Sujet Précédent Sujet Suivant

Impossible d'explorer le disque C

Vincent -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

Je viens de comprende que j'ai attrapper plusieurs Worms ou Spyware... ou je ne sais quoi !

Avant toute chose, je souhaitait faire un scan avec Hijackthis, mais dès le début cela coince !

Je ne peux plus explorer mon disque C. Il ouvre automatiquement la boite de dialogue "Ouvrir avec", et lorsque je fais un "Clic droit" il apparait de multiple symbole a la place de "ouvrir", "explorer"...

Pour info : J'ai notamment Antivir et Spybot qui me détectent des fichiers comme : HEUR/exploit, hupigon 13, syston, nx.exe.... y a-t-il un lien ?

Merci de me donner un coup de main.
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
Leahkim Messages postés 3219 Statut Membre 281
 
Bonjour,

la, t'es tombé sur un truc sévère. Alors, on va faire un truc simple, ouvre ton gestionnaire des taches, (ctrl + alt + suppr), va dans l'onglet processus, et fais clique droit sur explorer.exe, puis clique sur "terminer processus", puis "oui". ensuite, tu clqiues en haut sur le menu "fichier", puis "nouvelle tache", et la tape explorer.exe.

en cours de route, tes icones et ta barre des taches auront disparu, c'est normal.

si ça ne résou pas ton probleme, fais une capture d'écran du gestionnaire des taches, et envoie la moi:

smeagoln@hotmail.com
0
Réponse 2 / 23
Vincent
 
Imossible d'ouvrir le Gestionnaire de tâches.

RIEN NE SE PASSE !

Je commence à avoir peur là
0
Réponse 3 / 23
Leahkim Messages postés 3219 Statut Membre 281
 
formate
0
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
pour suivre
0
Réponse 4 / 23
Vincent
 
J'espere que vous n'êtes pas sérieux !!

Comment faire pour effectuer la sauvergarde de mes fichiers !!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
Leahkim Messages postés 3219 Statut Membre 281
 
Ecoutez, je ne suis pas du tout d'habitude defaitiste, mais la, a par formater je ne vois pas.

peut etre en réinstallant windows sans formater votre disque vous vaez une chance que seul le système était infecté.

Bon, une autre solution, la restauration du système ... restaurer votre système a une date ou vous n'aviez pas de probleme ...
0
Réponse 6 / 23
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

poste le rapport d'antivir;

Tu as téléchargé hijackrhis ?

Si oui, Qu'est ce qui se passe quand tu l'exécutes ?

- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
0
Réponse 7 / 23
Vincent
 
Merci,

Ci dessous le Rapport de Antivir
J'ai pas encore téléchargé HidjackThis, car de mémoireil faut l'installer sous la racine C. Mais j'y est pas accès pas le "Poste de travail"...

<ital>

AntiVir PersonalEdition Classic
Report file date: vendredi 17 novembre 2000 15:44

Scanning for 932510 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: VINCENT

