SVP, C'EST PLUS QUOI FAIRE!!
Résolu
titikou01
Messages postés
86
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour, mon pc me rend DINGUE!! Impossible d'ouvrir msn, des page internet en chinois qui s'ouvre toute seul, mon antivirus (ANTIVIR) qui me fait plus de 30 detection quand j'allume mon pc, alors je les desinstaller car jpeut rien faire j'ai meme essayé ( ESET SMART SECURITY) c'est pareil, des conexion qui ce coupe, donc tout beug quoi... UN GRAND MERCI POUR VOTRE AIDE.
Logfile of HijackThis v1.99.1
Scan saved at 21:27:38, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\9dc51.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\svchost.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\d9d1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Outlook Web Controller - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_3103.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\uphgzj.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\{8619EE59-E026-4E22-B06D-9BC74E95C05B}\{D1DA2BA7- 2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\tqmvmr.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\533931M.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE
O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\533931L.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O8 - Extra context menu item: Ò×Ȥ¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\supp ort.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\supp ort.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Ò×Ȥ¹ºÎï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EBDF8952 - Unknown owner - C:\WINDOWS\system32\907382B0.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:27:38, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\9dc51.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\svchost.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\d9d1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Outlook Web Controller - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_3103.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\uphgzj.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\{8619EE59-E026-4E22-B06D-9BC74E95C05B}\{D1DA2BA7- 2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x040c"
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\tqmvmr.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\533931M.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE
O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\533931L.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O8 - Extra context menu item: Ò×Ȥ¹ºÎï - C:\Program Files\AD4All\link1\eachlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\supp ort.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\supp ort.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Ò×Ȥ¹ºÎï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=824 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EBDF8952 - Unknown owner - C:\WINDOWS\system32\907382B0.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe
49 réponses
bonsoir,
* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT
*désactive ton antivirus, antispyware, et spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
IMPORTANT
*désactive ton antivirus, antispyware, et spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
puis
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
MERCI Philae83, voila le rap:
ComboFix 07-12-21.4 - Compaq_Propriétaire 2005-12-30 21:41:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.579 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\B09iinZfpN_3103
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\finder.dll
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\MWtvSDGRiQ_3104
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\sysloader.exe
C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata\webbrowser_3103.dll
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free
C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Compaq_Propriétaire\Bureau\4bb6~1.lnk
C:\Documents and Settings\Compaq_Propriétaire\err.log
C:\Documents and Settings\Compaq_Propriétaire\Favoris\4bb6~1.lnk
C:\Documents and Settings\Compaq_Propriétaire\ResErrors.log
C:\Documents and Settings\LocalService\Favoris\7BFA~1.URL
C:\Program Files\ad4all
C:\Program Files\ad4all\Install.exe
C:\Program Files\ad4all\install.ini
C:\Program Files\ad4all\link1\eachlink.htm
C:\Program Files\ad4all\link1\eachlink.ico
C:\Program Files\ad4all\link1\ebaylink.ico
C:\Program Files\ad4all\link1\install.ini
C:\Program Files\ad4all\link1\Thumbs.db
C:\Program Files\Fichiers communs\cpush
C:\Program Files\Fichiers communs\cpush\cpush.dll
C:\Program Files\Fichiers communs\cpush\Uninst.exe
C:\WINDOWS\731.bmp
C:\WINDOWS\mppds.exe
C:\WINDOWS\msimms32.exe
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\1d1.dll
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dodolook591.exe
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\k119867845211.exe
C:\WINDOWS\system32\k119867846017.exe
C:\WINDOWS\system32\k11989586167.exe
C:\WINDOWS\system32\k119895862817.exe
C:\WINDOWS\system32\k11989628841.exe
C:\WINDOWS\system32\k11989628852.exe
C:\WINDOWS\system32\k11989628863.exe
C:\WINDOWS\system32\k11989628874.exe
C:\WINDOWS\system32\k11989628885.exe
C:\WINDOWS\system32\k11989628906.exe
C:\WINDOWS\system32\k11989628917.exe
C:\WINDOWS\system32\k11989628928.exe
C:\WINDOWS\system32\k11989628939.exe
C:\WINDOWS\system32\k119896289510.exe
C:\WINDOWS\system32\k119896289611.exe
C:\WINDOWS\system32\k119896289712.exe
C:\WINDOWS\system32\k119896289813.exe
C:\WINDOWS\system32\k119896289914.exe
C:\WINDOWS\system32\k119896290115.exe
C:\WINDOWS\system32\k119896290216.exe
C:\WINDOWS\system32\k119896290317.exe
C:\WINDOWS\system32\k11990132871.exe
C:\WINDOWS\system32\k11990132882.exe
C:\WINDOWS\system32\k11990132893.exe
C:\WINDOWS\system32\k11990132904.exe
C:\WINDOWS\system32\k11990132925.exe
C:\WINDOWS\system32\k11990132936.exe
C:\WINDOWS\system32\k11990132947.exe
C:\WINDOWS\system32\k11990132958.exe
C:\WINDOWS\system32\k11990132969.exe
C:\WINDOWS\system32\k119901329810.exe
C:\WINDOWS\system32\k119901329911.exe
C:\WINDOWS\system32\k119901330012.exe
C:\WINDOWS\system32\k119901330113.exe
C:\WINDOWS\system32\k119901330314.exe
C:\WINDOWS\system32\k119901330415.exe
C:\WINDOWS\system32\k119901330516.exe
C:\WINDOWS\system32\k119901330617.exe
C:\WINDOWS\system32\k119901330718.exe
C:\WINDOWS\system32\k11990137611.exe
C:\WINDOWS\system32\k11990137632.exe
C:\WINDOWS\system32\k11990137643.exe
C:\WINDOWS\system32\k11990137654.exe
C:\WINDOWS\system32\k11990137665.exe
C:\WINDOWS\system32\k11990137686.exe
C:\WINDOWS\system32\k11990137697.exe
C:\WINDOWS\system32\k11990137708.exe
C:\WINDOWS\system32\k11990137719.exe
C:\WINDOWS\system32\k119901377210.exe
C:\WINDOWS\system32\k119901377411.exe
C:\WINDOWS\system32\k119901377512.exe
C:\WINDOWS\system32\k119901377613.exe
C:\WINDOWS\system32\k119901377714.exe
C:\WINDOWS\system32\k119901377915.exe
C:\WINDOWS\system32\k119901378016.exe
C:\WINDOWS\system32\k119901378117.exe
C:\WINDOWS\system32\k11990181191.exe
C:\WINDOWS\system32\k11990181202.exe
C:\WINDOWS\system32\k11990181213.exe
C:\WINDOWS\system32\k11990181234.exe
C:\WINDOWS\system32\k11990181245.exe
C:\WINDOWS\system32\k11990181256.exe
C:\WINDOWS\system32\k11990181267.exe
C:\WINDOWS\system32\k11990181288.exe
C:\WINDOWS\system32\k11990181299.exe
C:\WINDOWS\system32\k119901813010.exe
C:\WINDOWS\system32\k119901813111.exe
C:\WINDOWS\system32\k119901813212.exe
C:\WINDOWS\system32\k119901813413.exe
C:\WINDOWS\system32\k119901813514.exe
C:\WINDOWS\system32\k119901813615.exe
C:\WINDOWS\system32\k119901813716.exe
C:\WINDOWS\system32\k119901813917.exe
C:\WINDOWS\system32\k119901814018.exe
C:\WINDOWS\system32\k119901814119.exe
C:\WINDOWS\system32\k119901913611.exe
C:\WINDOWS\system32\k119901914619.exe
C:\WINDOWS\system32\k119902897311.exe
C:\WINDOWS\system32\k119902898319.exe
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\lymangr.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\msdeg32.dll
C:\WINDOWS\system32\msimms32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\n1198962881k.exe
C:\WINDOWS\system32\n1199013284k.exe
C:\WINDOWS\system32\n1199013759k.exe
C:\WINDOWS\system32\n1199018117k.exe
C:\WINDOWS\system32\n1199018868k.exe
C:\WINDOWS\system32\nvdispdrv.dll
C:\WINDOWS\system32\SHQ.DLL
C:\WINDOWS\system32\SHQMANGR.DLL
C:\WINDOWS\system32\svchost.dat
C:\WINDOWS\system32\svchost.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\vljula.dll
C:\WINDOWS\TEMP.\~my1.tmp
C:\WINDOWS\tempaq
D:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ACPIDISK
-------\LEGACY_MS_2FAX
-------\LEGACY_SVCHOST
-------\acpidisk
-------\ms_2fax
-------\svchost
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2005-11-21 to 2005-12-21 ))))))))))))))))))))))))))))))))))))
.
2005-12-30 21:39 . 2005-12-21 21:46 45,056 --a------ C:\WINDOWS\system32\7E110700.DLL
2005-12-30 20:50 . 2005-12-30 21:15 49 --a------ C:\WINDOWS\system32\KeyWord.ini
2005-12-30 20:48 . 2005-12-30 20:48 8,192 --a------ C:\WINDOWS\system32\REGKEY.hiv
2005-12-30 20:46 . 2007-12-30 16:39 17,560 --a------ C:\WINDOWS\xbdeui.exe
2005-12-30 20:45 . 2007-12-30 16:39 16,503 --a------ C:\WINDOWS\kmrawm.exe
2005-12-30 20:45 . 2007-12-30 16:39 16,080 --a------ C:\WINDOWS\xkjfzz.exe
2005-12-30 20:45 . 2007-12-30 16:39 15,297 --a------ C:\WINDOWS\hkxaxt.exe
2005-12-30 20:45 . 2005-12-30 21:40 1 --a------ C:\WINDOWS\system32\num.ini
2005-12-30 20:15 . 2005-12-30 20:15 68 --a------ C:\WINDOWS\system32\7550ab
2005-12-30 20:13 . 2005-12-30 21:41 49 --a------ C:\WINDOWS\system32\adurl.ini
2005-12-30 19:45 . 2005-12-30 19:45 68 --a------ C:\WINDOWS\system32\2755
2005-12-30 19:29 . 2005-12-30 19:29 0 --a------ C:\WINDOWS\system32\84be4c4b
2005-12-30 19:15 . 2005-12-30 19:15 68 --a------ C:\WINDOWS\system32\[u]0[/u]f27
2005-12-30 19:15 . 2005-12-30 21:40 38 --a------ C:\WINDOWS\system32\key.~tmp
2005-12-30 19:15 . 2005-12-30 21:40 29 --a------ C:\WINDOWS\system32\-66-667675
2005-12-30 19:14 . 2005-12-30 19:14 208,896 ---hs---- C:\WINDOWS\system32\bho.dll
2005-12-30 19:14 . 2005-12-30 19:14 8 --a------ C:\WINDOWS\system32\-82-667675
2005-12-30 19:13 . 2005-12-30 21:15 <REP> d-------- C:\WINDOWS\system32\E029E
2005-12-30 19:13 . 2005-12-21 21:46 49,152 --a------ C:\WINDOWS\system32\EADEC1B6.DLL
2005-12-30 19:13 . 2005-12-30 19:13 14,504 --a------ C:\WINDOWS\system32\C93A88F4.EXE
2005-12-30 19:13 . 2005-12-30 20:13 694 --a------ C:\WINDOWS\system32\ini.~tmp
2005-12-30 19:13 . 2005-12-30 21:40 528 --a------ C:\WINDOWS\system32\setyahoo.ini
2005-12-30 19:13 . 2005-12-30 19:13 23 --a------ C:\WINDOWS\system32\C3F9D354.dat
2005-12-26 20:05 . 2005-12-26 20:05 52,529 --a------ C:\WINDOWS\system32\k113562372317.exe
2005-12-26 20:05 . 2005-12-26 20:05 42,801 --a------ C:\WINDOWS\system32\k113562371511.exe
2005-12-26 20:05 . 2005-12-26 20:05 28,672 --a------ C:\WINDOWS\system32\qjmgnc.dll
2005-12-26 20:05 . 2005-12-26 20:05 28,160 --a------ C:\WINDOWS\system32\nulpsp.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,624 --a------ C:\WINDOWS\system32\onpmqw.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,624 --a------ C:\WINDOWS\system32\nlqcuh.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,624 --a------ C:\WINDOWS\system32\didsjb.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,112 --a------ C:\WINDOWS\system32\tltcke.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,112 --a------ C:\WINDOWS\system32\lxncvj.dll
2005-12-26 20:04 . 2005-12-26 20:04 127,488 --a------ C:\WINDOWS\system32\hewmvo.dll
2005-12-26 20:04 . 2005-12-26 20:04 28,672 --a------ C:\WINDOWS\system32\ztxvxj.dll
2005-12-26 20:04 . 2005-12-26 20:04 28,160 --a------ C:\WINDOWS\system32\bkcjkr.dll
2005-12-26 20:04 . 2005-12-26 20:04 27,648 --a------ C:\WINDOWS\system32\ofprll.dll
2005-12-26 20:04 . 2005-12-26 20:04 27,136 --a------ C:\WINDOWS\system32\tcykiz.dll
2005-12-26 13:17 . 2007-12-26 15:09 <REP> d-------- C:\WINDOWS\system32\LogFiles
2005-12-26 00:48 . 2005-12-26 00:48 268 --ah----- C:\sqmdata00.sqm
2005-12-26 00:48 . 2005-12-26 00:48 244 --ah----- C:\sqmnoopt00.sqm
2005-12-26 00:41 . 2005-12-25 15:50 17,592 --a------ C:\WINDOWS\sknoya.exe
2005-12-26 00:36 . 2005-12-26 00:39 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2005-12-26 00:36 . 2005-12-26 00:39 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2005-12-26 00:30 . 2005-12-26 00:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2005-12-26 00:17 . 2004-08-05 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2005-12-26 00:17 . 2005-12-26 00:17 1,877 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_ES071AA-ABF SR1802FR FR620_YC_0Pres_QCNH616_E62FRheREA3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXH2_L40C_M959_J200_7AMD_8Sempron_91.79_#060803_N10EC8139_Z_G10025954.MRK
2005-12-26 00:12 . 2006-04-19 14:15 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2005-12-26 00:08 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2005-12-26 00:08 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2005-12-25 15:46 . 2005-12-25 12:27 17,592 --a------ C:\WINDOWS\myjexx.exe
2005-12-25 15:33 . 2005-12-25 15:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2005-12-25 15:33 . 2005-12-25 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2005-12-24 18:48 . 2005-12-24 18:48 <REP> d-------- C:\Program Files\Yiqilai
2005-12-24 18:22 . 2005-12-25 03:30 <REP> d-------- C:\Program Files\IESuper
2005-12-24 18:21 . 2005-12-21 21:44 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2005-12-24 16:51 . 2005-12-30 20:49 51,385 --ahs---- C:\WINDOWS\533931MM.DLL
2005-12-24 16:51 . 2005-12-30 20:49 44,337 --a------ C:\WINDOWS\533931WL.DLL
2005-12-24 16:51 . 2005-12-30 20:49 16,643 --a------ C:\WINDOWS\PTSShell.exe
2005-12-24 16:51 . 2005-12-30 20:49 16,569 --a------ C:\WINDOWS\NAVMon32.exE
2005-12-24 16:50 . 2005-12-30 20:49 16,206 --a------ C:\WINDOWS\LotusHlp.exe
2005-12-24 16:50 . 2007-12-26 20:14 15,398 --a------ C:\WINDOWS\SSLDyn.exe
2005-12-21 21:46 . 778 C:\WINDOWS\system32\s1135197983g.dat
2005-12-21 21:44 . 2007-12-30 13:52 13,897 ---h----- C:\auto.exe
2005-12-09 22:03 . 2005-12-09 22:03 0 --a------ C:\WINDOWS\system32\px.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FB8C5D4-929F-4870-89E2-7E3EE26EE701}]
2007-12-29 09:12 53248 -ra------ C:\WINDOWS\system32\d9d1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F776B2A-72DF-40C1-BD69-EDB642A706D7}]
2005-12-30 19:14 208896 ---hs---- C:\WINDOWS\system32\bho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 18:37]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 21:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RegSrv64D"="C:\WINDOWS\uphgzj.exe" []
"WSockDrv32"="C:\WINDOWS\WSockDrv32.exe" []
"LotusHlp"="C:\WINDOWS\LotusHlp.exe" [2005-12-30 20:49]
"PTSShell"="C:\WINDOWS\PTSShell.exe" [2005-12-30 20:49]
"NAVMon32"="C:\WINDOWS\NAVMon32.exE" [2005-12-30 20:49]
"WINSvr32"="C:\WINDOWS\WINSvr32.exE" [2005-12-30 20:49]
"WinSysW"="C:\WINDOWS\533931L.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
R0 7i6szsbha;7i6szsbh;C:\WINDOWS\system32\DRIVERS\7i6szsbha.sys [2004-08-05 12:00]
R2 jrk1zao2;jrk1zao2;C:\WINDOWS\system32\drivers\jrk1zao2.sys [2004-08-05 12:00]
R2 ms_2fax;ms_2fax;C:\WINDOWS\system32\9dc51.exe [2007-12-29 02:10]
R2 YahooSvr;Yahoo Service;C:\WINDOWS\system32\E029E\svchost.exe [2005-12-30 21:15]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S2 C3F9D354;C3F9D354;C:\WINDOWS\system32\C93A88F4.EXE -g []
S2 EBDF8952;EBDF8952;C:\WINDOWS\system32\907382B0.EXE -k []
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S2 sysloader;System Event loader;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe" []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-29 21:04]
*Newly Created Service* - COMHOST
*Newly Created Service* - MS_2FAX
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-12-21 21:46:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\78m9854c60.dll
-> C:\WINDOWS\system32\LotusHlp.dll
-> C:\WINDOWS\system32\PTSShell.dll
-> C:\WINDOWS\system32\WINSvr32.dll
-> C:\WINDOWS\system32\NAVMon32.dll
.
