
Fri Nov 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Fri Nov 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\msdtc.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\msiexec.exe
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Fri Nov 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Fri Nov 16 07:32:42 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20061227.017\NAVENG.SYS
Fri Nov 16 07:32:42 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20061227.017\NAVEX15.SYS
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Fri Nov 16 07:32:42 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nic1394.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nscirda.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ohci1394.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\PROGRA~1\FICHIE~1\MICROS~1\SOURCE~1\OSE.EXE
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\SYSTEM32\PCANDIS5.SYS
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Fri Nov 16 07:32:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\pcmcia.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\system32\services.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasirda.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Fri Nov 16 07:32:44 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\locator.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\rsvp.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\R8139n51.SYS
Fri Nov 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Nov 16 07:32:45 2007 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.SYS
Fri Nov 16 07:32:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\SAVRTPEL.SYS
Fri Nov 16 07:32:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\SAVScan.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:46 2007 => Scanning File C:\WINDOWS\System32\drivers\smwdm.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\SNDSrvc.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Fri Nov 16 07:32:47 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri Nov 16 07:32:47 2007 => Scanning File C:\PROGRA~1\SYMANTEC\SYMEVENT.SYS
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Fri Nov 16 07:32:48 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\SECURI~1\SymWSC.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:48 2007 => Scanning File C:\WINDOWS\System32\drivers\tiumfwl.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\wdfmgr.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\ups.exe
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbohci.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys
Fri Nov 16 07:32:49 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\wmiacpi.sys
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Nov 16 07:32:50 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Partie 2 du rapport et , pour répondre à ta question , j'écris depuis les antilles .
En faite Tu es sur que tu veux absolument tout parce que c'est vachement long ...0__0 , au vu du bloc note ça finira par alourdir le topic:
Fri Nov 16 07:32:50 2007 => ***** Scanning System32 Folders *****
Fri Nov 16 07:32:50 2007 => Scanning C:\WINDOWS Directory
Fri Nov 16 07:32:50 2007 => Scanning Folder: C:\WINDOWS\*.*
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\0.log [**]
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\@@desktop.dat
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\@desktop@.dat
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\ActiveSkin.INI
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\agrsmdel.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\bdoscandel.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\bdoscandellang.ini
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\bootstat.dat
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\Bulles de savon.bmp
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\catchme.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\CDProxyServ.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\clock.avi
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Clony2.ini
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\control.ini [**]
Fri Nov 16 07:32:53 2007 => *** File C:\WINDOWS\Crystal Rush.bmp having Size Restriction ***
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Crystal Rush.bmp [**]
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\DbgHelp.dll
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\desktop.ini
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\DUMPb323.tmp
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\err.txt
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\explorer.exe
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\explorer.scf
Fri Nov 16 07:32:53 2007 => *** File C:\WINDOWS\Fractal Blue.bmp having Size Restriction ***
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Fractal Blue.bmp [**]
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Granit vert.bmp
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Harry Potter Match.exe
Fri Nov 16 07:32:54 2007 => Scanning File C:\WINDOWS\Harry Potter Match.scr
Fri Nov 16 07:32:55 2007 => Scanning File C:\WINDOWS\Harry Potter.exe
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\Harry Potter.scr
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hh.exe
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\HPHins01.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hphmdl01.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hpoins03.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hpomdl03.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\HP_48BitScanUpdatePatch.ini
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\ieuninst.exe
Fri Nov 16 07:32:58 2007 => Scanning File C:\WINDOWS\iPlayer.INI
Fri Nov 16 07:32:58 2007 => Scanning File C:\WINDOWS\ipUnInst.exe
Fri Nov 16 07:32:58 2007 => Scanning File C:\WINDOWS\IsUn040c.exe
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\Jour de pêche.bmp
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\mickey32.dll
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\MLA3854BF.txt
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\msdfmap.ini
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\Mur de Santa Fe.bmp
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\NeroDigital.ini
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\NirCmd.exe
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\nsreg.dat
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\ntbtlog.txt
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\ODBC.INI
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\ODBCINST.INI
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\OptChecker.exe
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\OptRemove.exe
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\orun32.ini
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\orun32.isu
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\Papier peint de Picture It!.bmp
Fri Nov 16 07:33:00 2007 => *** File C:\WINDOWS\Papier-peint-PhotoFiltre.bmp having Size Restriction ***
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\Papier-peint-PhotoFiltre.bmp [**]
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\PCFriend.INI [**]
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\pdrinst1.dll
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\pdrinst2.dll
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\pfirewall.log
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\pfirewall.log.old
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Plume.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Q330994.exe
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\regedit.exe
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Rhododendron.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Rivière Sumida.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Rosace bleue 16.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\SchedLgU.Txt
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\setupact.log
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\setupapi.log
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\setupapi.log.0.old
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\setuperr.log [**]
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\smscfg.ini
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\StationRipper.INI
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\system.ini