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:56
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 14:17:20
ANTIVIR3.VDF : 7.0.0.226 98304 Bytes 16/11/2007 14:17:20
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 17/11/2000 14:17:20
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 17 novembre 2000 15:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'AcroTray.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'AgentDesktop.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned
Scan process 'ezSP_Px.exe' - '1' Module(s) have been scanned
Scan process 'TouchED.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'TFNF5.EXE' - '1' Module(s) have been scanned
Scan process 'TosHKCW.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'TPWRTRAY.EXE' - '1' Module(s) have been scanned
Scan process '00THotkey.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\nx.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] A backup was created as '3a4344bc.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\I386\COMPDATA\CSMIGRAT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246b1.qua'!
C:\I386\COMPDATA\CSREM32.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746b1.qua'!
C:\I386\COMPDATA\CTZ_CRDL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6f46b2.qua'!
C:\I386\COMPDATA\DAYT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6e469f.qua'!
C:\I386\COMPDATA\DECATAPI.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a3.qua'!
C:\I386\COMPDATA\DECML.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c97c.qua'!
C:\I386\COMPDATA\DELLPS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146a3.qua'!
C:\I386\COMPDATA\DELLTH.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1dc97c.qua'!
C:\I386\COMPDATA\DELPERC2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146a5.qua'!
C:\I386\COMPDATA\DIRECTCD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746a7.qua'!
C:\I386\COMPDATA\DLCPROTO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846aa.qua'!
C:\I386\COMPDATA\DMIBIOS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46ab.qua'!
C:\I386\COMPDATA\DOCK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846ad.qua'!
C:\I386\COMPDATA\DOCKSVC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c976.qua'!
C:\I386\COMPDATA\DRVNCDB.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6b46b0.qua'!
C:\I386\COMPDATA\DSMU.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ec96a.qua'!
C:\I386\COMPDATA\DV_COMP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a7446b4.qua'!
C:\I386\COMPDATA\DV_GEN.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a7446b5.qua'!
C:\I386\COMPDATA\DWRITE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746b6.qua'!
C:\I386\COMPDATA\EICONTA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a8.qua'!
C:\I386\COMPDATA\ELSAMX.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846ab.qua'!
C:\I386\COMPDATA\ENSONIQV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846ad.qua'!
C:\I386\COMPDATA\ENSQAUDM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c976.qua'!
C:\I386\COMPDATA\EPSCOLOR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846af.qua'!
C:\I386\COMPDATA\EPSON1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c968.qua'!
C:\I386\COMPDATA\EPSON3.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846b1.qua'!
C:\I386\COMPDATA\EPSON4.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c96a.qua'!
C:\I386\COMPDATA\EPSP1270.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846b3.qua'!
C:\I386\COMPDATA\EPSPHOTO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c96c.qua'!
C:\I386\COMPDATA\EXCHANGE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846b7.qua'!
C:\I386\COMPDATA\FAZAM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6f46a0.qua'!
C:\I386\COMPDATA\FIDMOU.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946a8.qua'!
C:\I386\COMPDATA\FLOWCH7.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6446ab.qua'!
C:\I386\COMPDATA\FTCOMP1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846b3.qua'!
C:\I386\COMPDATA\FTCOMP2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c96c.qua'!
C:\I386\COMPDATA\FTCOMP3.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846b5.qua'!
C:\I386\COMPDATA\GENERIC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346a4.qua'!
C:\I386\COMPDATA\GENIUS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1fc97d.qua'!
C:\I386\COMPDATA\GLINT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b22c974.qua'!
C:\I386\COMPDATA\GSNW.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346b2.qua'!
C:\I386\COMPDATA\HALHOOK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146a0.qua'!
C:\I386\COMPDATA\HDMIB.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246a3.qua'!
C:\I386\COMPDATA\HDMON.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ec97c.qua'!
C:\I386\COMPDATA\HERCULES.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746a4.qua'!
C:\I386\COMPDATA\HP3300C.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4846af.qua'!
C:\I386\COMPDATA\HP4050P6.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4946af.qua'!
C:\I386\COMPDATA\HP4300C.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b35c968.qua'!
C:\I386\COMPDATA\HP5300C.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4a46af.qua'!
C:\I386\COMPDATA\HPAIO1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646af.qua'!
C:\I386\COMPDATA\HPAIO2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2ac968.qua'!
C:\I386\COMPDATA\HPCLJ450.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846af.qua'!
C:\I386\COMPDATA\HPCLJ850.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c968.qua'!
C:\I386\COMPDATA\HPCOMPAT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846b1.qua'!
C:\I386\COMPDATA\HPDJ1000.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946af.qua'!
C:\I386\COMPDATA\HPDJ610.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c968.qua'!
C:\I386\COMPDATA\HPDJ810.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946b1.qua'!
C:\I386\COMPDATA\HPDJ815.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c96a.qua'!
C:\I386\COMPDATA\HPDJ830.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946b3.qua'!
C:\I386\COMPDATA\HPDJ880.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c96c.qua'!
C:\I386\COMPDATA\HPDJ900.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946b5.qua'!
C:\I386\COMPDATA\HPDMI.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c96e.qua'!
C:\I386\COMPDATA\HPDSK1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946b7.qua'!
C:\I386\COMPDATA\HPDSK10.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c960.qua'!
C:\I386\COMPDATA\HPDSK11.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946b9.qua'!
C:\I386\COMPDATA\HPDSK12.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c962.qua'!
C:\I386\COMPDATA\HPDSK13.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946bb.qua'!
C:\I386\COMPDATA\HPDSK14.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c964.qua'!
C:\I386\COMPDATA\HPDSK2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946bd.qua'!
C:\I386\COMPDATA\HPDSK3.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c966.qua'!
C:\I386\COMPDATA\HPDSK4.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946bf.qua'!
C:\I386\COMPDATA\HPDSK5.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c918.qua'!
C:\I386\COMPDATA\HPDSK6.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946c1.qua'!
C:\I386\COMPDATA\HPDSK7.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c91a.qua'!
C:\I386\COMPDATA\HPDSK8.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946c3.qua'!
C:\I386\COMPDATA\HPDSK9.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c91c.qua'!
C:\I386\COMPDATA\HPI_USB.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46af.qua'!
C:\I386\COMPDATA\HPLJ1100.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146af.qua'!
C:\I386\COMPDATA\HPLJ4050.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1dc968.qua'!
C:\I386\COMPDATA\HPLJ5E.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146b1.qua'!
C:\I386\COMPDATA\HPLOCK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1dc96a.qua'!
C:\I386\COMPDATA\HPMMKB.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246af.qua'!
C:\I386\COMPDATA\HPMON.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ec968.qua'!
C:\I386\COMPDATA\HPNRD4M.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346af.qua'!
C:\I386\COMPDATA\HPOJG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6446af.qua'!
C:\I386\COMPDATA\HPPS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546af.qua'!
C:\I386\COMPDATA\HPSMART.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846b5.qua'!
C:\I386\COMPDATA\HPSPARNT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c96e.qua'!
C:\I386\COMPDATA\HPTTIDM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946af.qua'!
C:\I386\COMPDATA\HP_PLD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a7446af.qua'!
C:\I386\COMPDATA\I2CNT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a584691.qua'!
C:\I386\COMPDATA\IAVBOOT4.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6b46a0.qua'!
C:\I386\COMPDATA\IBMIR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246a1.qua'!
C:\I386\COMPDATA\IBMMPG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ec97a.qua'!
C:\I386\COMPDATA\IBMSVA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246a5.qua'!
C:\I386\COMPDATA\IBMTP4.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ec97e.qua'!
C:\I386\COMPDATA\IBMVC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246a7.qua'!
C:\I386\COMPDATA\IBM_UMS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ec970.qua'!
C:\I386\COMPDATA\ICPV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546a2.qua'!
C:\I386\COMPDATA\ICSUPGRD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846a2.qua'!
C:\I386\COMPDATA\ILS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c974.qua'!
C:\I386\COMPDATA\IMATION.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646ac.qua'!
C:\I386\COMPDATA\INCOMPAT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c96a.qua'!
C:\I386\COMPDATA\INITIO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46ad.qua'!
C:\I386\COMPDATA\INTELAPP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946ad.qua'!
C:\I386\COMPDATA\INTELATA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b15c976.qua'!
C:\I386\COMPDATA\INTELLIP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b15c968.qua'!
C:\I386\COMPDATA\INTLSISL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946b1.qua'!
C:\I386\COMPDATA\IOCLICK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846ae.qua'!
C:\I386\COMPDATA\IOMEGA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246ae.qua'!
C:\I386\COMPDATA\ISHRNT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5d46b2.qua'!
C:\I386\COMPDATA\ISOTP4.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6446b2.qua'!
C:\I386\COMPDATA\ISVGINA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6b46b2.qua'!
C:\I386\COMPDATA\IX526FC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4a46b7.qua'!
C:\I386\COMPDATA\KMW.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6c46ac.qua'!
C:\I386\COMPDATA\KODK4800.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946ae.qua'!
C:\I386\COMPDATA\LAPLINK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546a0.qua'!
C:\I386\COMPDATA\LAPLNK2K.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b19c979.qua'!
C:\I386\COMPDATA\LDCM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a5.qua'!
C:\I386\COMPDATA\LEX3200.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6d46a4.qua'!
C:\I386\COMPDATA\LEXDLC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b11c97d.qua'!
C:\I386\COMPDATA\LEXOPTRA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6d46a6.qua'!
C:\I386\COMPDATA\LEXTCP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6d46a5.qua'!
C:\I386\COMPDATA\LM5700.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4a46ad.qua'!
C:\I386\COMPDATA\LM75.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4c46ad.qua'!
C:\I386\COMPDATA\LM78.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b30c976.qua'!
C:\I386\COMPDATA\LMOPTRA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6446ad.qua'!
C:\I386\COMPDATA\LMREPL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746ad.qua'!
C:\I386\COMPDATA\3COM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6446a3.qua'!
C:\I386\COMPDATA\AACRAID.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a1.qua'!
C:\I386\COMPDATA\ACER640P.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5a46a3.qua'!
C:\I386\COMPDATA\ACLIENT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1dc97e.qua'!
C:\I386\COMPDATA\ACS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846a3.qua'!
C:\I386\COMPDATA\ADAPTEC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646a4.qua'!
C:\I386\COMPDATA\ADMPKW2K.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246a4.qua'!
C:\I386\COMPDATA\ADMPKXP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ec97d.qua'!
C:\I386\COMPDATA\AHA8940.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646a8.qua'!
C:\I386\COMPDATA\AICDRV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a9.qua'!
C:\I386\COMPDATA\ALKB2K.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6046ac.qua'!
C:\I386\COMPDATA\ALPSPRT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546ac.qua'!
C:\I386\COMPDATA\APFILTR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5b46b0.qua'!
C:\I386\COMPDATA\APMERROR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246b0.qua'!
C:\I386\COMPDATA\ARTCAS6E.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946b2.qua'!
C:\I386\COMPDATA\ASSETCI.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846b7.qua'!
C:\I386\COMPDATA\ATGUARD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5c46b5.qua'!
C:\I386\COMPDATA\ATKPROTO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6046b5.qua'!
C:\I386\COMPDATA\AVPGATEK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546b7.qua'!
C:\I386\COMPDATA\AWARD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646b8.qua'!
C:\I386\COMPDATA\BAYMAN.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6e46a2.qua'!
C:\I386\COMPDATA\BLACKICE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646ad.qua'!
C:\I386\COMPDATA\BOSERROR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846b0.qua'!
C:\I386\COMPDATA\CALCOMP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146a2.qua'!
C:\I386\COMPDATA\CANO620P.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346a2.qua'!
C:\I386\COMPDATA\CANOS100.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1fc97b.qua'!
C:\I386\COMPDATA\CARDEXEC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746a2.qua'!
C:\I386\COMPDATA\CDR4VSD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746a5.qua'!
C:\I386\COMPDATA\CERTSRV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746a6.qua'!
C:\I386\COMPDATA\CIC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c973.qua'!
C:\I386\COMPDATA\CIMGR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246aa.qua'!
C:\I386\COMPDATA\CISCOACU.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846aa.qua'!
C:\I386\COMPDATA\CLDVD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946ad.qua'!
C:\I386\COMPDATA\CLTMGR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b15c96a.qua'!
C:\I386\COMPDATA\CNBJ51.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746af.qua'!
C:\I386\COMPDATA\CNMULTI1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246b3.qua'!
C:\I386\COMPDATA\CPQDIAGC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6646b1.qua'!
C:\I386\COMPDATA\CPQIJ.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ac96a.qua'!
C:\I386\COMPDATA\CPQKBD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6646b3.qua'!
C:\I386\COMPDATA\CPQMULTI.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ac96c.qua'!
C:\I386\COMPDATA\CPQPNPMG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6646b5.qua'!
C:\I386\COMPDATA\CPQPWREX.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1ac96e.qua'!
C:\I386\COMPDATA\CPUFEAT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6a46b1.qua'!
C:\I386\COMPDATA\CRASHMON.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646b3.qua'!
C:\I386\COMPDATA\CRUISE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6a46b3.qua'!
C:\I386\COMPDATA\CRYSTAL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6e46b3.qua'!
C:\I386\COMPDATA\CS4281.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4946b4.qua'!
C:\I386\COMPDATA\CSA64XX.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646b4.qua'!
C:\I386\COMPDATA\VISN5300.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c973.qua'!