Completion time: 2005-12-21 21:47:45 - machine was rebooted
.
2007-12-29 21:13:00 --- E O F ---
ComboFix 07-12-21.4 - Compaq_Propriétaire 2005-12-30 21:41:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.579 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\B09iinZfpN_3103
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\finder.dll
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\MWtvSDGRiQ_3104
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\sysloader.exe
C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata\webbrowser_3103.dll
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free
C:\Documents and Settings\Compaq_Propriétaire\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Compaq_Propriétaire\Bureau\4bb6~1.lnk
C:\Documents and Settings\Compaq_Propriétaire\err.log
C:\Documents and Settings\Compaq_Propriétaire\Favoris\4bb6~1.lnk
C:\Documents and Settings\Compaq_Propriétaire\ResErrors.log
C:\Documents and Settings\LocalService\Favoris\7BFA~1.URL
C:\Program Files\ad4all
C:\Program Files\ad4all\Install.exe
C:\Program Files\ad4all\install.ini
C:\Program Files\ad4all\link1\eachlink.htm
C:\Program Files\ad4all\link1\eachlink.ico
C:\Program Files\ad4all\link1\ebaylink.ico
C:\Program Files\ad4all\link1\install.ini
C:\Program Files\ad4all\link1\Thumbs.db
C:\Program Files\Fichiers communs\cpush
C:\Program Files\Fichiers communs\cpush\cpush.dll
C:\Program Files\Fichiers communs\cpush\Uninst.exe
C:\WINDOWS\731.bmp
C:\WINDOWS\mppds.exe
C:\WINDOWS\msimms32.exe
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\1d1.dll
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dodolook591.exe
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\k119867845211.exe
C:\WINDOWS\system32\k119867846017.exe
C:\WINDOWS\system32\k11989586167.exe
C:\WINDOWS\system32\k119895862817.exe
C:\WINDOWS\system32\k11989628841.exe
C:\WINDOWS\system32\k11989628852.exe
C:\WINDOWS\system32\k11989628863.exe
C:\WINDOWS\system32\k11989628874.exe
C:\WINDOWS\system32\k11989628885.exe
C:\WINDOWS\system32\k11989628906.exe
C:\WINDOWS\system32\k11989628917.exe
C:\WINDOWS\system32\k11989628928.exe
C:\WINDOWS\system32\k11989628939.exe
C:\WINDOWS\system32\k119896289510.exe
C:\WINDOWS\system32\k119896289611.exe
C:\WINDOWS\system32\k119896289712.exe
C:\WINDOWS\system32\k119896289813.exe
C:\WINDOWS\system32\k119896289914.exe
C:\WINDOWS\system32\k119896290115.exe
C:\WINDOWS\system32\k119896290216.exe
C:\WINDOWS\system32\k119896290317.exe
C:\WINDOWS\system32\k11990132871.exe
C:\WINDOWS\system32\k11990132882.exe
C:\WINDOWS\system32\k11990132893.exe
C:\WINDOWS\system32\k11990132904.exe
C:\WINDOWS\system32\k11990132925.exe
C:\WINDOWS\system32\k11990132936.exe
C:\WINDOWS\system32\k11990132947.exe
C:\WINDOWS\system32\k11990132958.exe
C:\WINDOWS\system32\k11990132969.exe
C:\WINDOWS\system32\k119901329810.exe
C:\WINDOWS\system32\k119901329911.exe
C:\WINDOWS\system32\k119901330012.exe
C:\WINDOWS\system32\k119901330113.exe
C:\WINDOWS\system32\k119901330314.exe
C:\WINDOWS\system32\k119901330415.exe
C:\WINDOWS\system32\k119901330516.exe
C:\WINDOWS\system32\k119901330617.exe
C:\WINDOWS\system32\k119901330718.exe
C:\WINDOWS\system32\k11990137611.exe
C:\WINDOWS\system32\k11990137632.exe
C:\WINDOWS\system32\k11990137643.exe
C:\WINDOWS\system32\k11990137654.exe
C:\WINDOWS\system32\k11990137665.exe
C:\WINDOWS\system32\k11990137686.exe
C:\WINDOWS\system32\k11990137697.exe
C:\WINDOWS\system32\k11990137708.exe
C:\WINDOWS\system32\k11990137719.exe
C:\WINDOWS\system32\k119901377210.exe
C:\WINDOWS\system32\k119901377411.exe
C:\WINDOWS\system32\k119901377512.exe
C:\WINDOWS\system32\k119901377613.exe
C:\WINDOWS\system32\k119901377714.exe
C:\WINDOWS\system32\k119901377915.exe
C:\WINDOWS\system32\k119901378016.exe
C:\WINDOWS\system32\k119901378117.exe
C:\WINDOWS\system32\k11990181191.exe
C:\WINDOWS\system32\k11990181202.exe
C:\WINDOWS\system32\k11990181213.exe
C:\WINDOWS\system32\k11990181234.exe
C:\WINDOWS\system32\k11990181245.exe
C:\WINDOWS\system32\k11990181256.exe
C:\WINDOWS\system32\k11990181267.exe
C:\WINDOWS\system32\k11990181288.exe
C:\WINDOWS\system32\k11990181299.exe
C:\WINDOWS\system32\k119901813010.exe
C:\WINDOWS\system32\k119901813111.exe
C:\WINDOWS\system32\k119901813212.exe
C:\WINDOWS\system32\k119901813413.exe
C:\WINDOWS\system32\k119901813514.exe
C:\WINDOWS\system32\k119901813615.exe
C:\WINDOWS\system32\k119901813716.exe
C:\WINDOWS\system32\k119901813917.exe
C:\WINDOWS\system32\k119901814018.exe
C:\WINDOWS\system32\k119901814119.exe
C:\WINDOWS\system32\k119901913611.exe
C:\WINDOWS\system32\k119901914619.exe
C:\WINDOWS\system32\k119902897311.exe
C:\WINDOWS\system32\k119902898319.exe
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\lymangr.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\msdeg32.dll
C:\WINDOWS\system32\msimms32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\n1198962881k.exe
C:\WINDOWS\system32\n1199013284k.exe
C:\WINDOWS\system32\n1199013759k.exe
C:\WINDOWS\system32\n1199018117k.exe
C:\WINDOWS\system32\n1199018868k.exe
C:\WINDOWS\system32\nvdispdrv.dll
C:\WINDOWS\system32\SHQ.DLL
C:\WINDOWS\system32\SHQMANGR.DLL
C:\WINDOWS\system32\svchost.dat
C:\WINDOWS\system32\svchost.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\vljula.dll
C:\WINDOWS\TEMP.\~my1.tmp
C:\WINDOWS\tempaq
D:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ACPIDISK
-------\LEGACY_MS_2FAX
-------\LEGACY_SVCHOST
-------\acpidisk
-------\ms_2fax
-------\svchost
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2005-11-21 to 2005-12-21 ))))))))))))))))))))))))))))))))))))
.
2005-12-30 21:39 . 2005-12-21 21:46 45,056 --a------ C:\WINDOWS\system32\7E110700.DLL
2005-12-30 20:50 . 2005-12-30 21:15 49 --a------ C:\WINDOWS\system32\KeyWord.ini
2005-12-30 20:48 . 2005-12-30 20:48 8,192 --a------ C:\WINDOWS\system32\REGKEY.hiv
2005-12-30 20:46 . 2007-12-30 16:39 17,560 --a------ C:\WINDOWS\xbdeui.exe
2005-12-30 20:45 . 2007-12-30 16:39 16,503 --a------ C:\WINDOWS\kmrawm.exe
2005-12-30 20:45 . 2007-12-30 16:39 16,080 --a------ C:\WINDOWS\xkjfzz.exe
2005-12-30 20:45 . 2007-12-30 16:39 15,297 --a------ C:\WINDOWS\hkxaxt.exe
2005-12-30 20:45 . 2005-12-30 21:40 1 --a------ C:\WINDOWS\system32\num.ini
2005-12-30 20:15 . 2005-12-30 20:15 68 --a------ C:\WINDOWS\system32\7550ab
2005-12-30 20:13 . 2005-12-30 21:41 49 --a------ C:\WINDOWS\system32\adurl.ini
2005-12-30 19:45 . 2005-12-30 19:45 68 --a------ C:\WINDOWS\system32\2755
2005-12-30 19:29 . 2005-12-30 19:29 0 --a------ C:\WINDOWS\system32\84be4c4b
2005-12-30 19:15 . 2005-12-30 19:15 68 --a------ C:\WINDOWS\system32\[u]0[/u]f27
2005-12-30 19:15 . 2005-12-30 21:40 38 --a------ C:\WINDOWS\system32\key.~tmp
2005-12-30 19:15 . 2005-12-30 21:40 29 --a------ C:\WINDOWS\system32\-66-667675
2005-12-30 19:14 . 2005-12-30 19:14 208,896 ---hs---- C:\WINDOWS\system32\bho.dll
2005-12-30 19:14 . 2005-12-30 19:14 8 --a------ C:\WINDOWS\system32\-82-667675
2005-12-30 19:13 . 2005-12-30 21:15 <REP> d-------- C:\WINDOWS\system32\E029E
2005-12-30 19:13 . 2005-12-21 21:46 49,152 --a------ C:\WINDOWS\system32\EADEC1B6.DLL
2005-12-30 19:13 . 2005-12-30 19:13 14,504 --a------ C:\WINDOWS\system32\C93A88F4.EXE
2005-12-30 19:13 . 2005-12-30 20:13 694 --a------ C:\WINDOWS\system32\ini.~tmp
2005-12-30 19:13 . 2005-12-30 21:40 528 --a------ C:\WINDOWS\system32\setyahoo.ini
2005-12-30 19:13 . 2005-12-30 19:13 23 --a------ C:\WINDOWS\system32\C3F9D354.dat
2005-12-26 20:05 . 2005-12-26 20:05 52,529 --a------ C:\WINDOWS\system32\k113562372317.exe
2005-12-26 20:05 . 2005-12-26 20:05 42,801 --a------ C:\WINDOWS\system32\k113562371511.exe
2005-12-26 20:05 . 2005-12-26 20:05 28,672 --a------ C:\WINDOWS\system32\qjmgnc.dll
2005-12-26 20:05 . 2005-12-26 20:05 28,160 --a------ C:\WINDOWS\system32\nulpsp.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,624 --a------ C:\WINDOWS\system32\onpmqw.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,624 --a------ C:\WINDOWS\system32\nlqcuh.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,624 --a------ C:\WINDOWS\system32\didsjb.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,112 --a------ C:\WINDOWS\system32\tltcke.dll
2005-12-26 20:05 . 2005-12-26 20:05 26,112 --a------ C:\WINDOWS\system32\lxncvj.dll
2005-12-26 20:04 . 2005-12-26 20:04 127,488 --a------ C:\WINDOWS\system32\hewmvo.dll
2005-12-26 20:04 . 2005-12-26 20:04 28,672 --a------ C:\WINDOWS\system32\ztxvxj.dll
2005-12-26 20:04 . 2005-12-26 20:04 28,160 --a------ C:\WINDOWS\system32\bkcjkr.dll
2005-12-26 20:04 . 2005-12-26 20:04 27,648 --a------ C:\WINDOWS\system32\ofprll.dll
2005-12-26 20:04 . 2005-12-26 20:04 27,136 --a------ C:\WINDOWS\system32\tcykiz.dll
2005-12-26 13:17 . 2007-12-26 15:09 <REP> d-------- C:\WINDOWS\system32\LogFiles
2005-12-26 00:48 . 2005-12-26 00:48 268 --ah----- C:\sqmdata00.sqm
2005-12-26 00:48 . 2005-12-26 00:48 244 --ah----- C:\sqmnoopt00.sqm
2005-12-26 00:41 . 2005-12-25 15:50 17,592 --a------ C:\WINDOWS\sknoya.exe
2005-12-26 00:36 . 2005-12-26 00:39 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2005-12-26 00:36 . 2005-12-26 00:39 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2005-12-26 00:30 . 2005-12-26 00:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2005-12-26 00:17 . 2004-08-05 12:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2005-12-26 00:17 . 2005-12-26 00:17 1,877 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_ES071AA-ABF SR1802FR FR620_YC_0Pres_QCNH616_E62FRheREA3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.14_T060117_WXH2_L40C_M959_J200_7AMD_8Sempron_91.79_#060803_N10EC8139_Z_G10025954.MRK
2005-12-26 00:12 . 2006-04-19 14:15 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2005-12-26 00:08 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2005-12-26 00:08 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2005-12-25 15:46 . 2005-12-25 12:27 17,592 --a------ C:\WINDOWS\myjexx.exe
2005-12-25 15:33 . 2005-12-25 15:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2005-12-25 15:33 . 2005-12-25 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2005-12-24 18:48 . 2005-12-24 18:48 <REP> d-------- C:\Program Files\Yiqilai
2005-12-24 18:22 . 2005-12-25 03:30 <REP> d-------- C:\Program Files\IESuper
2005-12-24 18:21 . 2005-12-21 21:44 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2005-12-24 16:51 . 2005-12-30 20:49 51,385 --ahs---- C:\WINDOWS\533931MM.DLL
2005-12-24 16:51 . 2005-12-30 20:49 44,337 --a------ C:\WINDOWS\533931WL.DLL
2005-12-24 16:51 . 2005-12-30 20:49 16,643 --a------ C:\WINDOWS\PTSShell.exe
2005-12-24 16:51 . 2005-12-30 20:49 16,569 --a------ C:\WINDOWS\NAVMon32.exE
2005-12-24 16:50 . 2005-12-30 20:49 16,206 --a------ C:\WINDOWS\LotusHlp.exe
2005-12-24 16:50 . 2007-12-26 20:14 15,398 --a------ C:\WINDOWS\SSLDyn.exe
2005-12-21 21:46 . 778 C:\WINDOWS\system32\s1135197983g.dat
2005-12-21 21:44 . 2007-12-30 13:52 13,897 ---h----- C:\auto.exe
2005-12-09 22:03 . 2005-12-09 22:03 0 --a------ C:\WINDOWS\system32\px.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FB8C5D4-929F-4870-89E2-7E3EE26EE701}]
2007-12-29 09:12 53248 -ra------ C:\WINDOWS\system32\d9d1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F776B2A-72DF-40C1-BD69-EDB642A706D7}]
2005-12-30 19:14 208896 ---hs---- C:\WINDOWS\system32\bho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 18:37]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 21:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RegSrv64D"="C:\WINDOWS\uphgzj.exe" []
"WSockDrv32"="C:\WINDOWS\WSockDrv32.exe" []
"LotusHlp"="C:\WINDOWS\LotusHlp.exe" [2005-12-30 20:49]
"PTSShell"="C:\WINDOWS\PTSShell.exe" [2005-12-30 20:49]
"NAVMon32"="C:\WINDOWS\NAVMon32.exE" [2005-12-30 20:49]
"WINSvr32"="C:\WINDOWS\WINSvr32.exE" [2005-12-30 20:49]
"WinSysW"="C:\WINDOWS\533931L.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
R0 7i6szsbha;7i6szsbh;C:\WINDOWS\system32\DRIVERS\7i6szsbha.sys [2004-08-05 12:00]
R2 jrk1zao2;jrk1zao2;C:\WINDOWS\system32\drivers\jrk1zao2.sys [2004-08-05 12:00]
R2 ms_2fax;ms_2fax;C:\WINDOWS\system32\9dc51.exe [2007-12-29 02:10]
R2 YahooSvr;Yahoo Service;C:\WINDOWS\system32\E029E\svchost.exe [2005-12-30 21:15]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S2 C3F9D354;C3F9D354;C:\WINDOWS\system32\C93A88F4.EXE -g []
S2 EBDF8952;EBDF8952;C:\WINDOWS\system32\907382B0.EXE -k []
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S2 sysloader;System Event loader;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe" []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-29 21:04]
*Newly Created Service* - COMHOST
*Newly Created Service* - MS_2FAX
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-12-21 21:46:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\78m9854c60.dll
-> C:\WINDOWS\system32\LotusHlp.dll
-> C:\WINDOWS\system32\PTSShell.dll
-> C:\WINDOWS\system32\WINSvr32.dll
-> C:\WINDOWS\system32\NAVMon32.dll
.