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\TASKMAN.EXE
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\Tasse à café.bmp
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twain.dll
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twain_32.dll
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twunk_16.exe
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twunk_32.exe
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\uninst.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\unvise32qt.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\Unwise.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\vb.ini
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\vbaddin.ini
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\Vent de prairie.bmp
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\vmmreg32.dll
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\wiadebug.log
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\wiaservc.log
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\win.ini
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\WindowsShell.Manifest
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\WindowsUpdate.log
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\winhelp.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\winhlp32.exe
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\winnt.bmp
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\winnt256.bmp
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\winxpmag1.ini
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\wmprfFRA.prx
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\WMSysPr9.prx
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\WMSysPrx.prx
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\Zapotec.bmp
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\_default.pif
Fri Nov 16 07:33:04 2007 => Scanning C:\WINDOWS\System32 Directory
Fri Nov 16 07:33:04 2007 => Scanning Folder: C:\WINDOWS\System32\*.*
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\System32\$ncsp$.inf
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\System32\$sys$caj.dll
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\System32\$sys$upgtool.exe
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\$winnt$.inf
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\12520437.cpx
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\12520850.cpx
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\6to4svc.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\9060AE1E38.sys
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\a15.tbl
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\a234.tbl
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\a3d.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\aaaamon.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\access.cpl
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\acctres.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\accwiz.exe
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\acelpdec.ax
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\acledit.dll
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\aclui.dll
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\acode.tbl
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\activeds.dll
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\activeds.tlb
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\ActiveSkin.ocx
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\actmovie.exe
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\admparse.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adptif.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adsldp.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adsldpc.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adsmsext.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\adsnt.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\advapi32.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\advpack.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\ahui.exe
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\alrsvc.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\amcompat.tlb
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\amstream.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\ansi.sys
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\apcups.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\append.exe
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\apphelp.dll
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arp.exe
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arphr.tbl
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arptr.tbl
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\array30.tab
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arrayhw.tab
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asctrls.ocx
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asferror.dll
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asfsipc.dll
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asycfilt.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\at.exe
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ATHPRXY.DLL
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2dvag.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2edxx.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2evxx.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2evxx.exe
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\Ati2mdxx.exe
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati3d1ag.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati3d2ag.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\ati3duag.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atiiiexx.dll
Fri Nov 16 07:33:11 2007 => *** File C:\WINDOWS\System32\atioglxx.dll having Size Restriction ***
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atioglxx.dll [**]
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atitvo32.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\ativvaxx.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atkctrs.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atl.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atl70.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atl71.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmadm.exe
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmfd.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmlib.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmpvcno.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atrace.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\attrib.exe
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\Audiodev.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\audiosrv.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\authz.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\autochk.exe
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\autoconv.exe
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\autodisc.dll
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\AUTOEXEC.NT
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\autofmt.exe
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\autolfn.exe
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\avicap.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avicap32.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avifil32.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avifile.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avmeter.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avtapi.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avwav.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\AXPSupport.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\basesrv.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\batmeter.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\batt.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bdaplgin.ax
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bidispl.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\big5.nls
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bios1.rom
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bios4.rom
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bitsprx2.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bitsprx3.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\blackbox.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bootok.exe