C:\I386\COMPDATA\VISN6100.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846ac.qua'!
C:\I386\COMPDATA\WACOMDRV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a2.qua'!
C:\I386\COMPDATA\WCE21.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5a46a4.qua'!
C:\I386\COMPDATA\WCGODRV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5c46a4.qua'!
C:\I386\COMPDATA\WCMIGRAT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246a6.qua'!
C:\I386\COMPDATA\WEBSCANX.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746a6.qua'!
C:\I386\COMPDATA\WINACHSF.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346aa.qua'!
C:\I386\COMPDATA\WINSQL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1fc973.qua'!
C:\I386\COMPDATA\WTCLS2K.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c96e.qua'!
C:\I386\COMPDATA\XEROX1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1bc97f.qua'!
C:\I386\COMPDATA\XEROX2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a674658.qua'!
C:\I386\COMPDATA\XEROX4.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1bc981.qua'!
C:\I386\COMPDATA\XEROX5.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a67465a.qua'!
C:\I386\COMPDATA\XEROX6.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1bc983.qua'!
C:\I386\COMPDATA\XEROXWCT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a67465c.qua'!
C:\I386\COMPDATA\XLINK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b22c976.qua'!
C:\I386\COMPDATA\YACXG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c97b.qua'!
C:\I386\COMPDATA\YMHSYNTH.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5d46ae.qua'!
C:\I386\COMPDATA\ZIPMAGIC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546aa.qua'!
C:\I386\COMPDATA\LOGITECH.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5c46b0.qua'!
C:\I386\COMPDATA\LOGKCMD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b20c969.qua'!
C:\I386\COMPDATA\LQDAUDIO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946b2.qua'!
C:\I386\COMPDATA\LTMODEM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246b5.qua'!
C:\I386\COMPDATA\MACDRIVE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a4.qua'!
C:\I386\COMPDATA\MAESTRO0.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5a46a2.qua'!
C:\I386\COMPDATA\MAXELL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6d46a2.qua'!
C:\I386\COMPDATA\MCA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2ac97d.qua'!
C:\I386\COMPDATA\MCFILTER.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5b46a4.qua'!
C:\I386\COMPDATA\MCROTK60.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1bc97d.qua'!
C:\I386\COMPDATA\MCROTKC3.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1bc985.qua'!
C:\I386\COMPDATA\MCROTKS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a67465e.qua'!
C:\I386\COMPDATA\MELCO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146a6.qua'!
C:\I386\COMPDATA\MFPBR.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546a7.qua'!
C:\I386\COMPDATA\MFPHP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b19c970.qua'!
C:\I386\COMPDATA\MGACTRL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2ac971.qua'!
C:\I386\COMPDATA\MIN8E.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346ac.qua'!
C:\I386\COMPDATA\MINPW20.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1fc975.qua'!
C:\I386\COMPDATA\MNLT1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146b3.qua'!
C:\I386\COMPDATA\MPATH.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646b1.qua'!
C:\I386\COMPDATA\MSMQCOMP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246b4.qua'!
C:\I386\COMPDATA\MSP1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546b4.qua'!
C:\I386\COMPDATA\MSP2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b19c96d.qua'!
C:\I386\COMPDATA\MSSS3.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846b4.qua'!
C:\I386\COMPDATA\MSTOCK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946b4.qua'!
C:\I386\COMPDATA\MTA57080.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646b5.qua'!
C:\I386\COMPDATA\NAV5.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6b46a2.qua'!
C:\I386\COMPDATA\NBFPROTO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5b46a3.qua'!
C:\I386\COMPDATA\NDCPRTNS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c97e.qua'!
C:\I386\COMPDATA\NECPG1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846a6.qua'!
C:\I386\COMPDATA\NETFMIGT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946a6.qua'!
C:\I386\COMPDATA\NMSMS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846ae.qua'!
C:\I386\COMPDATA\NTDSUPG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946c5.qua'!
C:\I386\COMPDATA\NTDSUPGD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c91e.qua'!
C:\I386\COMPDATA\NWCLI32.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846b8.qua'!
C:\I386\COMPDATA\OCABLOCK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646a6.qua'!
C:\I386\COMPDATA\OILCHG25.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146aa.qua'!
C:\I386\COMPDATA\OKIPG1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46ac.qua'!
C:\I386\COMPDATA\OKIPG2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b22c975.qua'!
C:\I386\COMPDATA\OKIPG8W.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46ae.qua'!
C:\I386\COMPDATA\OMC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c977.qua'!
C:\I386\COMPDATA\OMNIPG10.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346ae.qua'!
C:\I386\COMPDATA\ONSTREAM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c960.qua'!
C:\I386\COMPDATA\ORB.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746b3.qua'!
C:\I386\COMPDATA\PALM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1dc97b.qua'!
C:\I386\COMPDATA\PANADVD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346a6.qua'!
C:\I386\COMPDATA\PANDA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1fc97f.qua'!
C:\I386\COMPDATA\PCANY.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2ac97f.qua'!
C:\I386\COMPDATA\PCCILLIN.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c97d.qua'!
C:\I386\COMPDATA\PCIINFO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46a4.qua'!
C:\I386\COMPDATA\PCPNP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546a5.qua'!
C:\I386\COMPDATA\PELMOUSE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6146a7.qua'!
C:\I386\COMPDATA\PFS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846a8.qua'!
C:\I386\COMPDATA\PHNIXAD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1fc977.qua'!
C:\I386\COMPDATA\PHPIPE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b19c973.qua'!
C:\I386\COMPDATA\PLUST120.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6a46ae.qua'!
C:\I386\COMPDATA\POWER.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6c46b1.qua'!
C:\I386\COMPDATA\POWPATH.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b10c96a.qua'!
C:\I386\COMPDATA\PROCCNT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6446b4.qua'!
C:\I386\COMPDATA\PROLIGHT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b18c96d.qua'!
C:\I386\COMPDATA\PS2CONT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4746b5.qua'!
C:\I386\COMPDATA\PSTRIP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946b5.qua'!
C:\I386\COMPDATA\PUMACSM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6246b7.qua'!
C:\I386\COMPDATA\PWRICON.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6746b9.qua'!
C:\I386\COMPDATA\QIC117.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846ab.qua'!
C:\I386\COMPDATA\QUICK3.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46b7.qua'!
C:\I386\COMPDATA\RCENTRL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5a46a5.qua'!
C:\I386\COMPDATA\REACHOUT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646a7.qua'!
C:\I386\COMPDATA\RIPTIDE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546ab.qua'!
C:\I386\COMPDATA\RUNONCE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346b7.qua'!
C:\I386\COMPDATA\SBS45FXC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846a4.qua'!
C:\I386\COMPDATA\SBS50FXC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c97d.qua'!
C:\I386\COMPDATA\SCANDRV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646a5.qua'!
C:\I386\COMPDATA\SDSELECT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846a6.qua'!
C:\I386\COMPDATA\SFUNFSCG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6a46a8.qua'!
C:\I386\COMPDATA\SHARSHTL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646aa.qua'!
C:\I386\COMPDATA\SIGMA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5c46ab.qua'!
C:\I386\COMPDATA\SIIG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b22c968.qua'!
C:\I386\COMPDATA\SIIGC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46b1.qua'!
C:\I386\COMPDATA\SISV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846b9.qua'!
C:\I386\COMPDATA\SIWVID.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6c46ab.qua'!
C:\I386\COMPDATA\SKUSBKBF.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6a46ad.qua'!
C:\I386\COMPDATA\SMS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c962.qua'!
C:\I386\COMPDATA\SNA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646b0.qua'!
C:\I386\COMPDATA\SNIDMI.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46b0.qua'!
C:\I386\COMPDATA\SNIDPMS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b22c969.qua'!
C:\I386\COMPDATA\SNIPCI.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46b2.qua'!
C:\I386\COMPDATA\SOFTOFF.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5b46b1.qua'!
C:\I386\COMPDATA\SONIC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6346b1.qua'!
C:\I386\COMPDATA\SONYJDU.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1fc96a.qua'!
C:\I386\COMPDATA\SPXBLOCK.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6d46b2.qua'!
C:\I386\COMPDATA\SQL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b1dc96c.qua'!
C:\I386\COMPDATA\SSCNTRL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c960.qua'!
C:\I386\COMPDATA\SSI365.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46b5.qua'!
C:\I386\COMPDATA\SSPOWER.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546b5.qua'!
C:\I386\COMPDATA\STB.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746b6.qua'!
C:\I386\COMPDATA\SWOFF.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6446b9.qua'!
C:\I386\COMPDATA\SYSHWCFG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846bb.qua'!
C:\I386\COMPDATA\SYSMGMT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c964.qua'!
C:\I386\COMPDATA\SYSMON.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846bd.qua'!
C:\I386\COMPDATA\TITSB.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6946ab.qua'!
C:\I386\COMPDATA\TIVOLI.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6b46ab.qua'!
C:\I386\COMPDATA\TMASTER.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2ac96a.qua'!
C:\I386\COMPDATA\TMDIGPRO.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946c7.qua'!
C:\I386\COMPDATA\TMDUALAG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b25c910.qua'!
C:\I386\COMPDATA\TOPTOOLS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546b1.qua'!
C:\I386\COMPDATA\TOSDVD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b14c966.qua'!
C:\I386\COMPDATA\TPCHRSRV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846b2.qua'!
C:\I386\COMPDATA\TPCONFIG.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c96b.qua'!
C:\I386\COMPDATA\TPFUEL.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5b46b2.qua'!
C:\I386\COMPDATA\TPPMPORT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6546b2.qua'!
C:\I386\COMPDATA\TRIDWNW.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5e46b4.qua'!
C:\I386\COMPDATA\TSBAPM.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746b5.qua'!
C:\I386\COMPDATA\TSBASD.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2bc96e.qua'!
C:\I386\COMPDATA\TSBDS.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746b7.qua'!
C:\I386\COMPDATA\TSBHDDPW.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2bc960.qua'!
C:\I386\COMPDATA\TSBMC.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746b9.qua'!
C:\I386\COMPDATA\TSBSELBA.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2bc962.qua'!
C:\I386\COMPDATA\TSBVCAP.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5746bb.qua'!
C:\I386\COMPDATA\TSCOMP4.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5846b9.qua'!
C:\I386\COMPDATA\TSCOMP5.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b24c962.qua'!
C:\I386\COMPDATA\TSSCIDRV.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6846bf.qua'!
C:\I386\COMPDATA\TT128.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a4646b6.qua'!
C:\I386\COMPDATA\UMAX.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b2ac96c.qua'!
C:\I386\COMPDATA\UTUPGR05.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a6a46b6.qua'!
C:\I386\COMPDATA\UTUPGR06.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b16c96f.qua'!
C:\I386\COMPDATA\VGAMODE.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5646a9.qua'!
C:\I386\COMPDATA\VIDAPPLT.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a5946ab.qua'!
C:\WINDOWS\directxs.exe
[DETECTION] Is the Trojan horse TR/Clicker.TV
[INFO] A backup was created as '3a8747b7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\PowerToyReadme.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8c481b.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8a486d.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_a.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bf5e81e.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_b.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8a486f.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bf5e800.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8a4871.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bf5e802.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8a4873.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bf5e804.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8a4875.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bf5e806.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8a4877.qua'!
C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bf5e808.qua'!
C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a844861.qua'!
C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a834861.qua'!
C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a814871.qua'!
C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bfee802.qua'!
C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a814873.qua'!
C:\WINDOWS\system32\oobe\html\isptype\isptype.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a854872.qua'!
C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a844862.qua'!
C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a834862.qua'!
C:\WINDOWS\system32\oobe\setup\act_plcy.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a894862.qua'!
C:\WINDOWS\system32\oobe\setup\acterror.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3bf7d28b.qua'!
C:\WINDOWS\system32\oobe\setup\activate.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a894864.qua'!
C:\WINDOWS\system32\oobe\setup\badeula.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a794860.qua'!
C:\WINDOWS\system32\oobe\setup\badpkey.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b07d289.qua'!
C:\WINDOWS\system32\oobe\setup\compname.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a82486e.qua'!
C:\WINDOWS\system32\oobe\setup\dialup.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a764868.qua'!
C:\WINDOWS\system32\oobe\setup\drdyisp.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a794871.qua'!
C:\WINDOWS\system32\oobe\setup\drdymig.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b07d29a.qua'!
C:\WINDOWS\system32\oobe\setup\drdyoem.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a794873.qua'!
C:\WINDOWS\system32\oobe\setup\drdyref.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a794872.qua'!
C:\WINDOWS\system32\oobe\setup\dtiwait.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a7e4874.qua'!
C:\WINDOWS\system32\oobe\setup\fini.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a834869.qua'!
C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a8c486e.qua'!
C:\WINDOWS\system32\oobe\setup\iconn.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a844863.qua'!
C:\WINDOWS\system32\oobe\setup\ident1.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a7a4864.qua'!
C:\WINDOWS\system32\oobe\setup\ident2.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3b04d28d.qua'!
C:\WINDOWS\system32\oobe\setup\isp.htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '3a854873.qua'!
C:\WINDOWS\system32\oobe\setup\ispwait.htm
[DETECTION] Contains suspicious code HEUR/
0
Réponse 8 / 23
Vincent
 