Completion time: 2005-12-21 21:47:45 - machine was rebooted
.
2007-12-29 21:13:00 --- E O F ---
déjà on y voit un peu plus clair, reste encore a analyser complètement combo
reposte aussi un nouveau rapport hijackthis stp
je vois ça un peu plus tard
reposte aussi un nouveau rapport hijackthis stp
je vois ça un peu plus tard
en + du nouveau rapport hijackthis, il faudrait ceci :
Télécharge System Repair Engineer - SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html
Extrais tout son contenu sur ton Bureau
(clic droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.
Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.
Télécharge System Repair Engineer - SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html
Extrais tout son contenu sur ton Bureau
(clic droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.
Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour, voila le scan de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:01:20, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\E029E\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wbem\3648\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\d9d1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\RegSrv64D.exE
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE
O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\533931L.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\533931M.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EBDF8952 - Unknown owner - C:\WINDOWS\system32\907382B0.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe
Celui de SREngLOG:
[CODE]
2007-12-22,10:59:17
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PCMService><"C:\Program Files\CyberLink\PowerCinema\PCMService.exe"> [CyberLink Corp.]
<Recguard><C:\WINDOWS\SMINST\RECGUARD.EXE> []
<PCDrProfiler><> [N/A]
<ccApp><"c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [N/A]
<HPBootOp><"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run> [Hewlett-Packard Company]
<HP Software Update><C:\Program Files\HP\HP Software Update\HPwuSchd2.exe> [Hewlett-Packard Co.]
<Symantec PIF AlertEng><"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"> [N/A]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<RegSrv64D><C:\WINDOWS\RegSrv64D.exE> []
<WSockDrv32><C:\WINDOWS\WSockDrv32.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<NAVMon32><C:\WINDOWS\NAVMon32.exE> []
<WINSvr32><C:\WINDOWS\WINSvr32.exE> []
<WinSysW><C:\WINDOWS\533931L.exe> [N/A]
<AVPSrv><C:\WINDOWS\AVPSrv.exE> []
<Kvsc3><C:\WINDOWS\Kvsc3.exE> []
<MsPrint32D><C:\WINDOWS\MsPrint32D.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exE> []
<NVDispDrv><C:\WINDOWS\NVDispDRV.EXE> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<WinSysM><C:\WINDOWS\533931M.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32><LYLoader.exe> []
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> []
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wbsys.dll> [Stardock.Net, Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
<WinlogonNotify: WB><C:\Program Files\AlienGUIse\fastload.dll> [Stardock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
==================================
Startup Folders
[Démarrage rapide de HP Photosmart Premier]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Development Company, L.P.]><N>
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[ONSPEED]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ONSPEED.lnk --> C:\Program Files\ONSPEED\onspeedgui.exe [N/A]><N>
==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Boonty Games / Boonty Games][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"><BOONTY>
[C3F9D354 / C3F9D354][Stopped/Auto Start]
<C:\WINDOWS\system32\C93A88F4.EXE -g><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"><N/A>
[Symantec Internet Security Password Validation / ccISPwdSvc][Stopped/Manual Start]
<"c:\Program Files\Norton Internet Security\ccPwdSvc.exe"><N/A>
[Symantec Network Proxy / ccProxy][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"><N/A>
[Symantec Settings Manager / ccSetMgr][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"><N/A>
[CyberLink Background Capture Service (CBCS) / CLCapSvc][Running/Auto Start]
<"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"><>
[CyberLink Task Scheduler (CTS) / CLSched][Running/Auto Start]
<"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"><>
[COM Host / comHost][Stopped/Manual Start]
<"c:\Program Files\Norton Internet Security\comHost.exe"><N/A>
[CyberLink Media Library Service / CyberLink Media Library Service][Running/Auto Start]
<"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"><Cyberlink>
[EBDF8952 / EBDF8952][Stopped/Auto Start]
<C:\WINDOWS\system32\907382B0.EXE -k><>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><N/A>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"><N/A>
[Service Norton AntiVirus Auto-Protect / navapsvc][Stopped/Auto Start]
<"c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"><N/A>
[Norton Protection Center Service / NSCService][Stopped/Manual Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"><N/A>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><N/A>
[Symantec AVScan / SAVScan][Stopped/Manual Start]
<"c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"><N/A>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"><N/A>
[Symantec Core LC / Symantec Core LC][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"><N/A>
[System Event loader / sysloader][Stopped/Auto Start]
<"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"><N/A>
[Horloge Windows / W32Time][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wbem\rhgjxhvnb.dll><Microsoft Crop.>
[Yahoo Service / YahooSvr][Running/Auto Start]
<C:\WINDOWS\system32\E029E\svchost.exe><>
[ms_2fax / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\9dc51.exe><Microsoft Corporation>
==================================
Drivers
[7i6szsbh / 7i6szsbha][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\7i6szsbha.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Pilote de processeur AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys><N/A>
[Symantec Eraser Control driver / eeCtrl][Stopped/System Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys><N/A>
[Pilote de processeur Intel / intelppm][Stopped/System Start]
<system32\DRIVERS\intelppm.sys><N/A>
[jrk1zao2 / jrk1zao2][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\jrk1zao2.sys><N/A>
[LT Modem Driver / ltmodem5][Stopped/Manual Start]
<system32\DRIVERS\ltmdmnt.sys><LT>
[NAVENG / NAVENG][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060104.006\NAVENG.Sys><N/A>
[NAVEX15 / NAVEX15][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060104.006\NavEx15.Sys><N/A>
[Ps2 / Ps2][Running/Manual Start]
<system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Stopped/Manual Start]
<\??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS><N/A>
[SAVRTPEL / SAVRTPEL][Stopped/System Start]
<\??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SPBBCDrv / SPBBCDrv][Stopped/System Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys><N/A>
[SYMDNS / SYMDNS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys><N/A>
[symlcbrd / symlcbrd][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><N/A>
[SYMNDIS / SYMNDIS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Invoke Class]
{5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\d9d1.dll, >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{8F776B2A-72DF-40C1-BD69-EDB642A706D7} <C:\WINDOWS\system32\bho.dll, >
[CNavExtBho Class]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Aide à la connexion]
{E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Norton AntiVirus]
{C4069E3A-68F1-403E-B40E-20066696354B} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_05]
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Invoke Class]
{5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\d9d1.dll, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
{8F776B2A-72DF-40C1-BD69-EDB642A706D7} <C:\WINDOWS\system32\bho.dll, >
[CNavExtBho Class]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Helper Class]
{BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
[Norton AntiVirus]
{C4069E3A-68F1-403E-B40E-20066696354B} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Runclose Control]
{F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\system32\runclose.ocx, Hewlett-Packard Company>
==================================
Running Processes
[PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4119]
[C:\Program Files\AlienGUIse\fastload.dll] [Stardock, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\EADEC1B6.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\LYMANGR.DLL] [N/A, ]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 924 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1016 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1108 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1156 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1412 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1488 / Compaq_Propriétaire][C:\Program Files\AlienGUIse\wbload.exe] [Stardock Systems, Inc, 4.51]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2040 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 228 / Compaq_Propriétaire][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 320 / Compaq_Propriétaire][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\WINDOWS\system32\EADEC1B6.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\78m9854c60.dll] [N/A, ]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\SHQMANGR.DLL] [N/A, ]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\d9d1.dll] [, 1, 0, 0, 2]
[C:\WINDOWS\system32\bho.dll] [, 1.0.0.0]
[C:\WINDOWS\system32\wbem\rhgjxhvnb.dll] [Microsoft Crop., 6.0.3.279]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\533931MM.DLL] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\533931WL.DLL] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 500 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe] [, 4.05.1409]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll] [CyberLink Corp., 4.01.2609]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 520 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe] [Cyberlink, 2, 1, 0, 2301]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1660 / SYSTEM][C:\WINDOWS\system32\E029E\svchost.exe] [, 1.0.0.1]
[PID: 1744 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll] [Cyberlink, 2, 1, 0, 2301]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchedps.dll] [N/A, ]
[PID: 1544 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1712 / Compaq_Propriétaire][C:\Program Files\CyberLink\PowerCinema\PCMService.exe] [CyberLink Corp., 4, 5, 0, 0]
[C:\Program Files\CyberLink\PowerCinema\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\CyberLink\PowerCinema\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\CyberLink\PowerCinema\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\CyberLink\PowerCinema\Kernel\common\CLRCEngine3.dll] [CyberLink Corp., 4, 5, 0, 1711]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapX.dll] [Cyberlink, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLAuMixer.dll] [CyberLink Corp., 1.00.1128 ]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll] [CyberLink Corp., 4.01.2609]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll] [Cyberlink, 2, 1, 0, 2301]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchedps.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 1856 / Compaq_Propriétaire][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 1884 / Compaq_Propriétaire][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[PID: 2376 / SYSTEM][C:\WINDOWS\system32\E029E\ctfmon.exe] [, 1.0.0.3]
[PID: 2852 / Compaq_Propriétaire][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1288.0816.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2860 / Compaq_Propriétaire][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_fr.dll] [Google Inc., 2, 0, 301, 7164]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2868 / Compaq_Propriétaire][C:\Program Files\RamBoost XP\rambxpfr.exe] [Gildas LE BOURNAULT, 4.0.6.324]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2976 / SYSTEM][C:\WINDOWS\system32\E029E\ctfmon.exe] [, 1.0.0.3]
[PID: 3072 / Compaq_Propriétaire][C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5bd2ad4b\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e693dd7d\system.windows.forms.dll] [N/A, ]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_64a8f82b\system.drawing.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6e0c5f2f\system.dll] [N/A, ]
[c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\program files\hp\digital imaging\bin\fr\hpqimzone.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.000]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_951f948f\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll] [LEAD Technologies, Inc., 13.0.0.113]
[C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll] [LEAD Technologies, Inc., 13.0.0.098]
[c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqtray.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqfmrsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll] [ , 4.0.0.0]
[c:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\program files\hp\digital imaging\bin\hpqmirsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\program files\hp\digital imaging\bin\fr\hpqmirsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqedit.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcc2.resources.dll] [ , 60.0.83.0]
[c:\program files\hp\digital imaging\bin\fr\hpqvideo.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll] [ , 4.0.0.0]
[c:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqprrsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\system.resources\1.0.5000.0_fr_b77a5c561934e089\system.resources.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll] [ , 3.0.0.0]
[c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcprsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqisrtb.resources.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.0]
[c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqbakup.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll] [LEAD Technologies, Inc., 13.0.0.113]
[C:\Program Files\HP\Digital Imaging\bin\ltfil13n.dll] [LEAD Technologies, Inc., 13.0.0.113]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 3276 / SYSTEM][C:\WINDOWS\system32\E029E\ctfmon.exe] [, 1.0.0.3]
[PID: 3284 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[PID: 3380 / Compaq_Propriétaire][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\d9d1.dll] [, 1, 0, 0, 2]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\bho.dll] [, 1.0.0.0]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3243 (xpsp_sp2_qfe.071029-1244)]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\s
Logfile of HijackThis v1.99.1
Scan saved at 11:01:20, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\E029E\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wbem\3648\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\d9d1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\RegSrv64D.exE
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE
O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\533931L.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\533931M.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EBDF8952 - Unknown owner - C:\WINDOWS\system32\907382B0.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe
Celui de SREngLOG:
[CODE]
2007-12-22,10:59:17
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PCMService><"C:\Program Files\CyberLink\PowerCinema\PCMService.exe"> [CyberLink Corp.]