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bootvid.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bootvrfy.exe
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bopomofo.nls
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bopomofo.uce
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browselc.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browser.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browsewm.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\cabinet.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\cabview.dll
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\cacls.exe
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\calc.exe
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\camocx.dll
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\Cap.ocx
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\capesnpn.dll
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\capicom.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\cards.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\catsrv.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\catsrvps.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\catsrvut.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\CBC01B0909.ocx
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\ccfgnt.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\CDFVIEW.DLL
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdm.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdmodem.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdosys.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdplayer.exe.manifest
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\certcli.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\certmgr.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\certmgr.msc
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\cewmdm.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\cfgbkend.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\cfgmgr32.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\chajei.ime
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\charmap.exe
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\Chaînes.scf
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chcp.com
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chkdsk.exe
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chkntfs.exe
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chsbrkr.dll
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chtbrkr.dll
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\ciadmin.dll
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\ciadv.msc
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\cic.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cidaemon.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\CinemSup.sys
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\CINTLGNT.IME
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\ciodm.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cisvc.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\ckcnv.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\clb.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\clbcatex.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\clbcatq.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cleanmgr.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cliconf.chm
Fri Nov 16 07:33:23 2007 => Scanning File C:\WINDOWS\System32\cliconfg.dll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cliconfg.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cliconfg.rll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\clipbrd.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\clipsrv.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\clusapi.dll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cmcfg32.dll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cmd.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cmdial32.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmdl32.exe
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmmgr32.hlp
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmmon32.exe
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmos.ram
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmpbk32.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmprops.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmstp.exe
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmutil.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cnbjmon.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cnetcfg.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cnvfat.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\colbact.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comaddin.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comcat.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comct332.ocx
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comctl32.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comctl32.ocx
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comdlg32.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comdlg32.ocx
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comm.drv
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\command.com
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\commdlg.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comp.exe
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compact.exe
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compatUI.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compmgmt.msc
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compobj.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compstui.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comrepl.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comres.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comsnap.dll
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\comsvcs.dll
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\comuid.dll
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\CONFIG.NT
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\CONFIG.TMP
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\confmsp.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\conime.exe
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\console.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\control.exe
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\convert.exe
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\corpol.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\country.sys
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\credui.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\crtdll.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\crypt32.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\cryptdlg.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\cryptdll.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\cryptext.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cryptsvc.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cryptui.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cscdll.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cscript.exe
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cscui.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\csrsrv.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\csrss.exe
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\csseqchk.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\Ctaa1.dat
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctdvda32.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctl3d32.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctl3dv2.dll