Voici le rapport de DiagHelp :

DiagHelp version v1.4 - http://www.malekal.com
excute le 18/11/2007 à 13:29:25,16

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->18/11/2007 13:29:18
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->18/11/2007 13:29:16
C:\WINDOWS\prefetch\WINZIP32.EXE-382A5A28.pf -->18/11/2007 13:27:18
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->18/11/2007 13:21:38
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->18/11/2007 13:19:34
C:\WINDOWS\prefetch\AVCENTER.EXE-058B10AA.pf -->18/11/2007 13:19:02
C:\WINDOWS\prefetch\NIRCMD.CFEXE-19FF4781.pf -->18/11/2007 13:00:12
C:\WINDOWS\prefetch\GREP.CFEXE-20443039.pf -->18/11/2007 13:00:02
C:\WINDOWS\prefetch\COMBOFIX.EXE-0C457F42.pf -->18/11/2007 13:00:02
C:\WINDOWS\prefetch\NIRCMD.EXE-1F7FED22.pf -->18/11/2007 13:00:00

C:\WINDOWS\System32\drivers\cdr4_xp.sys -->16/08/2007 00:33:12
C:\WINDOWS\System32\drivers\cdralw2k.sys -->16/08/2007 00:33:12
C:\WINDOWS\System32\drivers\pxhelp20.sys -->16/08/2007 00:33:10
C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:12
C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:20
C:\WINDOWS\System32\drivers\ssmdrv.sys -->01/03/2007 10:34:38
C:\WINDOWS\System32\drivers\fltmgr.sys -->21/08/2006 10:14:58

C:\WINDOWS\System32\wpa.dbl -->18/11/2007 12:49:28
C:\WINDOWS\System32\FNTCACHE.DAT -->14/11/2007 10:30:40
C:\WINDOWS\System32\divxdec.ax -->18/09/2007 14:24:32
C:\WINDOWS\System32\divx_xx07.dll -->17/09/2007 20:23:00
C:\WINDOWS\System32\divx_xx0c.dll -->17/09/2007 20:23:00
C:\WINDOWS\System32\divx_xx11.dll -->17/09/2007 20:22:58
C:\WINDOWS\System32\DivX.dll -->17/09/2007 20:22:58
C:\WINDOWS\System32\DivXCodecVersionChecker.exe -->12/09/2007 01:14:30
C:\WINDOWS\System32\dpl100.dll.manifest -->21/08/2007 02:26:52
C:\WINDOWS\System32\dtu100.dll.manifest -->21/08/2007 02:26:52
C:\WINDOWS\System32\dtu100.dll -->21/08/2007 02:26:52
C:\WINDOWS\System32\dpl100.dll -->21/08/2007 02:26:52
C:\WINDOWS\System32\DivXsm.exe -->16/08/2007 00:33:18
C:\WINDOWS\System32\dsm_fr.qm -->16/08/2007 00:33:18
C:\WINDOWS\System32\divxsm.tlb -->16/08/2007 00:33:18
C:\WINDOWS\System32\qt-dx331.dll -->16/08/2007 00:33:14
C:\WINDOWS\System32\pxhpinst.exe -->16/08/2007 00:33:12
C:\WINDOWS\System32\pxwave.dll -->16/08/2007 00:33:12
C:\WINDOWS\System32\pxmas.dll -->16/08/2007 00:33:12
C:\WINDOWS\System32\px.dll -->16/08/2007 00:33:10
C:\WINDOWS\System32\pxcpyi64.exe -->16/08/2007 00:33:10
C:\WINDOWS\System32\pxcpya64.exe -->16/08/2007 00:33:10
C:\WINDOWS\System32\pxinsi64.exe -->16/08/2007 00:33:10
C:\WINDOWS\System32\pxinsa64.exe -->16/08/2007 00:33:10
C:\WINDOWS\System32\pxdrv.dll -->16/08/2007 00:33:10

C:\WINDOWS\0-wlancfg.log -->18/11/2007 13:04:26
C:\WINDOWS\wiadebug.log -->18/11/2007 12:48:10
C:\WINDOWS\0.log -->18/11/2007 12:47:36
C:\WINDOWS\bootstat.dat -->18/11/2007 12:47:32
C:\WINDOWS\WindowsUpdate.log -->18/11/2007 12:46:32
C:\WINDOWS\SchedLgU.Txt -->18/11/2007 12:46:28
C:\WINDOWS\wiaservc.log -->18/11/2007 12:46:22
C:\WINDOWS\6-wlancfg.log -->17/11/2007 21:51:40
C:\WINDOWS\5-wlancfg.log -->17/11/2007 21:28:28
C:\WINDOWS\Studio7.ini -->13/11/2007 23:19:42
C:\WINDOWS\WMSysPr9.prx -->13/11/2007 23:18:20
C:\WINDOWS\wmsetup.log -->10/11/2007 00:12:18
C:\WINDOWS\MEMORY.DMP -->31/10/2007 18:31:42
C:\WINDOWS\DPINST.LOG -->14/09/2007 21:49:08
C:\WINDOWS\win.ini -->01/04/2007 18:05:28