<Recguard><C:\WINDOWS\SMINST\RECGUARD.EXE> []
<PCDrProfiler><> [N/A]
<ccApp><"c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [N/A]
<HPBootOp><"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run> [Hewlett-Packard Company]
<HP Software Update><C:\Program Files\HP\HP Software Update\HPwuSchd2.exe> [Hewlett-Packard Co.]
<Symantec PIF AlertEng><"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"> [N/A]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<RegSrv64D><C:\WINDOWS\RegSrv64D.exE> []
<WSockDrv32><C:\WINDOWS\WSockDrv32.exe> []
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<PTSShell><C:\WINDOWS\PTSShell.exe> []
<NAVMon32><C:\WINDOWS\NAVMon32.exE> []
<WINSvr32><C:\WINDOWS\WINSvr32.exE> []
<WinSysW><C:\WINDOWS\533931L.exe> [N/A]
<AVPSrv><C:\WINDOWS\AVPSrv.exE> []
<Kvsc3><C:\WINDOWS\Kvsc3.exE> []
<MsPrint32D><C:\WINDOWS\MsPrint32D.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<DbgHlp32><C:\WINDOWS\DbgHlp32.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exE> []
<NVDispDrv><C:\WINDOWS\NVDispDRV.EXE> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<WinSysM><C:\WINDOWS\533931M.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32><LYLoader.exe> []
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> []
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wbsys.dll> [Stardock.Net, Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
<WinlogonNotify: WB><C:\Program Files\AlienGUIse\fastload.dll> [Stardock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
==================================
Startup Folders
[Démarrage rapide de HP Photosmart Premier]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Development Company, L.P.]><N>
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[ONSPEED]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ONSPEED.lnk --> C:\Program Files\ONSPEED\onspeedgui.exe [N/A]><N>
==================================
Services
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Boonty Games / Boonty Games][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"><BOONTY>
[C3F9D354 / C3F9D354][Stopped/Auto Start]
<C:\WINDOWS\system32\C93A88F4.EXE -g><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"><N/A>
[Symantec Internet Security Password Validation / ccISPwdSvc][Stopped/Manual Start]
<"c:\Program Files\Norton Internet Security\ccPwdSvc.exe"><N/A>
[Symantec Network Proxy / ccProxy][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"><N/A>
[Symantec Settings Manager / ccSetMgr][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"><N/A>
[CyberLink Background Capture Service (CBCS) / CLCapSvc][Running/Auto Start]
<"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"><>
[CyberLink Task Scheduler (CTS) / CLSched][Running/Auto Start]
<"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"><>
[COM Host / comHost][Stopped/Manual Start]
<"c:\Program Files\Norton Internet Security\comHost.exe"><N/A>
[CyberLink Media Library Service / CyberLink Media Library Service][Running/Auto Start]
<"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"><Cyberlink>
[EBDF8952 / EBDF8952][Stopped/Auto Start]
<C:\WINDOWS\system32\907382B0.EXE -k><>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><N/A>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"><N/A>
[Service Norton AntiVirus Auto-Protect / navapsvc][Stopped/Auto Start]
<"c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"><N/A>
[Norton Protection Center Service / NSCService][Stopped/Manual Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"><N/A>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><N/A>
[Symantec AVScan / SAVScan][Stopped/Manual Start]
<"c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"><N/A>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Auto Start]
<"c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"><N/A>
[Symantec Core LC / Symantec Core LC][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"><N/A>
[System Event loader / sysloader][Stopped/Auto Start]
<"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"><N/A>
[Horloge Windows / W32Time][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wbem\rhgjxhvnb.dll><Microsoft Crop.>
[Yahoo Service / YahooSvr][Running/Auto Start]
<C:\WINDOWS\system32\E029E\svchost.exe><>
[ms_2fax / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\9dc51.exe><Microsoft Corporation>
==================================
Drivers
[7i6szsbh / 7i6szsbha][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\7i6szsbha.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Pilote de processeur AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys><N/A>
[Symantec Eraser Control driver / eeCtrl][Stopped/System Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys><N/A>
[Pilote de processeur Intel / intelppm][Stopped/System Start]
<system32\DRIVERS\intelppm.sys><N/A>
[jrk1zao2 / jrk1zao2][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\jrk1zao2.sys><N/A>
[LT Modem Driver / ltmodem5][Stopped/Manual Start]
<system32\DRIVERS\ltmdmnt.sys><LT>
[NAVENG / NAVENG][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060104.006\NAVENG.Sys><N/A>
[NAVEX15 / NAVEX15][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20060104.006\NavEx15.Sys><N/A>
[Ps2 / Ps2][Running/Manual Start]
<system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Stopped/Manual Start]
<\??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS><N/A>
[SAVRTPEL / SAVRTPEL][Stopped/System Start]
<\??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SPBBCDrv / SPBBCDrv][Stopped/System Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys><N/A>
[SYMDNS / SYMDNS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys><N/A>
[symlcbrd / symlcbrd][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><N/A>
[SYMNDIS / SYMNDIS][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Invoke Class]
{5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\d9d1.dll, >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{8F776B2A-72DF-40C1-BD69-EDB642A706D7} <C:\WINDOWS\system32\bho.dll, >
[CNavExtBho Class]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Aide à la connexion]
{E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Norton AntiVirus]
{C4069E3A-68F1-403E-B40E-20066696354B} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_05]
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Invoke Class]
{5FB8C5D4-929F-4870-89E2-7E3EE26EE701} <C:\WINDOWS\system32\d9d1.dll, >
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
{8F776B2A-72DF-40C1-BD69-EDB642A706D7} <C:\WINDOWS\system32\bho.dll, >
[CNavExtBho Class]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Helper Class]
{BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
[Norton AntiVirus]
{C4069E3A-68F1-403E-B40E-20066696354B} <c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Runclose Control]
{F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\system32\runclose.ocx, Hewlett-Packard Company>
==================================
Running Processes
[PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4119]
[C:\Program Files\AlienGUIse\fastload.dll] [Stardock, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\EADEC1B6.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\LYMANGR.DLL] [N/A, ]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 912 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 924 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1016 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1108 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1156 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1412 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1488 / Compaq_Propriétaire][C:\Program Files\AlienGUIse\wbload.exe] [Stardock Systems, Inc, 4.51]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2040 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 228 / Compaq_Propriétaire][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 320 / Compaq_Propriétaire][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\WINDOWS\system32\EADEC1B6.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\78m9854c60.dll] [N/A, ]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[C:\WINDOWS\system32\SHQMANGR.DLL] [N/A, ]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\d9d1.dll] [, 1, 0, 0, 2]
[C:\WINDOWS\system32\bho.dll] [, 1.0.0.0]
[C:\WINDOWS\system32\wbem\rhgjxhvnb.dll] [Microsoft Crop., 6.0.3.279]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\533931MM.DLL] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\533931WL.DLL] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 500 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe] [, 4.05.1409]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll] [CyberLink Corp., 4.01.2609]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 520 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe] [Cyberlink, 2, 1, 0, 2301]
[C:\WINDOWS\system32\7E110700.DLL] [, ]
[PID: 1660 / SYSTEM][C:\WINDOWS\system32\E029E\svchost.exe] [, 1.0.0.1]
[PID: 1744 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll] [Cyberlink, 2, 1, 0, 2301]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchedps.dll] [N/A, ]
[PID: 1544 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1712 / Compaq_Propriétaire][C:\Program Files\CyberLink\PowerCinema\PCMService.exe] [CyberLink Corp., 4, 5, 0, 0]
[C:\Program Files\CyberLink\PowerCinema\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\CyberLink\PowerCinema\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\CyberLink\PowerCinema\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\CyberLink\PowerCinema\Kernel\common\CLRCEngine3.dll] [CyberLink Corp., 4, 5, 0, 1711]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapX.dll] [Cyberlink, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLAuMixer.dll] [CyberLink Corp., 1.00.1128 ]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll] [N/A, ]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll] [, 4.05.1409]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll] [CyberLink Corp., 4.01.2609]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll] [Cyberlink, 2, 1, 0, 2301]
[C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchedps.dll] [N/A, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 1856 / Compaq_Propriétaire][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 1884 / Compaq_Propriétaire][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[PID: 2376 / SYSTEM][C:\WINDOWS\system32\E029E\ctfmon.exe] [, 1.0.0.3]
[PID: 2852 / Compaq_Propriétaire][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1288.0816.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1288.0816]
[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2860 / Compaq_Propriétaire][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_fr.dll] [Google Inc., 2, 0, 301, 7164]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2868 / Compaq_Propriétaire][C:\Program Files\RamBoost XP\rambxpfr.exe] [Gildas LE BOURNAULT, 4.0.6.324]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 2976 / SYSTEM][C:\WINDOWS\system32\E029E\ctfmon.exe] [, 1.0.0.3]
[PID: 3072 / Compaq_Propriétaire][C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\system32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5bd2ad4b\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e693dd7d\system.windows.forms.dll] [N/A, ]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_64a8f82b\system.drawing.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6e0c5f2f\system.dll] [N/A, ]
[c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\program files\hp\digital imaging\bin\fr\hpqimzone.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.000]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_951f948f\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll] [LEAD Technologies, Inc., 13.0.0.113]
[C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll] [LEAD Technologies, Inc., 13.0.0.098]
[c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqtray.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqfmrsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll] [ , 4.0.0.0]
[c:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\program files\hp\digital imaging\bin\hpqmirsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\program files\hp\digital imaging\bin\fr\hpqmirsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll] [LEAD Technologies, Inc., 13.0.0.113]
[c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqedit.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcc2.resources.dll] [ , 60.0.83.0]
[c:\program files\hp\digital imaging\bin\fr\hpqvideo.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll] [ , 4.0.0.0]
[c:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqprrsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\system.resources\1.0.5000.0_fr_b77a5c561934e089\system.resources.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll] [ , 3.0.0.0]
[c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqcprsc.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll] [Hewlett-Packard Development Company, L.P., 060.000.155.000]
[c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_fr_a53cf5803f4c3827\hpqisrtb.resources.dll] [Hewlett-Packard Development Company, L.P., 60.0.155.0]
[c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll] [Hewlett-Packard Development Company, L.P., 060.000.087.000]
[c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_fr_a53cf5803f4c3827\hpqbakup.resources.dll] [ , 60.0.83.0]
[c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll] [LEAD Technologies, Inc., 13.0.0.113]
[C:\Program Files\HP\Digital Imaging\bin\ltfil13n.dll] [LEAD Technologies, Inc., 13.0.0.113]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\system32\ekeqat.dll] [N/A, ]
[C:\WINDOWS\system32\jlutqz.dll] [N/A, ]
[PID: 3276 / SYSTEM][C:\WINDOWS\system32\E029E\ctfmon.exe] [, 1.0.0.3]
[PID: 3284 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\wbsys.dll] [Stardock.Net, Inc, 4, 0, 0, 0]
[PID: 3380 / Compaq_Propriétaire][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\AlienGUIse\WBlind.dll] [Stardock.Net, Inc, 4.61]
[C:\Program Files\AlienGUIse\wbhelp.dll] [Stardock.Net, Inc, 4.01]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\d9d1.dll] [, 1, 0, 0, 2]
[C:\WINDOWS\system32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\bho.dll] [, 1.0.0.0]
[C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3243 (xpsp_sp2_qfe.071029-1244)]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\dwkejy.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\DbgHlp32.dll] [N/A, ]
[C:\WINDOWS\system32\MsPrint32D.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\system32\NVDispDrv.dll] [N/A, ]
[C:\WINDOWS\system32\PTSShell.dll] [N/A, ]
[C:\WINDOWS\system32\cwykgz.dll] [N/A, ]
[C:\WINDOWS\s
Philea, peut tu m'aider a resoudre mon probleme aujourd'hui car je peut rien faire absolument rien, ma machine fait n'importe quoi...
SVP Merci d'avance...
SVP Merci d'avance...
bonjour,
oui je suis là, j'ai commencé à regarder hier en attendant le rapport que tu viens de poster.
je retourne continuer, mais c'est très long à analyser avec toutes tes m.....
soit patient, je ne t'oublie pas
évite de rester inutilement sur le net aussi. Pas de surf inutiles stp
oui je suis là, j'ai commencé à regarder hier en attendant le rapport que tu viens de poster.
je retourne continuer, mais c'est très long à analyser avec toutes tes m.....