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\ctype.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_037.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10000.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10001.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10002.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10003.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10006.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10007.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10008.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10010.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10017.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10029.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10079.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10081.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10082.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1026.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1250.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1251.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1252.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1253.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1254.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1255.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1256.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_1257.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_1258.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_1361.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20000.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20127.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20261.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20290.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20866.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20905.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20932.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20936.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20949.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_21027.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_21866.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_28591.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_28592.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_28593.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\C_28594.NLS
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\C_28595.NLS
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\C_28597.NLS
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28598.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28599.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28603.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28605.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_437.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_500.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_737.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_775.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_850.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_852.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_855.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_857.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_860.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_861.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_863.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_865.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_866.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_869.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_874.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_875.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_932.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_936.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_949.nls
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\c_950.nls
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\c_g18030.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\c_is2022.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\d3d8.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\d3d8thk.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\d3d9.dll
Fri Nov 16 07:33:35 2007 => Scanning File C:\WINDOWS\System32\d3dim.dll
Fri Nov 16 07:33:35 2007 => Scanning File C:\WINDOWS\System32\d3dim700.dll
Fri Nov 16 07:33:35 2007 => Scanning File C:\WINDOWS\System32\d3dpmesh.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\d3dramp.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\d3drm.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\d3dxof.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\DANIM.DLL
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dataclen.dll
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\datime.dll
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\davclnt.dll
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\daxctle.ocx
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dayi.ime
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dayiphr.tbl
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dayiptr.tbl
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dbgeng.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbghelp.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbmsadsn.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbmsrpcn.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbmsvinn.dLL
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\DBnetlib.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbnmpntw.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\Dcache.bin
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dciman32.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dcomcnfg.exe
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddeml.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddeshare.exe
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddraw.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddrawex.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\debug.exe
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\declrds.ax
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\defrag.exe
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\desk.cpl
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\deskadp.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\deskmon.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\deskperf.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\desktop.ini
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\devenum.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\devmgmt.msc
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\devmgr.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\dfrg.msc
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\dfrgfat.exe
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\dfrgntfs.exe
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfrgres.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfrgsnap.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfrgui.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dgnet.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dgrpsetu.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dgsetup.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\dhcpcsvc.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\dhcpmon.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\dhcpsapi.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\diactfrm.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\diantz.exe
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\digest.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\dimap.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\dinput.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\dinput8.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\diskcomp.com
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskcopy.com
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskcopy.dll
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskmgmt.msc
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskpart.exe
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskperf.exe
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\dispex.dll
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\DivX.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec.ax
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec_0407.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec_040c.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec_0411.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxenc.ax
Fri Nov 16 07:33:45 2007 => Scanning File C:\WINDOWS\System32\divx_xx07.dll
Fri Nov 16 07:33:46 2007 => Scanning File C:\WINDOWS\System32\divx_xx0c.dll
Fri Nov 16 07:33:46 2007 => Scanning File C:\WINDOWS\System32\divx_xx11.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dllhst3g.exe