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
EXPLORER.EXE pid: 1904
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x771b0000 0xce000 7.00.5730.0011 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x5dca0000 0x45000 7.00.5730.0011 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x61410000 0x124000 7.00.5730.0011 C:\WINDOWS\system32\urlmon.dll
0x7e1e0000 0x5c9000 7.00.5730.0011 C:\WINDOWS\system32\ieframe.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74b30000 0x3b000 7.00.5730.0011 C:\WINDOWS\system32\webcheck.dll
0x01bd0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x10000000 0xe000 3.63.0004.0000 C:\Program Files\MessengerPlus! 3\MsgPlusLoader.dll
0x01ae0000 0xd4000 6.14.0010.4591 C:\WINDOWS\system32\nView.dll
0x01ff0000 0x2a000 6.14.0010.4591 C:\WINDOWS\system32\NVWRSFR.DLL
0x02760000 0x86000 5.03.0305.0172 C:\Program Files\Apoint2K\Apoint.DLL
0x013b0000 0xd000 5.03.0001.0047 C:\WINDOWS\system32\Vxdif.dll
0x02b90000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02bb0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WinZip\WZSHLSTB.DLL
0x03020000 0x11a000 1.05.0000.0008 C:\PROGRA~1\SPYBOT~1\SDHelper.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
WINLOGON.EXE pid: 1040
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01150000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 432A-15F3

Répertoire de C:\WINDOWS\system32

20/08/2004 00:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 1 599 373 312 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 432A-15F3

Répertoire de C:\WINDOWS\system32

17/10/2003 16:02 1 323 008 dmcpl.exe
1 fichier(s) 1 323 008 octets
0 Rép(s) 1 599 373 312 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 432A-15F3

Répertoire de C:\WINDOWS\Downloaded Program Files

13/08/2002 15:24 <REP> .
13/08/2002 15:24 <REP> ..
13/08/2002 15:24 65 desktop.ini
11/07/2001 16:55 81 920 yinsthelper.dll
11/07/2001 19:06 325 yinst.inf
29/05/2002 23:12 9 488 sporder.dll
25/08/2003 18:12 1 096 iuctl.inf
21/10/2004 17:55 1 390 teleir_cert.osd
14/08/2005 00:26 113 664 MsnMessengerSetupDownloader.ocx
30/06/2005 15:19 227 MsnMessengerSetupDownloader.inf
26/11/2005 16:26 113 408 HMAtchmt.ocx
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
25/06/2006 12:50 1 793 erma.inf
11/12/2006 16:44 367 LegitCheckControl.inf
11/06/2007 12:21 5 021 swflash.inf
30/07/2007 19:24 293 wuweb.inf
02/11/2005 18:07 435 712 xscan53.ocx
02/11/2005 18:01 1 777 xscan.inf
16 fichier(s) 767 708 octets

Total des fichiers listés :
16 fichier(s) 767 708 octets
2 Rép(s) 1 599 373 312 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

REGEDIT4

[regedit.exe]
"Debugger"="C:\\WINDOWS\\system32\\Systom.exe"
REGEDIT4

[taskmgr.exe]
"Debugger"="C:\\WINDOWS\\system32\\Systom.exe"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 activexupdate.com
127.0.0.1 www.activexupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 client.exeupdate.com
127.0.0.1 eupdatepage.com
127.0.0.1 www.eupdatepage.com
127.0.0.1 exeupdate.com
127.0.0.1 www.exeupdate.com
127.0.0.1 hotwinupdates.com
127.0.0.1 www.hotwinupdates.com
127.0.0.1 lavasoftupdate.com
127.0.0.1 www.lavasoftupdate.com
127.0.0.1 malwarewipeupdate.com
127.0.0.1 www.malwarewipeupdate.com
127.0.0.1 msupdate.net
127.0.0.1 www.msupdate.net
127.0.0.1 msupdater.net
127.0.0.1 www.msupdater.net
127.0.0.1 necessaryupdates.com
127.0.0.1 www.necessaryupdates.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 redirect.msupdate.net
127.0.0.1 search.keyword.exeupdate.com
127.0.0.1 securityupdatesite.com
127.0.0.1 www.securityupdatesite.com
127.0.0.1 settings.updatemysettings.com
127.0.0.1 spyaxeupdate.com
127.0.0.1 www.spyaxeupdate.com
127.0.0.1 spyfalconupdate.com
127.0.0.1 www.spyfalconupdate.com
127.0.0.1 systemupdates.net
127.0.0.1 www.systemupdates.net
127.0.0.1 trial.updates.winsoftware.com
127.0.0.1 updatemysettings.com
127.0.0.1 www.updatemysettings.com
127.0.0.1 updates.spywarequake.com
127.0.0.1 urgentsystemupdate.biz
127.0.0.1 www.urgentsystemupdate.biz
127.0.0.1 urgentsystemupdate.com
127.0.0.1 www.urgentsystemupdate.com
127.0.0.1 windupdates.com
127.0.0.1 update.680180.net
127.0.0.1 pandaantivirus-2007.com
127.0.0.1 www.pandaantivirus-2007.com
127.0.0.1 pandadownload-now.com
127.0.0.1 www.pandadownload-now.com
127.0.0.1 panda-hq.com
127.0.0.1 www.panda-hq.com
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 13:30:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
272 - AVGUARD.EXE
476 - TPWRTRAY.EXE
548 - APOINT.EXE
664 - MSGPLUS.EXE
680 - AVGNT.EXE
712 - ctfmon.exe
724 - APNTEX.EXE
740 - AGENTDESKTOP.EX
876 - CSRSS.EXE
900 - sched.exe
908 - RUNDLL32.EXE
960 - mdm.exe
976 - msnmsgr.exe
1040 - WINLOGON.EXE
1084 - SERVICES.EXE
1096 - LSASS.EXE
1240 - SVCHOST.EXE
1284 - SVCHOST.EXE
1320 - SVCHOST.EXE
1384 - SVCHOST.EXE
1488 - wlancfg.exe
1716 - HOTSYNC.EXE
1904 - EXPLORER.EXE
2772 - cmd.exe
3120 - IEXPLORE.EXE
3780 - IEXPLORE.EXE