soit patient, je ne t'oublie pas
évite de rester inutilement sur le net aussi. Pas de surf inutiles stp
bon j'espère que on va progresser
IMPORTANT avant de commencer
* télécharge ERUNT pour sauvegarder ta base de registre avant d'effectuer les manips ci dessous
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm
puis
dans l'ordre et tout à la suite stp
* lance hijackthis "do a system scan only" puis coche ces lignes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\d9d1.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\RegSrv64D.exE
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE
O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\533931L.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\533931M.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
* toutes les applications fermées et hors connexion clique sur FIX CHECKED
ensuite
Sélectionne le texte suivant :
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ainsi qu'un nouveau rapport hijackthis
IMPORTANT avant de commencer
* télécharge ERUNT pour sauvegarder ta base de registre avant d'effectuer les manips ci dessous
https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
tuto
http://pageperso.aol.fr/loraline60/tuto_erunt.htm
puis
dans l'ordre et tout à la suite stp
* lance hijackthis "do a system scan only" puis coche ces lignes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
O2 - BHO: Invoke Class - {5FB8C5D4-929F-4870-89E2-7E3EE26EE701} - C:\WINDOWS\system32\d9d1.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\RegSrv64D.exE
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE
O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\533931L.exe
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\533931M.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
* toutes les applications fermées et hors connexion clique sur FIX CHECKED
ensuite
Sélectionne le texte suivant :
driver::
7i6szsbha
jrk1zao2
C3F9D354
EBDF8952
ms_2fax
file::
C:\WINDOWS\RegSrv64D.exE
C:\WINDOWS\WSockDrv32.exe
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\NAVMon32.exE
C:\WINDOWS\WINSvr32.exE
C:\WINDOWS\533931L.exe
C:\WINDOWS\AVPSrv.exE
C:\WINDOWS\Kvsc3.exE
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\MsIMMs32.exE
C:\WINDOWS\NVDispDRV.EXE
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\533931M.exe
C:\WINDOWS\SSLDyn.exe
C:\WINDOWS\system32\7E110700.DLL
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\xbdeui.exe
C:\WINDOWS\kmrawm.exe
C:\WINDOWS\xkjfzz.exe
C:\WINDOWS\hkxaxt.exe
C:\WINDOWS\system32\adurl.ini
C:\WINDOWS\system32\d9d1.dll
C:\WINDOWS\system32\84be4c4b
C:\WINDOWS\system32\[u]0[/u]f27
C:\WINDOWS\system32\key.~tmp
C:\WINDOWS\system32\-66-667675
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\system32\ini.~tmp
C:\WINDOWS\system32\setyahoo.ini
C:\WINDOWS\system32\C3F9D354.dat
C:\WINDOWS\system32\k113562372317.exe
C:\WINDOWS\system32\k113562371511.exe
C:\WINDOWS\system32\qjmgnc.dll
C:\WINDOWS\system32\nulpsp.dll
C:\WINDOWS\system32\onpmqw.dll
C:\WINDOWS\system32\nlqcuh.dll
C:\WINDOWS\system32\didsjb.dll
C:\WINDOWS\system32\tltcke.dll
C:\WINDOWS\system32\lxncvj.dll
C:\WINDOWS\system32\hewmvo.dll
C:\WINDOWS\system32\ztxvxj.dll
C:\WINDOWS\system32\bkcjkr.dll
C:\WINDOWS\system32\ofprll.dll
C:\WINDOWS\system32\tcykiz.dll
C:\WINDOWS\sknoya.exe
C:\WINDOWS\myjexx.exe
C:\WINDOWS\system32\s1135197983g.dat
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\DRIVERS\7i6szsbha.sys
C:\WINDOWS\system32\drivers\jrk1zao2.sys
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\C93A88F4.EXE
C:\WINDOWS\system32\907382B0.EXE
registry::
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FB8C5D4-929F-4870-89E2-7E3EE26EE701}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F776B2A-72DF-40C1-BD69-EDB642A706D7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegSrv64D"=-
"WSockDrv32"=-
"LotusHlp"=-
"PTSShell"=-
"NAVMon32"=-
"WINSvr32"=-
"WinSysW"=-
"AVPSrv"=-
"Kvsc3"=-
"MsPrint32D"=-
"cmdbcs"=-
"mppds"=-
"msccrt"=-
"DbgHlp32"=-
"MsIMMs32"=-
"NVDispDrv"=-
"upxdnd"=-
"WinSysM"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"MSDEG32"=-
# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
ainsi qu'un nouveau rapport hijackthis
hijack:
Logfile of HijackThis v1.99.1
Scan saved at 16:29:03, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\E029E\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe
ComboFix:
ComboFix 07-12-21.4 - Compaq_Propriétaire 2007-12-22 16:21:28.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.570 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Propriétaire\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\533931L.exe
C:\WINDOWS\533931M.exe
C:\WINDOWS\AVPSrv.exE
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\hkxaxt.exe
C:\WINDOWS\kmrawm.exe
C:\WINDOWS\Kvsc3.exE
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\MsIMMs32.exE
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\myjexx.exe
C:\WINDOWS\NAVMon32.exE
C:\WINDOWS\NVDispDRV.EXE
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\RegSrv64D.exE
C:\WINDOWS\sknoya.exe
C:\WINDOWS\SSLDyn.exe
C:\WINDOWS\system32\-66-667675
C:\WINDOWS\system32\[u]0[/u]f27
C:\WINDOWS\system32\7E110700.DLL
C:\WINDOWS\system32\84be4c4b
C:\WINDOWS\system32\907382B0.EXE
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\adurl.ini
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\system32\bkcjkr.dll
C:\WINDOWS\system32\C3F9D354.dat
C:\WINDOWS\system32\C93A88F4.EXE
C:\WINDOWS\system32\d9d1.dll
C:\WINDOWS\system32\didsjb.dll
C:\WINDOWS\system32\DRIVERS\7i6szsbha.sys
C:\WINDOWS\system32\drivers\jrk1zao2.sys
C:\WINDOWS\system32\hewmvo.dll
C:\WINDOWS\system32\ini.~tmp
C:\WINDOWS\system32\k113562371511.exe
C:\WINDOWS\system32\k113562372317.exe
C:\WINDOWS\system32\key.~tmp
C:\WINDOWS\system32\lxncvj.dll
C:\WINDOWS\system32\nlqcuh.dll
C:\WINDOWS\system32\nulpsp.dll
C:\WINDOWS\system32\ofprll.dll
C:\WINDOWS\system32\onpmqw.dll
C:\WINDOWS\system32\qjmgnc.dll
C:\WINDOWS\system32\s1135197983g.dat
C:\WINDOWS\system32\setyahoo.ini
C:\WINDOWS\system32\tcykiz.dll
C:\WINDOWS\system32\tltcke.dll
C:\WINDOWS\system32\ztxvxj.dll
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\WINSvr32.exE
C:\WINDOWS\WSockDrv32.exe
C:\WINDOWS\xbdeui.exe
C:\WINDOWS\xkjfzz.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\auto.exe
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a1637.dat
C:\Documents and Settings\All Users\Application Data.\t\b1637.dat
C:\Documents and Settings\All Users\Application Data.\t\k1637.dat
C:\Documents and Settings\All Users\Application Data.\t\p1637.dat
C:\Documents and Settings\All Users\Application Data.\t\r1637.dat
C:\WINDOWS\731.bmp
C:\WINDOWS\7412183332.dll
C:\WINDOWS\avpsrv.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\fn00321.log
C:\WINDOWS\hkxaxt.exe
C:\WINDOWS\kmrawm.exe
C:\WINDOWS\kvsc3.exe
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\msimms32.exe
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\myjexx.exe
C:\WINDOWS\NAVMon32.exE
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\RegSrv64D.exE
C:\WINDOWS\sknoya.exe
C:\WINDOWS\SSLDyn.exe
C:\WINDOWS\system\dvl
C:\WINDOWS\system\lvl
C:\WINDOWS\system32\-66-667675
C:\WINDOWS\system32\[u]0[/u]31.exe
C:\WINDOWS\system32\1d1.dll
C:\WINDOWS\system32\7E110700.DLL
C:\WINDOWS\system32\84be4c4b
C:\WINDOWS\system32\907382B0.EXE
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\adurl.ini
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\system32\bkcjkr.dll
C:\WINDOWS\system32\C3F9D354.dat
C:\WINDOWS\system32\C93A88F4.EXE
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\cwykgz.dll
C:\WINDOWS\system32\d9d1.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\didsjb.dll
C:\WINDOWS\system32\DRIVERS\7i6szsbha.sys
C:\WINDOWS\system32\drivers\jrk1zao2.sys
C:\WINDOWS\system32\drivers\wspmyg93.sys
C:\WINDOWS\system32\hewmvo.dll
C:\WINDOWS\system32\ini.~tmp
C:\WINDOWS\system32\jlutqz.dll
C:\WINDOWS\system32\k113562371511.exe
C:\WINDOWS\system32\k113562372317.exe
C:\WINDOWS\system32\k119831679711.exe
C:\WINDOWS\system32\k119831680719.exe
C:\WINDOWS\system32\k119832052911.exe
C:\WINDOWS\system32\k119832053919.exe
C:\WINDOWS\system32\k119833528711.exe
C:\WINDOWS\system32\k119833529619.exe
C:\WINDOWS\system32\key.~tmp
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\lxncvj.dll
C:\WINDOWS\system32\lyloader.exe
C:\WINDOWS\system32\lymangr.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\MSDEG32.DLL
C:\WINDOWS\system32\msimms32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\nlqcuh.dll
C:\WINDOWS\system32\nulpsp.dll
C:\WINDOWS\system32\nvdispdrv.dll
C:\WINDOWS\system32\ofprll.dll
C:\WINDOWS\system32\onpmqw.dll
C:\WINDOWS\system32\qjmgnc.dll
C:\WINDOWS\system32\setyahoo.ini
C:\WINDOWS\system32\SHQ.DLL
C:\WINDOWS\system32\SHQMANGR.DLL
C:\WINDOWS\system32\tcykiz.dll
C:\WINDOWS\system32\tltcke.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\wspmyg93.dll
C:\WINDOWS\system32\wspmyg93.dllmmc.pkm
C:\WINDOWS\system32\ztxvxj.dll
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\WINSvr32.exE
C:\WINDOWS\WSockDrv32.exe
C:\WINDOWS\xbdeui.exe
C:\WINDOWS\xkjfzz.exe
D:\auto.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_7I6SZSBHA
-------\LEGACY_C3F9D354
-------\LEGACY_EBDF8952
-------\LEGACY_JRK1ZAO2
-------\LEGACY_MS_2FAX
-------\LEGACY_WSPMYG93
-------\7i6szsbha
-------\C3F9D354
-------\EBDF8952
-------\jrk1zao2
-------\ms_2fax
-------\wspmyg93
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.
2007-12-30 16:39 . 2007-12-30 16:39 28,160 --a------ C:\WINDOWS\system32\lzkklj.dll
2007-12-30 16:35 . 2007-12-30 13:55 17,560 --a------ C:\WINDOWS\dvdfcd.exe
2007-12-30 16:35 . 2007-12-30 13:55 16,503 --a------ C:\WINDOWS\glovzt.exe
2007-12-30 16:35 . 2007-12-30 13:55 16,080 --a------ C:\WINDOWS\ivfggi.exe
2007-12-30 16:35 . 2007-12-30 13:55 15,297 --a------ C:\WINDOWS\izbwig.exe
2007-12-30 13:55 . 2007-12-22 15:57 127,488 --a------ C:\WINDOWS\system32\WSockDrv32.dll
2007-12-30 13:55 . 2007-12-22 15:58 28,160 --a------ C:\WINDOWS\system32\WINSvr32.dll
2007-12-30 13:11 . 2007-12-30 13:55 <REP> d-------- C:\Program Files\Panda Antivirus 2008
2007-12-29 22:02 . 2007-12-29 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-29 21:04 . 2007-12-29 21:04 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-12-29 21:04 . 2007-12-29 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-29 21:04 . 2007-12-29 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2007-12-29 20:47 . 2007-12-29 21:02 <REP> d-------- C:\Program Files\BoontyGames
2007-12-29 20:46 . 2007-12-29 21:11 <REP> d-------- C:\Program Files\Boonty
2007-12-28 10:51 . 2007-02-28 17:02 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-12-28 10:51 . 2007-02-28 17:02 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-28 10:51 . 2007-02-28 17:02 2,059,648 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-12-28 10:51 . 2007-02-28 17:02 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-12-27 12:49 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 12:42 . 2007-12-27 12:42 268 --ah----- C:\sqmdata13.sqm
2007-12-27 12:42 . 2007-12-27 12:42 244 --ah----- C:\sqmnoopt13.sqm
2007-12-26 20:33 . 2007-12-26 20:14 17,592 --a------ C:\WINDOWS\kjgtiv.exe
2007-12-26 20:33 . 2007-12-26 20:14 16,276 --a------ C:\WINDOWS\nhzrxu.exe
2007-12-26 20:23 . 2007-12-26 20:23 <REP> d-------- C:\Program Files\Alwil Software
2007-12-26 20:23 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-26 20:23 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-26 20:23 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-26 20:23 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-26 20:23 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-26 20:23 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-26 20:23 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-26 20:23 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-26 20:14 . 2007-12-26 20:14 52,529 --a------ C:\WINDOWS\system32\k113562429817.exe
2007-12-26 20:14 . 2007-12-26 20:14 42,801 --a------ C:\WINDOWS\system32\k113562429111.exe
2007-12-26 20:14 . 2007-12-26 20:14 28,672 --a------ C:\WINDOWS\system32\jefmoj.dll
2007-12-26 20:14 . 2007-12-26 20:14 28,160 --a------ C:\WINDOWS\system32\gbuadg.dll
2007-12-26 20:10 . 2005-12-26 20:05 17,592 --a------ C:\WINDOWS\aszcei.exe
2007-12-26 20:10 . 2005-12-26 20:04 16,276 --a------ C:\WINDOWS\iobuwe.exe
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(5).EXE
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(4).EXE
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(3).EXE
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(2).EXE
2007-12-26 19:56 . 2007-12-26 19:56 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-26 19:56 . 2007-12-26 19:56 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-26 19:55 . 2007-12-22 11:47 348,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-26 19:55 . 2007-12-22 11:47 23,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-26 19:55 . 2007-12-22 11:47 5,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 19:55 . 2007-12-22 11:47 3,260 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-26 19:46 . 2007-12-26 19:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-26 15:25 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-26 15:19 . 2007-12-26 15:19 268 --ah----- C:\sqmdata12.sqm
2007-12-26 15:19 . 2007-12-26 15:19 268 --ah----- C:\sqmdata11.sqm
2007-12-26 15:19 . 2007-12-26 15:19 268 --ah----- C:\sqmdata10.sqm
2007-12-26 15:19 . 2007-12-26 15:19 244 --ah----- C:\sqmnoopt12.sqm
2007-12-26 15:19 . 2007-12-26 15:19 244 --ah----- C:\sqmnoopt11.sqm
2007-12-26 15:19 . 2007-12-26 15:19 244 --ah----- C:\sqmnoopt10.sqm
2007-12-26 15:18 . 2007-12-22 15:57 26,624 --a------ C:\WINDOWS\system32\PTSShell.dll
2007-12-26 15:18 . 2007-12-26 15:18 268 --ah----- C:\sqmdata09.sqm
2007-12-26 15:18 . 2007-12-26 15:18 268 --ah----- C:\sqmdata08.sqm