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmband.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmcompos.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmconfig.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmdlgs.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmdskmgr.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmdskres.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmime.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmintf.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmloader.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmocx.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmremote.exe
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmscript.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmserver.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmstyle.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmsynth.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmusic.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmutil.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmview.ocx
Fri Nov 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\dngknxww.dll
Fri Nov 16 07:33:50 2007 => File C:\WINDOWS\System32\dngknxww.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.aps. No Action Taken.
En faite Tu es sur que tu veux absolument tout parce que c'est vachement long ...0__0 , au vu du bloc note ça finira par alourdir le topic:
Fri Nov 16 07:32:50 2007 => ***** Scanning System32 Folders *****
Fri Nov 16 07:32:50 2007 => Scanning C:\WINDOWS Directory
Fri Nov 16 07:32:50 2007 => Scanning Folder: C:\WINDOWS\*.*
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\0.log [**]
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\@@desktop.dat
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\@desktop@.dat
Fri Nov 16 07:32:51 2007 => Scanning File C:\WINDOWS\ActiveSkin.INI
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\agrsmdel.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\bdoscandel.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\bdoscandellang.ini
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\bootstat.dat
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\Bulles de savon.bmp
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\catchme.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\CDProxyServ.exe
Fri Nov 16 07:32:52 2007 => Scanning File C:\WINDOWS\clock.avi
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Clony2.ini
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\control.ini [**]
Fri Nov 16 07:32:53 2007 => *** File C:\WINDOWS\Crystal Rush.bmp having Size Restriction ***
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Crystal Rush.bmp [**]
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\DbgHelp.dll
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\desktop.ini
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\DUMPb323.tmp
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\err.txt
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\explorer.exe
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\explorer.scf
Fri Nov 16 07:32:53 2007 => *** File C:\WINDOWS\Fractal Blue.bmp having Size Restriction ***
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Fractal Blue.bmp [**]
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Granit vert.bmp
Fri Nov 16 07:32:53 2007 => Scanning File C:\WINDOWS\Harry Potter Match.exe
Fri Nov 16 07:32:54 2007 => Scanning File C:\WINDOWS\Harry Potter Match.scr
Fri Nov 16 07:32:55 2007 => Scanning File C:\WINDOWS\Harry Potter.exe
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\Harry Potter.scr
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hh.exe
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\HPHins01.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hphmdl01.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hpoins03.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\hpomdl03.dat
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\HP_48BitScanUpdatePatch.ini
Fri Nov 16 07:32:57 2007 => Scanning File C:\WINDOWS\ieuninst.exe
Fri Nov 16 07:32:58 2007 => Scanning File C:\WINDOWS\iPlayer.INI
Fri Nov 16 07:32:58 2007 => Scanning File C:\WINDOWS\ipUnInst.exe
Fri Nov 16 07:32:58 2007 => Scanning File C:\WINDOWS\IsUn040c.exe
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\Jour de pêche.bmp
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\mickey32.dll
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\MLA3854BF.txt
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\msdfmap.ini
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\Mur de Santa Fe.bmp
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\NeroDigital.ini
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\NirCmd.exe
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\nsreg.dat
Fri Nov 16 07:32:59 2007 => Scanning File C:\WINDOWS\ntbtlog.txt
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\ODBC.INI
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\ODBCINST.INI
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\OptChecker.exe
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\OptRemove.exe
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\orun32.ini
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\orun32.isu
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\Papier peint de Picture It!.bmp
Fri Nov 16 07:33:00 2007 => *** File C:\WINDOWS\Papier-peint-PhotoFiltre.bmp having Size Restriction ***
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\Papier-peint-PhotoFiltre.bmp [**]
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\PCFriend.INI [**]
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\pdrinst1.dll
Fri Nov 16 07:33:00 2007 => Scanning File C:\WINDOWS\pdrinst2.dll
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\pfirewall.log
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\pfirewall.log.old
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Plume.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Q330994.exe
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\regedit.exe
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Rhododendron.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Rivière Sumida.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\Rosace bleue 16.bmp
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\SchedLgU.Txt
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\setupact.log
Fri Nov 16 07:33:01 2007 => Scanning File C:\WINDOWS\setupapi.log
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\setupapi.log.0.old
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\setuperr.log [**]
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\smscfg.ini
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\StationRipper.INI
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\system.ini
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\TASKMAN.EXE
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\Tasse à café.bmp
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twain.dll
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twain_32.dll
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twunk_16.exe
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\twunk_32.exe
Fri Nov 16 07:33:02 2007 => Scanning File C:\WINDOWS\uninst.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\unvise32qt.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\Unwise.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\vb.ini
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\vbaddin.ini
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\Vent de prairie.bmp
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\vmmreg32.dll
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\wiadebug.log
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\wiaservc.log
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\win.ini
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\WindowsShell.Manifest
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\WindowsUpdate.log
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\winhelp.exe
Fri Nov 16 07:33:03 2007 => Scanning File C:\WINDOWS\winhlp32.exe
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\winnt.bmp
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\winnt256.bmp
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\winxpmag1.ini
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\wmprfFRA.prx
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\WMSysPr9.prx
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\WMSysPrx.prx
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\Zapotec.bmp
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\_default.pif