Total number of processes = 27
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
FA031000 - \WINDOWS\system32\KDCOM.DLL
F9F41000 - \WINDOWS\system32\BOOTVID.dll
F9AE1000 - ACPI.sys
FA033000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F9AD0000 - pci.sys
F9B31000 - isapnp.sys
F9B41000 - ohci1394.sys
F9B51000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F9F45000 - compbatt.sys
F9F49000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
FA035000 - intelide.sys
F9DB1000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F9AB2000 - pcmcia.sys
F9B61000 - MountMgr.sys
F9A93000 - ftdisk.sys
F9DB9000 - PartMgr.sys
F9B71000 - VolSnap.sys
F9A7B000 - atapi.sys
F9B81000 - disk.sys
F9B91000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F9A5B000 - fltmgr.sys
F9A49000 - sr.sys
F9BA1000 - PxHelp20.sys
F9A26000 - Fastfat.sys
F9A0F000 - KSecDD.sys
F99E2000 - NDIS.sys
FA037000 - TVALG.SYS
FA039000 - TVALD.SYS
F99CF000 - sfvfs02.sys
F9DC1000 - sfhlp02.sys
FA03B000 - sfhlp01.sys
F99BD000 - sfdrv01.sys
F9BB1000 - sbp2port.sys
FA03D000 - prosync1.sys
F99A5000 - \WINDOWS\System32\drivers\SCSIPORT.SYS
F9BC1000 - prohlp02.sys
F998A000 - Mup.sys
F9BD1000 - agp440.sys
F9C01000 - \SystemRoot\System32\DRIVERS\nic1394.sys
F9C11000 - \SystemRoot\System32\DRIVERS\intelppm.sys
F97EF000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
F97DB000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F9DE1000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F97BA000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F979C000 - \SystemRoot\System32\DRIVERS\e100b325.sys
F9DE9000 - \SystemRoot\System32\DRIVERS\tsdhd.sys
F9C21000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F9DF1000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F9C31000 - \SystemRoot\System32\DRIVERS\Apfiltr.sys
F9DF9000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F9E01000 - \SystemRoot\System32\DRIVERS\fdc.sys
F9C41000 - \SystemRoot\System32\DRIVERS\smcirda.sys
F9FC5000 - \SystemRoot\System32\DRIVERS\irenum.sys
F9788000 - \SystemRoot\System32\DRIVERS\parport.sys
F9C51000 - \SystemRoot\System32\DRIVERS\imapi.sys
F9C61000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F9C71000 - \SystemRoot\System32\DRIVERS\redbook.sys
F96C5000 - \SystemRoot\System32\DRIVERS\ks.sys
F9693000 - \SystemRoot\system32\drivers\yacxgc.sys
F966F000 - \SystemRoot\system32\drivers\portcls.sys
F9C81000 - \SystemRoot\system32\drivers\drmk.sys
F95AB000 - \SystemRoot\System32\DRIVERS\LTSM.sys
F9E09000 - \SystemRoot\System32\Drivers\Modem.SYS
F9FD5000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
FA133000 - \SystemRoot\System32\DRIVERS\audstub.sys
F9E11000 - \SystemRoot\System32\DRIVERS\rasirda.sys
F9E19000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F9C91000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F9FDD000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F9594000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F9CA1000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F9CB1000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F9583000 - \SystemRoot\System32\DRIVERS\psched.sys
F9CC1000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F9E21000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F9E29000 - \SystemRoot\System32\DRIVERS\raspti.sys
F9CD1000 - \SystemRoot\System32\DRIVERS\termdd.sys
FA041000 - \SystemRoot\System32\DRIVERS\swenum.sys
F9527000 - \SystemRoot\System32\DRIVERS\update.sys
F9FE9000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F9CF1000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F9D01000 - \SystemRoot\System32\DRIVERS\usbhub.sys
FA049000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F9E31000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
FA04B000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
FA14D000 - \SystemRoot\System32\Drivers\Null.SYS
FA04D000 - \SystemRoot\System32\Drivers\Beep.SYS
F9E41000 - \SystemRoot\System32\drivers\vga.sys
FA04F000 - \SystemRoot\System32\Drivers\mnmdd.SYS
FA051000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F9E49000 - \SystemRoot\System32\Drivers\Msfs.SYS
F9E51000 - \SystemRoot\System32\Drivers\Npfs.SYS
FA009000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F8454000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F83FC000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F83D4000 - \SystemRoot\System32\DRIVERS\netbt.sys
FA011000 - \SystemRoot\System32\drivers\ws2ifsl.sys
F838A000 - \SystemRoot\System32\drivers\afd.sys
F9D21000 - \SystemRoot\System32\DRIVERS\netbios.sys
F835F000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F9D41000 - \SystemRoot\System32\drivers\prodrv06.sys
F82F0000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F9D61000 - \SystemRoot\System32\Drivers\Fips.SYS
F82CF000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F9D71000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F9D81000 - \SystemRoot\System32\DRIVERS\arp1394.sys
FA053000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F9DA1000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F8276000 - \SystemRoot\System32\Drivers\dump_atapi.sys
FA055000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F957F000 - \SystemRoot\System32\drivers\Dxapi.sys
F9E61000 - \SystemRoot\System32\watchdog.sys
BF9C2000 - \SystemRoot\System32\drivers\dxg.sys
FA12B000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D4000 - \SystemRoot\System32\nv4_disp.dll
F5B47000 - \SystemRoot\System32\DRIVERS\irda.sys
F5B31000 - \SystemRoot\System32\DRIVERS\nwlnkipx.sys
F8497000 - \SystemRoot\System32\DRIVERS\nwlnknb.sys
F5BD1000 - \??\C:\WINDOWS\System32\PCANDIS5.SYS
F5BCD000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
F5824000 - \SystemRoot\system32\drivers\wdmaud.sys
F59E1000 - \SystemRoot\system32\drivers\sysaudio.sys
F56E1000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F5606000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
FA0CF000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F5474000 - \SystemRoot\System32\DRIVERS\srv.sys
F5AF9000 - \SystemRoot\System32\DRIVERS\nwlnkspx.sys
F9F09000 - \SystemRoot\System32\DRIVERS\secdrv.sys
F48DB000 - \SystemRoot\System32\DRIVERS\vnet5a8x.sys
FA1BD000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 133

Liste des programmes installes

802.11 Wireless LAN USB Card
802.11 Wireless LAN USB Card Setup
ACE Mega CoDecS Pack - PlayerXP
ACE Mega CoDecS Pack - PlayerXP
Ad-aware 6 Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Ahead Nero - Burning Rom
ALPS Touch Pad Driver
Analyseur et SDK XML Microsoft
Archiveur WinRAR
Audacity 1.2.6
AutoDesktop 4.8
AutoUpdate
Avira AntiVir PersonalEdition Classic
Catalyst Training Software
CDex extraction audio
Commandes TOSHIBA
Console TOSHIBA
Construisez votre maison
Correctif pour Windows XP (KB914440)
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Digital Camera Plus Manager
DivX 5.0.2 Pro Bundle
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Documents To Go
Economie TOSHIBA
eMule
Hotfix for Windows XP (KB915865)
HP PSC 1600 series
Intel(R) PRO Ethernet Adapter and Software
InterVideo WinDVD 4
Last.fm 1.1.0.0
Lecteur Windows Media 10
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Messenger Plus! 3
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint 2003 Template Pack 2
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional avec FrontPage
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893066)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB896688)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB905915)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917159)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB918899)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB925454)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
MSXML 4.0 SP2 (KB927978)
Network Device Switch 3
NVIDIA Windows 2000/XP Display Drivers
Palm Desktop
Palm Desktop
Slideshow Generator Powertoy for Windows XP
Spybot - Search & Destroy
Studio
Tacx i-Magic Software FR
Teleport Pro
Toshiba Hotkey - Utilitaire de sélection du périphérique d'affichage
Toshiba screensaver
TOSHIBA Software Modem
TOSHIBA Utilities
Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.04.00
Utilitaire de sauvegarde Windows
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows XP Service Pack 2
WinZip
Wireless Hotkey
WMI ODBC Driver
YAMAHA AC-XG WDM

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 432A-15F3

Répertoire de C:\Program Files

13/08/2002 15:17 <REP> .
13/08/2002 15:17 <REP> ..
25/08/2004 19:42 <REP> 802.11 Wireless LAN
19/08/2002 12:16 <REP> Adobe
02/11/2003 14:29 <REP> ahead
08/11/2006 20:29 <REP> Alwil Software
08/06/2007 19:19 <REP> Anuman Interactive
14/08/2002 09:09 <REP> Apoint2K
17/11/2000 14:16 <REP> Avira
27/11/2004 14:42 <REP> Common Files
27/08/2006 19:15 <REP> CWShredders
28/09/2004 14:32 <REP> Digital Camera Plus Manager
24/02/2003 19:17 <REP> directx
24/12/2006 12:09 <REP> Documents To Go
24/10/2004 12:42 <REP> Edtech
19/08/2006 14:46 <REP> eMule
13/08/2002 15:17 <REP> Fichiers communs
13/08/2002 15:23 <REP> Internet Explorer
27/12/2002 17:21 <REP> InterVideo
25/08/2004 19:42 <REP> Inventel
25/11/2006 15:30 <REP> Kaspersky Lab
06/01/2007 15:10 <REP> Last.fm
13/12/2003 18:43 <REP> Lavasoft
13/08/2002 15:22 <REP> Messenger
12/04/2006 22:18 <REP> MessengerPlus! 3
13/08/2002 15:25 <REP> microsoft frontpage
28/12/2002 00:44 <REP> Microsoft Office
15/02/2005 18:15 <REP> Microsoft.NET
13/08/2002 15:23 <REP> Movie Maker
01/12/2005 22:16 <REP> msn gaming zone
01/09/2004 21:00 <REP> MSN Messenger
29/09/2003 11:34 <REP> Multimédia
13/08/2002 15:23 <REP> NetMeeting
17/04/2003 13:00 <REP> OfficeUpdate
13/08/2002 15:23 <REP> Outlook Express
13/11/2007 23:15 <REP> Pinnacle
14/08/2006 17:57 <REP> RegSupreme Pro
06/10/2005 10:42 <REP> Services en ligne
13/01/2003 13:05 2 731 setup.log
29/10/2007 21:00 <REP> Spybot - Search & Destroy
08/04/2007 16:29 <REP> Star Wars Battlefront
07/05/2004 22:09 <REP> Symantec
29/12/2002 15:36 <REP> Tacx
15/02/2003 14:52 <REP> Teleport Pro
14/08/2002 08:13 <REP> Toshiba
15/04/2003 19:16 <REP> Windows Media Components
27/12/2006 20:09 <REP> Windows Media Connect 2
13/08/2002 15:23 <REP> Windows Media Player
13/08/2002 15:21 <REP> Windows NT
14/08/2006 17:54 <REP> WinRAR
27/12/2002 21:55 <REP> WinZip
21/09/2006 17:18 <REP> wormsarm
13/08/2002 15:25 <REP> xerox
24/09/2007 00:48 <REP> Yahoo!
1 fichier(s) 2 731 octets
53 Rép(s) 1 599 782 912 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 432A-15F3