2007-12-26 15:18 . 2007-12-26 15:18 244 --ah----- C:\sqmnoopt09.sqm
2007-12-26 15:18 . 2007-12-26 15:18 244 --ah----- C:\sqmnoopt08.sqm
2007-12-26 15:17 . 2007-12-26 20:33 127,488 --a------ C:\WINDOWS\system32\SSLDyn.dll
2007-12-26 15:17 . 2007-12-22 15:57 26,624 --a------ C:\WINDOWS\system32\LotusHlp.dll
2007-12-26 15:17 . 2007-12-22 15:57 26,112 --a------ C:\WINDOWS\system32\NAVMon32.dll
2007-12-26 15:17 . 2007-12-26 15:17 268 --ah----- C:\sqmdata07.sqm
2007-12-26 15:17 . 2007-12-26 15:17 268 --ah----- C:\sqmdata06.sqm
2007-12-26 15:17 . 2007-12-26 15:17 268 --ah----- C:\sqmdata05.sqm
2007-12-26 15:17 . 2007-12-26 15:17 244 --ah----- C:\sqmnoopt07.sqm
2007-12-26 15:17 . 2007-12-26 15:17 244 --ah----- C:\sqmnoopt06.sqm
2007-12-26 15:17 . 2007-12-26 15:17 244 --ah----- C:\sqmnoopt05.sqm
2007-12-26 15:15 . 2007-12-26 15:15 268 --ah----- C:\sqmdata04.sqm
2007-12-26 15:15 . 2007-12-26 15:15 268 --ah----- C:\sqmdata03.sqm
2007-12-26 15:15 . 2007-12-26 15:15 268 --ah----- C:\sqmdata02.sqm
2007-12-26 15:15 . 2007-12-26 15:15 244 --ah----- C:\sqmnoopt04.sqm
2007-12-26 15:15 . 2007-12-26 15:15 244 --ah----- C:\sqmnoopt03.sqm
2007-12-26 15:15 . 2007-12-26 15:15 244 --ah----- C:\sqmnoopt02.sqm
2007-12-26 15:14 . 2007-12-26 15:14 268 --ah----- C:\sqmdata01.sqm
2007-12-26 15:14 . 2007-12-26 15:14 244 --ah----- C:\sqmnoopt01.sqm
2007-12-26 15:09 . 2007-12-26 17:03 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-22 21:28 . 2007-12-26 15:18 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-22 21:28 . 2007-12-24 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-22 15:57 . 2007-12-22 15:57 8,192 --a------ C:\WINDOWS\system32\REGKEY.hiv
2007-12-22 15:54 . 2007-12-22 11:51 17,560 --a------ C:\WINDOWS\icozmw.exe
2007-12-22 15:54 . 2007-12-22 11:52 16,503 --a------ C:\WINDOWS\cthoql.exe
2007-12-22 15:54 . 2007-12-22 11:52 16,080 --a------ C:\WINDOWS\fzpwou.exe
2007-12-22 15:54 . 2007-12-22 11:51 15,297 --a------ C:\WINDOWS\hnzmpa.exe
2007-12-22 15:49 . 2007-12-22 15:49 68 --a------ C:\WINDOWS\system32\c0f
2007-12-22 15:19 . 2007-12-22 15:19 68 --a------ C:\WINDOWS\system32\99b
2007-12-22 14:49 . 2007-12-22 14:49 68 --a------ C:\WINDOWS\system32\86b
2007-12-22 14:19 . 2007-12-22 14:19 68 --a------ C:\WINDOWS\system32\799b
2007-12-22 13:18 . 2007-12-22 13:18 23,360 --a------ C:\WINDOWS\system32\LYLOADMR.EXE
2007-12-22 12:48 . 2007-12-22 15:54 1 --a------ C:\WINDOWS\plifrzfzuwee.tj
2007-12-22 12:07 . 2007-12-22 12:07 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2007-12-22 11:55 . 2007-12-22 14:55 72 --a------ C:\WINDOWS\system32\cflInfo.nt
2007-12-22 11:48 . 2007-12-22 10:49 17,560 --a------ C:\WINDOWS\agnnfh.exe
2007-12-22 11:48 . 2007-12-22 10:49 16,503 --a------ C:\WINDOWS\dpzigv.exe
2007-12-22 11:48 . 2007-12-22 10:49 16,080 --a------ C:\WINDOWS\fhzdkr.exe
2007-12-22 11:48 . 2007-12-22 10:49 15,297 --a------ C:\WINDOWS\xzzkqq.exe
2007-12-22 10:49 . 2007-12-22 10:49 127,488 --a------ C:\WINDOWS\system32\dwkejy.dll
2007-12-22 10:49 . 2007-12-22 10:49 28,160 --a------ C:\WINDOWS\system32\ekeqat.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 08:12 53,248 ----a-r C:\WINDOWS\30b1.exe
2007-12-27 23:49 --------- d-----w C:\Program Files\Shareaza
2007-12-27 11:49 --------- d-----w C:\Program Files\Java
2007-12-27 11:47 --------- d-----w C:\Program Files\AlienGUIse
2007-12-26 18:54 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-26 18:51 --------- d-----w C:\Program Files\Symantec
2007-12-26 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-26 13:25 --------- d-----w C:\Program Files\Google
2007-12-22 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-22 20:28 --------- d-----w C:\Program Files\Windows Live
2007-12-22 15:25 --------- d-----w C:\Program Files\RamBoost XP
2007-12-22 14:58 52,605 --sha-w C:\WINDOWS\533931MM.DLL
2007-12-22 14:58 44,337 ----a-w C:\WINDOWS\533931WL.DLL
2007-12-22 10:49 --------- d-----w C:\Program Files\Everest Poker
2007-12-22 10:15 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-15 11:19 --------- d-----w C:\Program Files\Stajelof
2007-12-13 18:09 --------- d-----w C:\Program Files\DivX
2007-12-03 10:32 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-26 09:54 --------- d-----w C:\Program Files\eMule
2007-11-23 20:54 --------- d-----w C:\Program Files\Internet Download Manager
2007-11-19 10:40 --------- d-----w C:\Program Files\ToniArts
2007-11-18 16:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-11-18 16:14 --------- d-----w C:\Program Files\LightScribe
2007-11-18 16:14 --------- d-----w C:\Program Files\Ahead
2007-11-18 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-17 11:56 --------- d-----w C:\Program Files\Fichiers communs\Nero
2007-11-17 11:54 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-15 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2007-11-15 13:09 --------- d-----w C:\Program Files\Zeallsoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 19:52 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-11-04 10:01 --------- d-----w C:\Program Files\Guitar Pro 5
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-17 11:24 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe
2007-10-02 17:42 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-02 17:42 290,816 ------w C:\WINDOWS\Setup1.exe
2005-12-30 18:14 249,344 --sh--w C:\WINDOWS\system32\E029E\ctfmon.exe
2005-12-30 20:15 44,032 --sh--w C:\WINDOWS\system32\E029E\svchost.exe
.
((((((((((((((((((((((((((((( snapshot@2005-12-21_21.47.05.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-12-21 20:49:42 15,297 ----a-w C:\WINDOWS\cubgaq.exe
+ 2007-12-28 09:52:44 65,536 ----a-r C:\WINDOWS\Downloaded Program Files\ib1ny4.dll
+ 2007-12-28 09:52:44 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\kqb.dll
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\22-12-2007\ERDNT.EXE
+ 2007-12-22 14:47:29 1,597,440 ----a-w C:\WINDOWS\erdnt\22-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-22 14:47:29 147,456 ----a-w C:\WINDOWS\erdnt\22-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-22\ERDNT.EXE
+ 2007-12-22 15:25:46 1,597,440 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-22\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-22 15:25:47 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-22\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\22-12-2007\ERDNT.EXE
+ 2007-12-22 14:54:34 1,597,440 ----a-w C:\WINDOWS\erdnt\AutoBackup\22-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-22 14:54:35 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\22-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-12-21 20:50:01 16,503 ----a-w C:\WINDOWS\soytbe.exe
+ 2005-12-21 20:49:49 16,080 ----a-w C:\WINDOWS\sxgeiq.exe
+ 2005-12-21 20:50:10 26,624 ----a-w C:\WINDOWS\system32\bvphsd.dll
- 2005-12-21 20:46:23 49,152 ----a-w C:\WINDOWS\system32\EADEC1B6.DLL
+ 2007-12-22 14:54:17 57,344 ----a-w C:\WINDOWS\system32\EADEC1B6.DLL
+ 2005-12-21 20:50:07 28,160 ----a-w C:\WINDOWS\system32\eifgem.dll
+ 2005-12-21 20:50:08 29,537 ----a-w C:\WINDOWS\system32\k113519801111.exe
+ 2005-12-21 20:50:23 52,529 ----a-w C:\WINDOWS\system32\k113519802019.exe
+ 2005-12-21 20:50:03 26,112 ----a-w C:\WINDOWS\system32\meyzlw.dll
+ 2007-12-22 14:57:59 26,112 ----a-w C:\WINDOWS\system32\RegSrv64D.dll
+ 2005-12-21 20:49:59 26,624 ----a-w C:\WINDOWS\system32\reifbj.dll
+ 2007-12-22 09:47:07 518,144 ----a-w C:\WINDOWS\system32\wbem\3648\svchost.exe
+ 2007-12-22 09:47:09 232,448 ----a-w C:\WINDOWS\system32\wbem\rhgjxhvnb.dll
+ 2005-12-21 20:49:57 17,560 ----a-w C:\WINDOWS\ujcjqm.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F776B2A-72DF-40C1-BD69-EDB642A706D7}]
2007-12-22 16:26 208896 ---hs---- C:\WINDOWS\system32\bho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 18:37]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 21:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
R2 YahooSvr;Yahoo Service;C:\WINDOWS\system32\E029E\svchost.exe [2005-12-30 21:15]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S2 sysloader;System Event loader;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe" []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-29 21:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15d0eb40-b647-11dc-b92b-0017310e3252}]
\Shell\Auto\command - K:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 16:25:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-22 16:26:36 - machine was rebooted
C:\ComboFix2.txt ... 2005-12-21 21:47
.
2007-12-29 21:13:00 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 16:29:03, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\E029E\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\WINDOWS\system32\E029E\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe
ComboFix:
ComboFix 07-12-21.4 - Compaq_Propriétaire 2007-12-22 16:21:28.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.570 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Propriétaire\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\533931L.exe
C:\WINDOWS\533931M.exe
C:\WINDOWS\AVPSrv.exE
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\hkxaxt.exe
C:\WINDOWS\kmrawm.exe
C:\WINDOWS\Kvsc3.exE
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\MsIMMs32.exE
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\myjexx.exe
C:\WINDOWS\NAVMon32.exE
C:\WINDOWS\NVDispDRV.EXE
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\RegSrv64D.exE
C:\WINDOWS\sknoya.exe
C:\WINDOWS\SSLDyn.exe
C:\WINDOWS\system32\-66-667675
C:\WINDOWS\system32\[u]0[/u]f27
C:\WINDOWS\system32\7E110700.DLL
C:\WINDOWS\system32\84be4c4b
C:\WINDOWS\system32\907382B0.EXE
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\adurl.ini
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\system32\bkcjkr.dll
C:\WINDOWS\system32\C3F9D354.dat
C:\WINDOWS\system32\C93A88F4.EXE
C:\WINDOWS\system32\d9d1.dll
C:\WINDOWS\system32\didsjb.dll
C:\WINDOWS\system32\DRIVERS\7i6szsbha.sys
C:\WINDOWS\system32\drivers\jrk1zao2.sys
C:\WINDOWS\system32\hewmvo.dll
C:\WINDOWS\system32\ini.~tmp
C:\WINDOWS\system32\k113562371511.exe
C:\WINDOWS\system32\k113562372317.exe
C:\WINDOWS\system32\key.~tmp
C:\WINDOWS\system32\lxncvj.dll
C:\WINDOWS\system32\nlqcuh.dll
C:\WINDOWS\system32\nulpsp.dll
C:\WINDOWS\system32\ofprll.dll
C:\WINDOWS\system32\onpmqw.dll
C:\WINDOWS\system32\qjmgnc.dll
C:\WINDOWS\system32\s1135197983g.dat
C:\WINDOWS\system32\setyahoo.ini
C:\WINDOWS\system32\tcykiz.dll
C:\WINDOWS\system32\tltcke.dll
C:\WINDOWS\system32\ztxvxj.dll
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\WINSvr32.exE
C:\WINDOWS\WSockDrv32.exe
C:\WINDOWS\xbdeui.exe
C:\WINDOWS\xkjfzz.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\auto.exe
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a1637.dat
C:\Documents and Settings\All Users\Application Data.\t\b1637.dat
C:\Documents and Settings\All Users\Application Data.\t\k1637.dat
C:\Documents and Settings\All Users\Application Data.\t\p1637.dat
C:\Documents and Settings\All Users\Application Data.\t\r1637.dat
C:\WINDOWS\731.bmp
C:\WINDOWS\7412183332.dll
C:\WINDOWS\avpsrv.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\fn00321.log
C:\WINDOWS\hkxaxt.exe
C:\WINDOWS\kmrawm.exe
C:\WINDOWS\kvsc3.exe
C:\WINDOWS\LotusHlp.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\msimms32.exe
C:\WINDOWS\MsPrint32D.exe
C:\WINDOWS\myjexx.exe
C:\WINDOWS\NAVMon32.exE
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\PTSShell.exe
C:\WINDOWS\RegSrv64D.exE
C:\WINDOWS\sknoya.exe
C:\WINDOWS\SSLDyn.exe
C:\WINDOWS\system\dvl
C:\WINDOWS\system\lvl
C:\WINDOWS\system32\-66-667675
C:\WINDOWS\system32\[u]0[/u]31.exe
C:\WINDOWS\system32\1d1.dll
C:\WINDOWS\system32\7E110700.DLL
C:\WINDOWS\system32\84be4c4b
C:\WINDOWS\system32\907382B0.EXE
C:\WINDOWS\system32\9dc51.exe
C:\WINDOWS\system32\adurl.ini
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\bho.dll
C:\WINDOWS\system32\bkcjkr.dll
C:\WINDOWS\system32\C3F9D354.dat
C:\WINDOWS\system32\C93A88F4.EXE
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\cwykgz.dll
C:\WINDOWS\system32\d9d1.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\didsjb.dll
C:\WINDOWS\system32\DRIVERS\7i6szsbha.sys
C:\WINDOWS\system32\drivers\jrk1zao2.sys
C:\WINDOWS\system32\drivers\wspmyg93.sys
C:\WINDOWS\system32\hewmvo.dll
C:\WINDOWS\system32\ini.~tmp
C:\WINDOWS\system32\jlutqz.dll
C:\WINDOWS\system32\k113562371511.exe
C:\WINDOWS\system32\k113562372317.exe
C:\WINDOWS\system32\k119831679711.exe
C:\WINDOWS\system32\k119831680719.exe
C:\WINDOWS\system32\k119832052911.exe
C:\WINDOWS\system32\k119832053919.exe
C:\WINDOWS\system32\k119833528711.exe
C:\WINDOWS\system32\k119833529619.exe
C:\WINDOWS\system32\key.~tmp
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\lxncvj.dll
C:\WINDOWS\system32\lyloader.exe
C:\WINDOWS\system32\lymangr.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\MSDEG32.DLL
C:\WINDOWS\system32\msimms32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\nlqcuh.dll
C:\WINDOWS\system32\nulpsp.dll
C:\WINDOWS\system32\nvdispdrv.dll
C:\WINDOWS\system32\ofprll.dll
C:\WINDOWS\system32\onpmqw.dll
C:\WINDOWS\system32\qjmgnc.dll
C:\WINDOWS\system32\setyahoo.ini
C:\WINDOWS\system32\SHQ.DLL
C:\WINDOWS\system32\SHQMANGR.DLL
C:\WINDOWS\system32\tcykiz.dll
C:\WINDOWS\system32\tltcke.dll
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\wspmyg93.dll
C:\WINDOWS\system32\wspmyg93.dllmmc.pkm
C:\WINDOWS\system32\ztxvxj.dll
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\WINSvr32.exE
C:\WINDOWS\WSockDrv32.exe
C:\WINDOWS\xbdeui.exe
C:\WINDOWS\xkjfzz.exe
D:\auto.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_7I6SZSBHA
-------\LEGACY_C3F9D354
-------\LEGACY_EBDF8952
-------\LEGACY_JRK1ZAO2
-------\LEGACY_MS_2FAX
-------\LEGACY_WSPMYG93
-------\7i6szsbha
-------\C3F9D354
-------\EBDF8952
-------\jrk1zao2
-------\ms_2fax
-------\wspmyg93
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))))))))
.