Fri Nov 16 07:33:04 2007 => Scanning C:\WINDOWS\System32 Directory
Fri Nov 16 07:33:04 2007 => Scanning Folder: C:\WINDOWS\System32\*.*
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\System32\$ncsp$.inf
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\System32\$sys$caj.dll
Fri Nov 16 07:33:04 2007 => Scanning File C:\WINDOWS\System32\$sys$upgtool.exe
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\$winnt$.inf
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\12520437.cpx
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\12520850.cpx
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\6to4svc.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\9060AE1E38.sys
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\a15.tbl
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\a234.tbl
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\a3d.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\aaaamon.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\access.cpl
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\acctres.dll
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\accwiz.exe
Fri Nov 16 07:33:05 2007 => Scanning File C:\WINDOWS\System32\acelpdec.ax
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\acledit.dll
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\aclui.dll
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\acode.tbl
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\activeds.dll
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\activeds.tlb
Fri Nov 16 07:33:06 2007 => Scanning File C:\WINDOWS\System32\ActiveSkin.ocx
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\actmovie.exe
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\admparse.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adptif.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adsldp.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adsldpc.dll
Fri Nov 16 07:33:07 2007 => Scanning File C:\WINDOWS\System32\adsmsext.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\adsnt.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\advapi32.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\advpack.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\ahui.exe
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\alrsvc.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\amcompat.tlb
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\amstream.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\ansi.sys
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\apcups.dll
Fri Nov 16 07:33:08 2007 => Scanning File C:\WINDOWS\System32\append.exe
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\apphelp.dll
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arp.exe
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arphr.tbl
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arptr.tbl
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\array30.tab
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\arrayhw.tab
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asctrls.ocx
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asferror.dll
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asfsipc.dll
Fri Nov 16 07:33:09 2007 => Scanning File C:\WINDOWS\System32\asycfilt.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\at.exe
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ATHPRXY.DLL
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2dvag.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2edxx.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2evxx.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati2evxx.exe
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\Ati2mdxx.exe
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati3d1ag.dll
Fri Nov 16 07:33:10 2007 => Scanning File C:\WINDOWS\System32\ati3d2ag.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\ati3duag.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atiiiexx.dll
Fri Nov 16 07:33:11 2007 => *** File C:\WINDOWS\System32\atioglxx.dll having Size Restriction ***
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atioglxx.dll [**]
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atitvo32.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\ativvaxx.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atkctrs.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atl.dll
Fri Nov 16 07:33:11 2007 => Scanning File C:\WINDOWS\System32\atl70.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atl71.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmadm.exe
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmfd.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmlib.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atmpvcno.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\atrace.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\attrib.exe
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\Audiodev.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\audiosrv.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\authz.dll
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\autochk.exe
Fri Nov 16 07:33:12 2007 => Scanning File C:\WINDOWS\System32\autoconv.exe
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\autodisc.dll
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\AUTOEXEC.NT
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\autofmt.exe
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\autolfn.exe
Fri Nov 16 07:33:13 2007 => Scanning File C:\WINDOWS\System32\avicap.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avicap32.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avifil32.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avifile.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avmeter.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avtapi.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\avwav.dll
Fri Nov 16 07:33:14 2007 => Scanning File C:\WINDOWS\System32\AXPSupport.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\basesrv.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\batmeter.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\batt.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bdaplgin.ax
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bidispl.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\big5.nls
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bios1.rom
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bios4.rom
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bitsprx2.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\bitsprx3.dll
Fri Nov 16 07:33:15 2007 => Scanning File C:\WINDOWS\System32\blackbox.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bootok.exe
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bootvid.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bootvrfy.exe
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bopomofo.nls
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\bopomofo.uce
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browselc.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browser.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\browsewm.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\cabinet.dll
Fri Nov 16 07:33:16 2007 => Scanning File C:\WINDOWS\System32\cabview.dll
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\cacls.exe
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\calc.exe
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\camocx.dll
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\Cap.ocx
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\capesnpn.dll
Fri Nov 16 07:33:17 2007 => Scanning File C:\WINDOWS\System32\capicom.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\cards.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\catsrv.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\catsrvps.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\catsrvut.dll
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\CBC01B0909.ocx
Fri Nov 16 07:33:18 2007 => Scanning File C:\WINDOWS\System32\ccfgnt.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\CDFVIEW.DLL
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdm.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdmodem.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdosys.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\cdplayer.exe.manifest
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\certcli.dll