Répertoire de C:\Program Files\fichiers communs

13/08/2002 15:17 <REP> .
13/08/2002 15:17 <REP> ..
13/08/2002 15:17 <REP> Microsoft Shared
13/08/2002 15:17 <REP> SpeechEngines
13/08/2002 15:17 <REP> ODBC
13/08/2002 15:23 <REP> System
13/08/2002 15:23 <REP> MSSoap
13/08/2002 15:23 <REP> Services
14/08/2002 07:33 <REP> InstallShield
19/08/2002 12:16 <REP> Adobe
14/11/2000 20:51 <REP> Wise Installation Wizard
15/04/2003 19:12 <REP> Logitech
15/04/2003 19:12 <REP> Real
30/11/2003 13:32 <REP> Designer
07/05/2004 22:09 <REP> Symantec Shared
26/06/2004 23:58 <REP> EPSON
0 fichier(s) 0 octets
16 Rép(s) 1 599 782 912 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 432A-15F3

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

13/08/2002 15:37 <REP> .
13/08/2002 15:37 <REP> ..
07/03/2001 09:00 127 033 MSOWS40c.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
18/03/1999 05:37 593 977 RAGENT.DLL
28/03/2003 20:54 <REP> 1036
22/01/2001 03:25 24 576 PKMTRACE.DLL
06/08/2000 09:04 401 462 MSVCP60.DLL
22/01/2001 03:25 69 632 PKMAXCTL.DLL
22/01/2001 03:25 872 448 PKMCDO.DLL
22/01/2001 03:25 159 744 PKMCORE.DLL
07/02/2001 09:59 106 496 PKMFORMS.DLL
12/02/2001 04:03 684 032 PKMRES.DLL
22/01/2001 03:25 28 672 PKMSSTLB.DLL
22/01/2001 03:25 40 960 PKMTEMPL.DLL
22/01/2001 03:25 237 568 PROMDEMO.DLL
22/01/2001 03:25 184 320 SECMGR.DLL
22/01/2001 03:25 323 584 VAIDDMGR.DLL
22/01/2001 03:25 32 768 VAIMEM.DLL
15/07/2003 06:52 35 896 MSOSV.DLL
15/02/2005 18:15 <REP> 1033
11/07/2003 10:15 1 292 872 MSONSEXT.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
19 fichier(s) 5 419 425 octets
4 Rép(s) 1 599 782 912 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 432A-15F3

Répertoire de C:\Program Files\common files

27/11/2004 14:42 <REP> .
27/11/2004 14:42 <REP> ..
27/11/2004 14:42 <REP> System
0 fichier(s) 0 octets
3 Rép(s) 1 599 782 912 octets libres

Attention : C:\autorun.inf existe
[AuToRun]

open=nx.exe
shell\open=´ò¿ª(&O)
shell\open\Command=nx.exe
shell\open\Default=1
shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X)
shell\explore\Command=nx.EXE

c:\Documents and Settings\vince\Local Settings\Temp\aax16A.tmp.exe
c:\Documents and Settings\vince\Local Settings\Temp\d2l_PlayD2.exe
c:\Documents and Settings\vince\Local Settings\Temp\Install_Messenger.exe
c:\Documents and Settings\vince\Local Settings\Temp\LastFM_Win_1.1.3.0.exe
c:\Documents and Settings\vince\Local Settings\Temp\munE1.exe
c:\Documents and Settings\vince\Local Settings\Temp\setup.exe
c:\Documents and Settings\vince\Local Settings\Temp\setup_wm.exe
c:\Documents and Settings\vince\Local Settings\Temp\song.exe
c:\Documents and Settings\vince\Local Settings\Temp\wktsc3000.exe
c:\Documents and Settings\vince\Local Settings\Temp\WmpPluginSetup_2.0.26.0.exe
c:\Documents and Settings\vince\Local Settings\Temp\WmpPluginSetup_2.0.27.0.exe
c:\Documents and Settings\vince\Local Settings\Temp\XviD-14052003-1.exe
c:\Documents and Settings\vince\Local Settings\Temp\yahoo!_messenger_install.exe
c:\Documents and Settings\vince\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHA34PMB\eMule0.47a-Installer[1].exe
c:\Documents and Settings\vince\Local Settings\Temp\Temporary Internet Files\Content.IE5\UN0J5AF6\setupfre[1].exe
c:\Documents and Settings\vince\Local Settings\Temp\nsj170.tmp\DivXComponentInstaller.exe
c:\Documents and Settings\vince\Local Settings\Temp\nsj170.tmp\DivXConnectionTester.exe
c:\Documents and Settings\vince\Local Settings\Temp\nsc16D.tmp\DivXInstaller.exe
c:\Documents and Settings\vince\Local Settings\Temp\nstmp\uninstall.exe
c:\Documents and Settings\vince\Local Settings\Temp\Div8.tmp\DivXInstaller.exe
c:\Documents and Settings\vince\Local Settings\Temp\Common\Raxco\AutoUpd.exe
c:\Documents and Settings\vince\Local Settings\Temp\program files\Raxco\PerfectDisk\PDCmd.exe
c:\Documents and Settings\vince\Local Settings\Temp\program files\Raxco\PerfectDisk\PDEngine.exe
c:\Documents and Settings\vince\Local Settings\Temp\program files\Raxco\PerfectDisk\PDExchange.exe
c:\Documents and Settings\vince\Local Settings\Temp\program files\Raxco\PerfectDisk\PDSched.exe
c:\Documents and Settings\vince\Local Settings\Temp\program files\Raxco\PerfectDisk\PerfectDisk.exe
c:\Documents and Settings\vince\Local Settings\Temp\System32\PDBoot.exe
c:\Documents and Settings\vince\Local Settings\Temp\DivB.tmp\DivXInstaller.exe
c:\Documents and Settings\vince\Local Settings\Temp\4714534\ymdc.exe
c:\Documents and Settings\vince\Local Settings\Temp\4714534\ytb_inst.exe
c:\Documents and Settings\vince\Local Settings\Temporary Internet Files\Content.IE5\JU6LOYTX\Flash_Disinfector[2].exe
c:\Documents and Settings\vince\Local Settings\Application Data\Last.fm\Client\UninstWMP\unins000.exe
c:\Documents and Settings\vince\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe
c:\Documents and Settings\vince\Mes documents\Conneries\The test.exe
c:\Documents and Settings\vince\Mes documents\fichiers téléchargés\aaw2007.exe
c:\Documents and Settings\vince\Mes documents\fichiers téléchargés\antivir_workstation_win7u_en_h.exe
c:\Documents and Settings\vince\Mes documents\fichiers téléchargés\spybotsd15.exe
c:\Documents and Settings\vince\Bureau\ComboFix.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\vince\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\vince\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
c:\Documents and Settings\vince\Application Data\Microsoft\Installer\{E89D78B8-28F7-412F-8B26-C684739CBBDC}\ARPPRODUCTICON.exe
c:\Documents and Settings\vince\Application Data\Microsoft\Installer\{E89D78B8-28F7-412F-8B26-C684739CBBDC}\PalmDesktopShortcut.exe
c:\Documents and Settings\vince\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\vince\Application Data\U3\temp\cleanup.exe
c:\Program Files\Documents To Go\DocsToGo.exe
c:\Program Files\Documents To Go\HandheldInstall.exe
c:\Program Files\Documents To Go\ZipUtil.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVCONTROL_3a153c6c\fuse\avewin32.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVCONTROL_3a153c6c\fuse\avpack32.dll
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVCONTROL_3a153c6c\fuse\avrep.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\vince\Application Data\Adobe\Acrobat\Whapi\WHA Library.dll
c:\Documents and Settings\vince\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\vince\Application Data\Mozilla\Firefox\Profiles\default.gnu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\vince\Application Data\Mozilla\Firefox\Profiles\default.gnu\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_VINCENT.tar.gz a l'adresse http://upload.malekal.com
0
Réponse 9 / 23
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

tu m'expliques ça :

C:\WINDOWS\prefetch\COMBOFIX.EXE-0C457F42.pf -->18/11/2007 13:00:02

tu exécutes combofix et tu postes le rapport.
0
Réponse 10 / 23
Vincent
 
Cela fait près d'1/2 heure que j'ai lancé le scanning, rien n'y fait.