2007-12-30 16:39 . 2007-12-30 16:39 28,160 --a------ C:\WINDOWS\system32\lzkklj.dll
2007-12-30 16:35 . 2007-12-30 13:55 17,560 --a------ C:\WINDOWS\dvdfcd.exe
2007-12-30 16:35 . 2007-12-30 13:55 16,503 --a------ C:\WINDOWS\glovzt.exe
2007-12-30 16:35 . 2007-12-30 13:55 16,080 --a------ C:\WINDOWS\ivfggi.exe
2007-12-30 16:35 . 2007-12-30 13:55 15,297 --a------ C:\WINDOWS\izbwig.exe
2007-12-30 13:55 . 2007-12-22 15:57 127,488 --a------ C:\WINDOWS\system32\WSockDrv32.dll
2007-12-30 13:55 . 2007-12-22 15:58 28,160 --a------ C:\WINDOWS\system32\WINSvr32.dll
2007-12-30 13:11 . 2007-12-30 13:55 <REP> d-------- C:\Program Files\Panda Antivirus 2008
2007-12-29 22:02 . 2007-12-29 22:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2007-12-29 21:04 . 2007-12-29 21:04 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-12-29 21:04 . 2007-12-29 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-29 21:04 . 2007-12-29 21:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2007-12-29 20:47 . 2007-12-29 21:02 <REP> d-------- C:\Program Files\BoontyGames
2007-12-29 20:46 . 2007-12-29 21:11 <REP> d-------- C:\Program Files\Boonty
2007-12-28 10:51 . 2007-02-28 17:02 2,182,400 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-12-28 10:51 . 2007-02-28 17:02 2,138,112 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-12-28 10:51 . 2007-02-28 17:02 2,059,648 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-12-28 10:51 . 2007-02-28 17:02 2,017,792 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-12-27 12:49 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-27 12:42 . 2007-12-27 12:42 268 --ah----- C:\sqmdata13.sqm
2007-12-27 12:42 . 2007-12-27 12:42 244 --ah----- C:\sqmnoopt13.sqm
2007-12-26 20:33 . 2007-12-26 20:14 17,592 --a------ C:\WINDOWS\kjgtiv.exe
2007-12-26 20:33 . 2007-12-26 20:14 16,276 --a------ C:\WINDOWS\nhzrxu.exe
2007-12-26 20:23 . 2007-12-26 20:23 <REP> d-------- C:\Program Files\Alwil Software
2007-12-26 20:23 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-26 20:23 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-26 20:23 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-26 20:23 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-26 20:23 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-26 20:23 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-26 20:23 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-26 20:23 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-26 20:14 . 2007-12-26 20:14 52,529 --a------ C:\WINDOWS\system32\k113562429817.exe
2007-12-26 20:14 . 2007-12-26 20:14 42,801 --a------ C:\WINDOWS\system32\k113562429111.exe
2007-12-26 20:14 . 2007-12-26 20:14 28,672 --a------ C:\WINDOWS\system32\jefmoj.dll
2007-12-26 20:14 . 2007-12-26 20:14 28,160 --a------ C:\WINDOWS\system32\gbuadg.dll
2007-12-26 20:10 . 2005-12-26 20:05 17,592 --a------ C:\WINDOWS\aszcei.exe
2007-12-26 20:10 . 2005-12-26 20:04 16,276 --a------ C:\WINDOWS\iobuwe.exe
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(5).EXE
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(4).EXE
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(3).EXE
2007-12-26 20:10 . 2007-12-26 20:14 11,872 --a------ C:\WINDOWS\system32\LYLOADER(2).EXE
2007-12-26 19:56 . 2007-12-26 19:56 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-26 19:56 . 2007-12-26 19:56 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-26 19:55 . 2007-12-22 11:47 348,192 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-26 19:55 . 2007-12-22 11:47 23,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-26 19:55 . 2007-12-22 11:47 5,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 19:55 . 2007-12-22 11:47 3,260 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-26 19:46 . 2007-12-26 19:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-26 15:25 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-26 15:19 . 2007-12-26 15:19 268 --ah----- C:\sqmdata12.sqm
2007-12-26 15:19 . 2007-12-26 15:19 268 --ah----- C:\sqmdata11.sqm
2007-12-26 15:19 . 2007-12-26 15:19 268 --ah----- C:\sqmdata10.sqm
2007-12-26 15:19 . 2007-12-26 15:19 244 --ah----- C:\sqmnoopt12.sqm
2007-12-26 15:19 . 2007-12-26 15:19 244 --ah----- C:\sqmnoopt11.sqm
2007-12-26 15:19 . 2007-12-26 15:19 244 --ah----- C:\sqmnoopt10.sqm
2007-12-26 15:18 . 2007-12-22 15:57 26,624 --a------ C:\WINDOWS\system32\PTSShell.dll
2007-12-26 15:18 . 2007-12-26 15:18 268 --ah----- C:\sqmdata09.sqm
2007-12-26 15:18 . 2007-12-26 15:18 268 --ah----- C:\sqmdata08.sqm
2007-12-26 15:18 . 2007-12-26 15:18 244 --ah----- C:\sqmnoopt09.sqm
2007-12-26 15:18 . 2007-12-26 15:18 244 --ah----- C:\sqmnoopt08.sqm
2007-12-26 15:17 . 2007-12-26 20:33 127,488 --a------ C:\WINDOWS\system32\SSLDyn.dll
2007-12-26 15:17 . 2007-12-22 15:57 26,624 --a------ C:\WINDOWS\system32\LotusHlp.dll
2007-12-26 15:17 . 2007-12-22 15:57 26,112 --a------ C:\WINDOWS\system32\NAVMon32.dll
2007-12-26 15:17 . 2007-12-26 15:17 268 --ah----- C:\sqmdata07.sqm
2007-12-26 15:17 . 2007-12-26 15:17 268 --ah----- C:\sqmdata06.sqm
2007-12-26 15:17 . 2007-12-26 15:17 268 --ah----- C:\sqmdata05.sqm
2007-12-26 15:17 . 2007-12-26 15:17 244 --ah----- C:\sqmnoopt07.sqm
2007-12-26 15:17 . 2007-12-26 15:17 244 --ah----- C:\sqmnoopt06.sqm
2007-12-26 15:17 . 2007-12-26 15:17 244 --ah----- C:\sqmnoopt05.sqm
2007-12-26 15:15 . 2007-12-26 15:15 268 --ah----- C:\sqmdata04.sqm
2007-12-26 15:15 . 2007-12-26 15:15 268 --ah----- C:\sqmdata03.sqm
2007-12-26 15:15 . 2007-12-26 15:15 268 --ah----- C:\sqmdata02.sqm
2007-12-26 15:15 . 2007-12-26 15:15 244 --ah----- C:\sqmnoopt04.sqm
2007-12-26 15:15 . 2007-12-26 15:15 244 --ah----- C:\sqmnoopt03.sqm
2007-12-26 15:15 . 2007-12-26 15:15 244 --ah----- C:\sqmnoopt02.sqm
2007-12-26 15:14 . 2007-12-26 15:14 268 --ah----- C:\sqmdata01.sqm
2007-12-26 15:14 . 2007-12-26 15:14 244 --ah----- C:\sqmnoopt01.sqm
2007-12-26 15:09 . 2007-12-26 17:03 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-22 21:28 . 2007-12-26 15:18 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-12-22 21:28 . 2007-12-24 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-22 15:57 . 2007-12-22 15:57 8,192 --a------ C:\WINDOWS\system32\REGKEY.hiv
2007-12-22 15:54 . 2007-12-22 11:51 17,560 --a------ C:\WINDOWS\icozmw.exe
2007-12-22 15:54 . 2007-12-22 11:52 16,503 --a------ C:\WINDOWS\cthoql.exe
2007-12-22 15:54 . 2007-12-22 11:52 16,080 --a------ C:\WINDOWS\fzpwou.exe
2007-12-22 15:54 . 2007-12-22 11:51 15,297 --a------ C:\WINDOWS\hnzmpa.exe
2007-12-22 15:49 . 2007-12-22 15:49 68 --a------ C:\WINDOWS\system32\c0f
2007-12-22 15:19 . 2007-12-22 15:19 68 --a------ C:\WINDOWS\system32\99b
2007-12-22 14:49 . 2007-12-22 14:49 68 --a------ C:\WINDOWS\system32\86b
2007-12-22 14:19 . 2007-12-22 14:19 68 --a------ C:\WINDOWS\system32\799b
2007-12-22 13:18 . 2007-12-22 13:18 23,360 --a------ C:\WINDOWS\system32\LYLOADMR.EXE
2007-12-22 12:48 . 2007-12-22 15:54 1 --a------ C:\WINDOWS\plifrzfzuwee.tj
2007-12-22 12:07 . 2007-12-22 12:07 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2007-12-22 11:55 . 2007-12-22 14:55 72 --a------ C:\WINDOWS\system32\cflInfo.nt
2007-12-22 11:48 . 2007-12-22 10:49 17,560 --a------ C:\WINDOWS\agnnfh.exe
2007-12-22 11:48 . 2007-12-22 10:49 16,503 --a------ C:\WINDOWS\dpzigv.exe
2007-12-22 11:48 . 2007-12-22 10:49 16,080 --a------ C:\WINDOWS\fhzdkr.exe
2007-12-22 11:48 . 2007-12-22 10:49 15,297 --a------ C:\WINDOWS\xzzkqq.exe
2007-12-22 10:49 . 2007-12-22 10:49 127,488 --a------ C:\WINDOWS\system32\dwkejy.dll
2007-12-22 10:49 . 2007-12-22 10:49 28,160 --a------ C:\WINDOWS\system32\ekeqat.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 08:12 53,248 ----a-r C:\WINDOWS\30b1.exe
2007-12-27 23:49 --------- d-----w C:\Program Files\Shareaza
2007-12-27 11:49 --------- d-----w C:\Program Files\Java
2007-12-27 11:47 --------- d-----w C:\Program Files\AlienGUIse
2007-12-26 18:54 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-26 18:51 --------- d-----w C:\Program Files\Symantec
2007-12-26 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-26 13:25 --------- d-----w C:\Program Files\Google
2007-12-22 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-22 20:28 --------- d-----w C:\Program Files\Windows Live
2007-12-22 15:25 --------- d-----w C:\Program Files\RamBoost XP
2007-12-22 14:58 52,605 --sha-w C:\WINDOWS\533931MM.DLL
2007-12-22 14:58 44,337 ----a-w C:\WINDOWS\533931WL.DLL
2007-12-22 10:49 --------- d-----w C:\Program Files\Everest Poker
2007-12-22 10:15 --------- d-----w C:\Program Files\Kaspersky Lab
2007-12-15 11:19 --------- d-----w C:\Program Files\Stajelof
2007-12-13 18:09 --------- d-----w C:\Program Files\DivX
2007-12-03 10:32 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-26 09:54 --------- d-----w C:\Program Files\eMule
2007-11-23 20:54 --------- d-----w C:\Program Files\Internet Download Manager
2007-11-19 10:40 --------- d-----w C:\Program Files\ToniArts
2007-11-18 16:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-11-18 16:14 --------- d-----w C:\Program Files\LightScribe
2007-11-18 16:14 --------- d-----w C:\Program Files\Ahead
2007-11-18 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-17 11:56 --------- d-----w C:\Program Files\Fichiers communs\Nero
2007-11-17 11:54 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-15 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2007-11-15 13:09 --------- d-----w C:\Program Files\Zeallsoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 19:52 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-11-04 10:01 --------- d-----w C:\Program Files\Guitar Pro 5
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-17 11:24 2,526,800 ----a-w C:\WINDOWS\Install_B4Playing.exe
2007-10-02 17:42 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-02 17:42 290,816 ------w C:\WINDOWS\Setup1.exe
2005-12-30 18:14 249,344 --sh--w C:\WINDOWS\system32\E029E\ctfmon.exe
2005-12-30 20:15 44,032 --sh--w C:\WINDOWS\system32\E029E\svchost.exe
.
((((((((((((((((((((((((((((( snapshot@2005-12-21_21.47.05.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-12-21 20:49:42 15,297 ----a-w C:\WINDOWS\cubgaq.exe
+ 2007-12-28 09:52:44 65,536 ----a-r C:\WINDOWS\Downloaded Program Files\ib1ny4.dll
+ 2007-12-28 09:52:44 49,152 ----a-r C:\WINDOWS\Downloaded Program Files\kqb.dll
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\22-12-2007\ERDNT.EXE
+ 2007-12-22 14:47:29 1,597,440 ----a-w C:\WINDOWS\erdnt\22-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-22 14:47:29 147,456 ----a-w C:\WINDOWS\erdnt\22-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-22\ERDNT.EXE
+ 2007-12-22 15:25:46 1,597,440 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-22\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-22 15:25:47 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-22\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-10-20 11:02:28 163,328 ----a-w C:\WINDOWS\erdnt\AutoBackup\22-12-2007\ERDNT.EXE
+ 2007-12-22 14:54:34 1,597,440 ----a-w C:\WINDOWS\erdnt\AutoBackup\22-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-22 14:54:35 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\22-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-12-21 20:50:01 16,503 ----a-w C:\WINDOWS\soytbe.exe
+ 2005-12-21 20:49:49 16,080 ----a-w C:\WINDOWS\sxgeiq.exe
+ 2005-12-21 20:50:10 26,624 ----a-w C:\WINDOWS\system32\bvphsd.dll
- 2005-12-21 20:46:23 49,152 ----a-w C:\WINDOWS\system32\EADEC1B6.DLL
+ 2007-12-22 14:54:17 57,344 ----a-w C:\WINDOWS\system32\EADEC1B6.DLL
+ 2005-12-21 20:50:07 28,160 ----a-w C:\WINDOWS\system32\eifgem.dll
+ 2005-12-21 20:50:08 29,537 ----a-w C:\WINDOWS\system32\k113519801111.exe
+ 2005-12-21 20:50:23 52,529 ----a-w C:\WINDOWS\system32\k113519802019.exe
+ 2005-12-21 20:50:03 26,112 ----a-w C:\WINDOWS\system32\meyzlw.dll
+ 2007-12-22 14:57:59 26,112 ----a-w C:\WINDOWS\system32\RegSrv64D.dll
+ 2005-12-21 20:49:59 26,624 ----a-w C:\WINDOWS\system32\reifbj.dll
+ 2007-12-22 09:47:07 518,144 ----a-w C:\WINDOWS\system32\wbem\3648\svchost.exe
+ 2007-12-22 09:47:09 232,448 ----a-w C:\WINDOWS\system32\wbem\rhgjxhvnb.dll
+ 2005-12-21 20:49:57 17,560 ----a-w C:\WINDOWS\ujcjqm.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F776B2A-72DF-40C1-BD69-EDB642A706D7}]
2007-12-22 16:26 208896 ---hs---- C:\WINDOWS\system32\bho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 18:37]
"RamBoostXp"="C:\Program Files\RamBoost XP\rambxpfr.exe" [2004-03-09 21:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 01:29]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
R2 YahooSvr;Yahoo Service;C:\WINDOWS\system32\E029E\svchost.exe [2005-12-30 21:15]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S2 sysloader;System Event loader;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe" []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-12-29 21:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15d0eb40-b647-11dc-b92b-0017310e3252}]
\Shell\Auto\command - K:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 16:25:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-22 16:26:36 - machine was rebooted
C:\ComboFix2.txt ... 2005-12-21 21:47
.