Fri Nov 16 07:33:19 2007 => Scanning File C:\WINDOWS\System32\certmgr.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\certmgr.msc
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\cewmdm.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\cfgbkend.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\cfgmgr32.dll
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\chajei.ime
Fri Nov 16 07:33:20 2007 => Scanning File C:\WINDOWS\System32\charmap.exe
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\Chaînes.scf
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chcp.com
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chkdsk.exe
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chkntfs.exe
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chsbrkr.dll
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\chtbrkr.dll
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\ciadmin.dll
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\ciadv.msc
Fri Nov 16 07:33:21 2007 => Scanning File C:\WINDOWS\System32\cic.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cidaemon.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\CinemSup.sys
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\CINTLGNT.IME
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\ciodm.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cisvc.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\ckcnv.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\clb.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\clbcatex.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\clbcatq.dll
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cleanmgr.exe
Fri Nov 16 07:33:22 2007 => Scanning File C:\WINDOWS\System32\cliconf.chm
Fri Nov 16 07:33:23 2007 => Scanning File C:\WINDOWS\System32\cliconfg.dll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cliconfg.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cliconfg.rll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\clipbrd.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\clipsrv.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\clusapi.dll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cmcfg32.dll
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cmd.exe
Fri Nov 16 07:33:24 2007 => Scanning File C:\WINDOWS\System32\cmdial32.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmdl32.exe
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmmgr32.hlp
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmmon32.exe
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmos.ram
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmpbk32.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmprops.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmstp.exe
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cmutil.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cnbjmon.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cnetcfg.dll
Fri Nov 16 07:33:25 2007 => Scanning File C:\WINDOWS\System32\cnvfat.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\colbact.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comaddin.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comcat.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comct332.ocx
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comctl32.dll
Fri Nov 16 07:33:26 2007 => Scanning File C:\WINDOWS\System32\comctl32.ocx
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comdlg32.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comdlg32.ocx
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comm.drv
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\command.com
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\commdlg.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comp.exe
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compact.exe
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compatUI.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compmgmt.msc
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compobj.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\compstui.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comrepl.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comres.dll
Fri Nov 16 07:33:27 2007 => Scanning File C:\WINDOWS\System32\comsnap.dll
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\comsvcs.dll
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\comuid.dll
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\CONFIG.NT
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\CONFIG.TMP
Fri Nov 16 07:33:28 2007 => Scanning File C:\WINDOWS\System32\confmsp.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\conime.exe
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\console.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\control.exe
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\convert.exe
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\corpol.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\country.sys
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\credui.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\crtdll.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\crypt32.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\cryptdlg.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\cryptdll.dll
Fri Nov 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\cryptext.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cryptsvc.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cryptui.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cscdll.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cscript.exe
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\cscui.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\csrsrv.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\csrss.exe
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\csseqchk.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\Ctaa1.dat
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctdvda32.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctl3d32.dll
Fri Nov 16 07:33:30 2007 => Scanning File C:\WINDOWS\System32\ctl3dv2.dll
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\ctype.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_037.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10000.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10001.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10002.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10003.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10006.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10007.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10008.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10010.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10017.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10029.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10079.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10081.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_10082.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1026.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1250.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1251.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1252.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1253.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1254.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1255.nls
Fri Nov 16 07:33:31 2007 => Scanning File C:\WINDOWS\System32\c_1256.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_1257.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_1258.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_1361.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20000.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20127.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20261.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20290.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20866.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20905.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20932.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20936.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_20949.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_21027.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_21866.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_28591.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_28592.nls