La commande DOS ne change pas, avec seulement "un tiret bas" clignotant.

?
0
Réponse 11 / 23
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

on va essayer des réparations :

ouvre ce lien, télécharge sur ton bureau et exécute les diverses réparations proposées.

http://telechargement.zebulon.fr/zeb-restore.html

Tu essayes de relancer hijackthis.
0
Réponse 12 / 23
Vincent
 
J'ai réussi à accéder au Disque C par l'intermédiraire d'un raccourci (propriété ==> recherche la cible), et ainsi installer Hidjackthis sous la racine. Mais quand je le lance cela m'affiche un message d'erreur :

" Windows ne trouve pas C:\Hidja......... . vérifier que vous avez entrer le nom correctement et essayer à nouveau. "

?
0
Réponse 13 / 23
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

hidjackthis ? non

hijackthis

Tu as essayé les réparations de zebrestore ?
0
Réponse 14 / 23
Vincent
 
Désolé...

J'ai changé l'orthographe du répertoire. rien n'y fait. Le même message d'eereur est apparu.

J'ai bien lancé les réparations de Zerbestore. (J'ai tous coché). Rien n'a changé, si ce n'est que je peux plus ouvrir Excel, il me demande un fichier pour le réinstaller !!

Je peux pas faire marche arrière ?
0
Réponse 15 / 23
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

as tu des points de restauration ?

si oui, prends le dernier disponible.

Fais ça aussi :

Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur Démarrer Online-Scanner

- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
0
Réponse 16 / 23
Vincent
 
Merci !!

Ne me demander pas pourquoi, peut-être comboFix que j'ai relancer, le PC que j'ai redémarrer... mais CA REFONCTIONNE !! J'ai accès à mon disque C.

MERCI

Toutefois, je vous transmets le rapport Hijackthis, si vous détectez quelquechose d'anormal. (Cela reste incompréhensible pour ma part..)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:28, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Edtech\AutoDesktop\AgentDesktop.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.sfr.fr/offres-numericable.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = eproxy.uang:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Install_BlueDSL] D:\Install.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AgentDesktop] C:\Program Files\Edtech\AutoDesktop\AgentDesktop.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe
0
Réponse 17 / 23
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.

Si c'est le cas tu as le choix entre ces deux possibilités :

Zone Alarm Tuto et lien de téléchargement ici :
https://www.malekal.com/tutoriel-zonealarm-firewall/

Kerio Tuto et lien de téléchargement ici :
http://www.malekal.com/kerio_firewall.php

Il y en a d'autres que tu peux trouver en ouvrant ce lien :
http://www.malekal.com/menu_tutorials_logiciels.php

Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).

Vide la quarantaine d'antivir.

Tu peux mettre le rapport de Combofix ?
0
Réponse 18 / 23
Vincent
 
merci, je vai intaler Zonealarm

Ci-joint le rapport ComboFix :

ComboFix 07-11-08.3 - vince 2007-11-18 17:04:48.1 - [color=red][b]FAT32[/b][/color]x86
Running from: C:\Documents and Settings\vince\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\acrsecI.fon

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\poof

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-18 to 2007-11-18 ))))))))))))))))))))))))))))))))))))
.

2007-11-18 16:09 <REP> d-------- C:\HijackThis
2007-11-13 23:17 81,920 --a------ C:\WINDOWS\Studio7.dll
2007-11-13 23:15 <REP> d-------- C:\Program Files\Pinnacle
2007-11-13 23:15 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2007-11-13 23:15 61,440 --------- C:\WINDOWS\system32\pclepim1.dll
2007-11-13 23:15 61,440 --------- C:\WINDOWS\system32\miroDVun.dll
2007-11-13 23:15 60,416 --------- C:\WINDOWS\system32\miroDV2bmp.dll
2007-11-13 23:15 49,152 --------- C:\WINDOWS\system32\miroDV2avi.dll
2007-11-13 23:15 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2007-11-13 23:15 40,960 --------- C:\WINDOWS\system32\langserv.dll
2007-11-13 23:12 14,235 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-13 22:57 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-11-13 22:57 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2007-11-13 22:57 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-11-13 22:57 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
2007-10-29 21:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-23 23:48 --------- d-----w C:\Program Files\Yahoo!
2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 19:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 19:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-12 00:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-21 01:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 01:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2006-05-22 20:41 41,200 ----a-w C:\Documents and Settings\vince\Application Data\GDIPFONTCACHEV1.DAT
2003-01-13 12:05 2,731 ----a-w C:\Program Files\setup.log
2006-09-01 10:19:00 10,074 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2003-04-11 14:11:34 520,192 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-17 16:02]
"nwiz"="nwiz.exe" [2003-10-17 16:02 C:\WINDOWS\system32\nwiz.exe]
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2002-05-13 10:45]
"Tpwrtray"="TPWRTRAY.EXE" [2002-07-31 13:42 C:\WINDOWS\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-22 18:20]
"TFNF5"="TFNF5.exe" [2001-09-04 11:31 C:\WINDOWS\system32\TFNF5.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-16 00:41]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2002-08-09 12:07]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-07-03 15:17]
"WinampAgent"="C:\Program Files\Winamp3\winampa.exe" []
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"Install_BlueDSL"="D:\Install.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 13:52]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 22:28]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2000-11-17 15:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"Yahoo! Pager"="C:\Yahoo!\Messenger\ypager.exe" []
"NVIEW"="nview.dll" [2003-10-17 16:02 C:\WINDOWS\system32\nview.dll]
"AgentDesktop"="C:\Program Files\Edtech\AutoDesktop\AgentDesktop.exe" [2004-06-26 08:11]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-27 22:28]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmc.exe]
Debugger=C:\WINDOWS\system32\Systom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
Debugger=C:\WINDOWS\system32\Systom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
Debugger=C:\WINDOWS\system32\Systom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.EXE.exe]
Debugger=C:\WINDOWS\system32\Systom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]
Debugger=C:\WINDOWS\system32\Systom.exe

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"crsss"=C:\WINDOWS\system32\Systom.exe
"DirectXs"=C:\WINDOWS\system32\directxs.exe
"000StTHK"=000StTHK.exe

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R3 ATMELFVNETusb(505A_2958)(R);ATMEL FVNETusb(505A_2958)(R) Service for ATMEL USB FastVNET (505A);C:\WINDOWS\system32\DRIVERS\vnet5a8x.sys
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys
R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device;C:\WINDOWS\system32\drivers\yacxgc.sys
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys
S2 TACXDEV;Tacx I-magic Trainer USB Driver (I-magic.sys);C:\WINDOWS\system32\Drivers\I-magic.sys
S3 Brndis;External USB Cable Modem;C:\WINDOWS\system32\DRIVERS\Brndis.sys
S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;C:\WINDOWS\system32\DRIVERS\mr97310v.sys
S3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys
S3 QCAbsee;QuickCam Web Logitech (0801);C:\WINDOWS\system32\DRIVERS\OVCA.sys
S3 wanusb;GlobeSpan Usb ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - nx.exe
\Shell\explore\Command - nx.EXE
\Shell\open\Command - nx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{204da6a0-12ce-11dc-aec0-00080d374506}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0cecfb0-34a1-11d8-aaf8-00080d374506}]
\Shell\AutoRun\command - nx.exe
\Shell\explore\Command - nx.EXE
\Shell\open\Command - nx.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-18 15:38:22 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 17:12:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-18 17:14:57 - machine was rebooted
.
--- E O F ---
0
Réponse 19 / 23
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

Ouvre le Bloc Notes.
Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :

*****************************
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmc.exe]
Debugger=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
Debugger=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
Debugger=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.EXE.exe]
Debugger=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]
Debugger=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"crsss"=-
*****************************
Clique sur "Fichier", "Enregistrer sous".
Clique sur Bureau (dans la colonne de gauche)
Dans Nom du fichier tu écris fix.reg
Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
Tu cliques sur Enregistrer.
Tu fermes le Bloc-notes

Sur ton bureau, tu double-clique sur l'icône de Fix.reg
Tu acceptes l'avertissement concernant la fusion
Le fix va travailler sans se manifester.
A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\directxs.exe
Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Ne reboote pas l'ordi.

Ne le ferme pas.

Tu remets un nouveau log Hijackthis.
0
Réponse 20 / 23
vincent
 
Re,

C'EST BON !!!!!!!!!!
Le problème de symbole semble réglé, suite à la dernière manip. avec les lignes de texte.

MERCI BEAUCOUP.
0

Discussions similaires

App explorer Sa sert a quoi ?
Mada_alpha -
SATS_fr -

1 réponse