Fri Nov 16 07:33:32 2007 => Scanning File C:\WINDOWS\System32\c_28593.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\C_28594.NLS
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\C_28595.NLS
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\C_28597.NLS
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28598.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28599.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28603.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_28605.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_437.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_500.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_737.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_775.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_850.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_852.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_855.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_857.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_860.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_861.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_863.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_865.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_866.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_869.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_874.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_875.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_932.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_936.nls
Fri Nov 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\c_949.nls
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\c_950.nls
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\c_g18030.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\c_is2022.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\d3d8.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\d3d8thk.dll
Fri Nov 16 07:33:34 2007 => Scanning File C:\WINDOWS\System32\d3d9.dll
Fri Nov 16 07:33:35 2007 => Scanning File C:\WINDOWS\System32\d3dim.dll
Fri Nov 16 07:33:35 2007 => Scanning File C:\WINDOWS\System32\d3dim700.dll
Fri Nov 16 07:33:35 2007 => Scanning File C:\WINDOWS\System32\d3dpmesh.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\d3dramp.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\d3drm.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\d3dxof.dll
Fri Nov 16 07:33:36 2007 => Scanning File C:\WINDOWS\System32\DANIM.DLL
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dataclen.dll
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\datime.dll
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\davclnt.dll
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\daxctle.ocx
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dayi.ime
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dayiphr.tbl
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dayiptr.tbl
Fri Nov 16 07:33:37 2007 => Scanning File C:\WINDOWS\System32\dbgeng.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbghelp.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbmsadsn.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbmsrpcn.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbmsvinn.dLL
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\DBnetlib.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dbnmpntw.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\Dcache.bin
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dciman32.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\dcomcnfg.exe
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddeml.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddeshare.exe
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddraw.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\ddrawex.dll
Fri Nov 16 07:33:38 2007 => Scanning File C:\WINDOWS\System32\debug.exe
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\declrds.ax
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\defrag.exe
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\desk.cpl
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\deskadp.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\deskmon.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\deskperf.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\desktop.ini
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\devenum.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\devmgmt.msc
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\devmgr.dll
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\dfrg.msc
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\dfrgfat.exe
Fri Nov 16 07:33:39 2007 => Scanning File C:\WINDOWS\System32\dfrgntfs.exe
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfrgres.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfrgsnap.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfrgui.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dgnet.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dgrpsetu.dll
Fri Nov 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\dgsetup.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\dhcpcsvc.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\dhcpmon.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\dhcpsapi.dll
Fri Nov 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\diactfrm.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\diantz.exe
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\digest.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\dimap.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\dinput.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\dinput8.dll
Fri Nov 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\diskcomp.com
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskcopy.com
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskcopy.dll
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskmgmt.msc
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskpart.exe
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\diskperf.exe
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\dispex.dll
Fri Nov 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\DivX.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec.ax
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec_0407.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec_040c.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxdec_0411.dll
Fri Nov 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\divxenc.ax
Fri Nov 16 07:33:45 2007 => Scanning File C:\WINDOWS\System32\divx_xx07.dll
Fri Nov 16 07:33:46 2007 => Scanning File C:\WINDOWS\System32\divx_xx0c.dll
Fri Nov 16 07:33:46 2007 => Scanning File C:\WINDOWS\System32\divx_xx11.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dllhst3g.exe
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmband.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmcompos.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmconfig.dll
Fri Nov 16 07:33:47 2007 => Scanning File C:\WINDOWS\System32\dmdlgs.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmdskmgr.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmdskres.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmime.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmintf.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmloader.dll
Fri Nov 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\dmocx.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmremote.exe
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmscript.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmserver.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmstyle.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmsynth.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmusic.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmutil.dll
Fri Nov 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\dmview.ocx
Fri Nov 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\dngknxww.dll
Fri Nov 16 07:33:50 2007 => File C:\WINDOWS\System32\dngknxww.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.aps. No Action Taken.
Me revoilà apparemment je n'ai plus C:\WINDOWS\System32\ssqrp.dll dans mon système j'ai fait regedit ainsi que tout ce que tu m'a dit et tout ce qui a après msv1_0 c'est LsaPid (dans la colonne nom) REG_DWORD (dans la colonne type) et dans la colonne donnée 0x00000314 (788). je pense que tout a été effacé lors du prédédent nettoyage que j'ai effectué.