2007-12-29 21:13:00 --- E O F ---
petite question
as tu la bonne date sur ton pc ? les rapports ont des dates un peu bizarres je trouve
nstalle Antivir : https://www.malekal.com/avira-free-security-antivirus-gratuit/
Pour t'aider tu peux suivre ce lien : http://forum.malekal.com/ftopic4192.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
poste le rapport ici ensuite
et
* Télécharge clean.zip de Malekal (merci Malekal).
http://www.malekal.com/download/clean.zip
* Dézippe-le sur le bureau.
* Ouvre le dossier jaune nommé clean sur ton bureau.
* Double-clique sur clean.cmd
* Choisis l'option 1 et copie sur le bureau le rapport généré. Il doit normalement aussi se trouver là : c:\rapport_clean.txt
* Clique sur Q pour quitter le programme.
as tu la bonne date sur ton pc ? les rapports ont des dates un peu bizarres je trouve
nstalle Antivir : https://www.malekal.com/avira-free-security-antivirus-gratuit/
Pour t'aider tu peux suivre ce lien : http://forum.malekal.com/ftopic4192.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
poste le rapport ici ensuite
et
* Télécharge clean.zip de Malekal (merci Malekal).
http://www.malekal.com/download/clean.zip
* Dézippe-le sur le bureau.
* Ouvre le dossier jaune nommé clean sur ton bureau.
* Double-clique sur clean.cmd
* Choisis l'option 1 et copie sur le bureau le rapport généré. Il doit normalement aussi se trouver là : c:\rapport_clean.txt
* Clique sur Q pour quitter le programme.
Oui j'ai la bonne date sur mon pc, oui c'est vrais que a un moment de la semaine la date été regler sur decembre 2005, mais cette datte revenais a chaque fois que je la regler, et je comprend toujours pas pourquoi, j'ai remarquer ca du a l'echec de conexion de msn...
mais la date n'est tjs pas bonne puisque certains rapport marquent 22/12/20007
peut être la pile à changer
peut être la pile à changer
AntiVir PersonalEdition Classic
Report file date: lundi 31 décembre 2007 17:09
Scanning for 996949 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Compaq_Propriétaire
Computer name: NOM-EB85C523610
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:59:48
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 15:59:48
ANTIVIR3.VDF : 7.0.1.181 36352 Bytes 31/12/2007 15:59:48
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 31/12/2007 15:59:49
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 31/12/2007 15:59:49
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 31 décembre 2007 17:09
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Windows\rayio.exe
[DETECTION] Is the Trojan horse TR/WinButler.2
[INFO] The file was moved to '47f215bc.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\cs0619[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47a91f7e.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\jr[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47d41f7f.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\qqhx[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47e11f80.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\wd0618[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47a91f74.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\wl0618[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47a91f7c.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\dh3[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47ac1f9b.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\e47e57844ef30ab4[1].exe
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47b01f68.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\jh0619[1].exe
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47a91f9d.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\qj0617[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjo
[INFO] The file was moved to '47a91fa1.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\qqsg[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47ec1fa8.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\rm6_stat[1].js
[DETECTION] Contains detection pattern of the Java script virus JS/Spy.Agent.A
[INFO] The file was moved to '47af1fa4.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\wow0617[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47f01fa8.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\zt0616[1].exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47a91fad.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\cq0619[1].exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47a91fae.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\dh0616[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47a91fa5.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\huaxia[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47da1fb4.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\jt[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47d41fb4.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\zy[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47d41fbb.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TMZ0AQ0J\mh0618[1].exe
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47a91faf.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TMZ0AQ0J\my0616[1].exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47a91fc0.qua'!
C:\Program Files\HijackThis\backups\backup-20071222-161701-264.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fgh
[INFO] The file was moved to '47dc294a.qua'!
C:\qoobox\Quarantine\catchme2007-12-22_162529.17.zip
[0] Archive type: ZIP
--> wspmyg93.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 7i6szsbha.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47ed3826.qua'!
C:\qoobox\Quarantine\C\auto.exe.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47ed383b.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEM\finder.dll.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47e73830.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEM.vir\sysloader.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47ec3841.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_3103.dll.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47db382e.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\CPUSH\cpush.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.258560
[INFO] The file was moved to '47ee383a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\AVPSrv.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjr.2
[INFO] The file was moved to '47c93821.qua'!
C:\qoobox\Quarantine\C\WINDOWS\cmdbcs.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47dd3839.qua'!
C:\qoobox\Quarantine\C\WINDOWS\DbgHlp32.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47e0382e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\hkxaxt.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47f13837.qua'!
C:\qoobox\Quarantine\C\WINDOWS\kmrawm.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47eb383a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\Kvsc3.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjo
[INFO] The file was moved to '47ec3844.qua'!
C:\qoobox\Quarantine\C\WINDOWS\LotusHlp.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47ed383d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\mppds.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47e9383e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\msccrt.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47dc3842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\MsIMMs32.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47c23842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\MsPrint32D.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47c93842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\myjexx.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e33849.qua'!
C:\qoobox\Quarantine\C\WINDOWS\NAVMon32.exE.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47cf3811.qua'!
C:\qoobox\Quarantine\C\WINDOWS\NVDispDRV.EXE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47bd3826.qua'!
C:\qoobox\Quarantine\C\WINDOWS\PTSShell.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47cc3825.qua'!
C:\qoobox\Quarantine\C\WINDOWS\RegSrv64D.exE.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e03836.qua'!
C:\qoobox\Quarantine\C\WINDOWS\sknoya.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e7383d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SSLDyn.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c53825.qua'!
C:\qoobox\Quarantine\C\WINDOWS\tempaq.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cpk.1
[INFO] The file was moved to '47e63838.qua'!
C:\qoobox\Quarantine\C\WINDOWS\upxdnd.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47f13843.qua'!
C:\qoobox\Quarantine\C\WINDOWS\WINSvr32.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47c7381c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\WSockDrv32.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47e83827.qua'!
C:\qoobox\Quarantine\C\WINDOWS\xbdeui.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47dd3836.qua'!
C:\qoobox\Quarantine\C\WINDOWS\xkjfzz.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e33840.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\7E110700.DLL.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47aa381b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\907382B0.EXE.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47b03806.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\AVPSrv.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjr.2
[INFO] The file was moved to '47c9382d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bho.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fgh
[INFO] The file was moved to '47e8383f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bkcjkr.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '465c3cd3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\C93A88F4.EXE.vir
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47ac3811.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cmdbcs.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47dd3845.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cwykgz.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f23850.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\DbgHlp32.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47e0383b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\didsjb.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47dd3842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dodolook591.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.1805
[INFO] The file was moved to '47dd3849.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hewmvo.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lxt.1
[INFO] The file was moved to '47f0383f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jlutqz.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ee3847.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k113562371511.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa380c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k113562372317.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa380d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119831679711.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c9e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119831680719.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa380e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119832052911.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c9f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119832053919.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa380f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119833528711.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c80.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119833529619.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa3811.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119867845211.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3810.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119867846017.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '462a3c81.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11989586167.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '462a3c82.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119895862817.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa3813.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11989628852.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c84.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11989628939.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3812.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990132893.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3815.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901330516.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3814.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990137643.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c86.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990137719.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3816.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901378016.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c87.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901378117.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3817.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990181213.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c88.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990181256.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3818.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990181299.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c89.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901814119.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa381a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901913611.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c8b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901914619.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa381c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119902897311.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c8c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119902898319.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '462a3c8d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjo
[INFO] The file was moved to '47ec3861.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lxncvj.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e73863.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\LYLOADER.EXE.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c53844.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\LYMANGR.DLL.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c63845.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mppds.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47e9385c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\msccrt.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47dc385f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\MSDEG32.DLL.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
[INFO] The file was moved to '47bd3840.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\MsIMMs32.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47c23860.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\MsPrint32D.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47c93860.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nlqcuh.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mdx.2
[INFO] The file was moved to '47ea385a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nulpsp.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e53863.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\NVDispDrv.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47bd3845.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ofprll.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.27648.25
[INFO] The file was moved to '47e93855.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\onpmqw.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e9385d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qjmgnc.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '47e6385a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\SHQ.DLL.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ca3838.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\svchost.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47dc3866.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tcykiz.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lkt.3
[INFO] The file was moved to '47f23854.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tltcke.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47ed385d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\upxdnd.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47f13861.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vljula.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e3385e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wspmyg93.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47e93865.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ztxvxj.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47f13866.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\acpidisk.sys.vir
[DETECTION] Contains detection pattern of the rootkit RKIT/Cinmus.M
[INFO] The file was moved to '47e93856.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\jrk1zao2.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e43866.qua'!
C:\qoobox\Quarantine\D\auto.exe.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47ed3869.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19378.url
[DETECTION] Is the Trojan horse TR/Farfli.A.6
[INFO] The file was moved to '47aa3929.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19391.exe
[DETECTION] Contains detection pattern of the dropper DR/YokBar.N.14
[INFO] The file was moved to '47aa3937.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19392
[DETECTION] Contains detection pattern of the dropper DR/Agent.bff
[INFO] The file was moved to '47aa3938.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19402
[DETECTION] Is the Trojan horse TR/SearchScope.A
[INFO] The file was moved to '47aa393b.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19441
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3945.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19444.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.1805
[INFO] The file was moved to '47aa3946.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19684.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa3967.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19685.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6ca90.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19751.DLL
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47aa396e.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19766.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3970.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19767.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3971.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19768.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3972.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20414.exe
[DETECTION] Is the Trojan horse TR/PSW.29696.7
[INFO] The file was moved to '47ab39b5.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20415.exe
[DETECTION] Is the Trojan horse TR/PSW.29696.7
[INFO] The file was moved to '47ab39b6.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20428.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '47ab39b7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20429.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '47ab39b8.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20430.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '46d7ca41.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20442.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47ab39ba.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20443.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '46d7ca43.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20452.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47ab39bd.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20453.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47ab39be.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20454.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '46d7ca47.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20465.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '47ab39c1.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20466.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '47ab39c2.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20468.exe
[DETECTION] Is the Trojan horse TR/PSW.28160.32
[INFO] The file was moved to '47ab39c3.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20469.exe
[DETECTION] Is the Trojan horse TR/PSW.28160.32
[INFO] The file was moved to '47ab39c4.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20480.exe
[DETECTION] Is the Trojan horse TR/PSW.27648.25
[INFO] The file was moved to '47ab39c6.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20481.exe
[DETECTION] Is the Trojan horse TR/PSW.27648.25
[INFO] The file was moved to '46d7ca3f.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20485.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lkt.3
[INFO] The file was moved to '47ab39c7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20495.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47ab39c9.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20496.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47ab39ca.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20497.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47ab39cb.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20503.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39cd.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20505.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39ce.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20508.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39cf.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20512.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39d2.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20513.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39d4.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20524.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47ab39d6.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20525.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47ab39d7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20527.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mch.1
[INFO] The file was moved to '47ab39d9.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20528.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mch.1
[INFO] The file was moved to '46d7ca22.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20529.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mch.1
[INFO] The file was moved to '47ab39da.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20555.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47ab39dc.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20557.exe
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ab39dd.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20629.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47ab39e2.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20691.exe
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.47
[INFO] The file was moved to '47ab39e7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20692.exe
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.47
[INFO] The file was moved to '46d7ca10.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20700.exe
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.46
[INFO] The file was moved to '47ab39e8.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20835.EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ab39f1.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc21311.htm
[DETECTION] Is the Trojan horse TR/Exploit.Real.A.1
[INFO] The file was moved to '47ab3a0b.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc21534.DLL
[DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
[INFO] The file was moved to '47ab3a18.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc21554.js
[DETECTION] Contains detection pattern of the Java script virus JS/Spy.Agent.A
[INFO] The file was moved to '47ab3a1a.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc22108.DLL
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ab3a33.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc22717.DLL
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mhc
[INFO] The file was moved to '47ab3a4b.qua'!
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc4\NOD32.SmartSecurity.v3.0.566.0.Final.rar
[0] Archive type: RAR
--> NOD32.SmartSecurity.v3.0.566.0.Final\Addons\NOD32.FiX.v3.0.nsane.exe
[DETECTION] Is the Trojan horse TR/Gendal.551137
[INFO] The file was moved to '47bd3cf5.qua'!
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc4\NOD32.SmartSecurity.v3.0.566.0.Final\Addons\NOD32.FiX.v3.0.nsane.exe
[DETECTION] Is the Trojan horse TR/Gendal.551137
[INFO] The file was moved to '47bd3d03.qua'!
C:\WINDOWS\533931MM.DLL
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47ac3cf4.qua'!
C:\WINDOWS\533931WL.DLL
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ac3cf5.qua'!
C:\WINDOWS\agnnfh.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47e73d29.qua'!
C:\WINDOWS\aszcei.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47f33d36.qua'!
C:\WINDOWS\cthoql.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e13d38.qua'!
C:\WINDOWS\cubgaq.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47db3d39.qua'!
C:\WINDOWS\dpzigv.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f33d35.qua'!
C:\WINDOWS\dvdfcd.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47dd3d3c.qua'!
C:\WINDOWS\fhzdkr.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47f33d2f.qua'!
C:\WINDOWS\fzpwou.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e93d41.qua'!
C:\WINDOWS\glovzt.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e83d34.qua'!
C:\WINDOWS\hnzmpa.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4688d347.qua'!
C:\WINDOWS\icozmw.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47e83d2c.qua'!
C:\WINDOWS\iobuwe.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '46a0d34a.qua'!
C:\WINDOWS\ivfggi.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47df3d42.qua'!
C:\WINDOWS\izbwig.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47db3d46.qua'!
C:\WINDOWS\kjgtiv.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e03d3d.qua'!
C:\WINDOWS\nhzrxu.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47f33d3c.qua'!
C:\WINDOWS\soytbe.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f23d46.qua'!
C:\WINDOWS\sxgeiq.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e03d50.qua'!
C:\WINDOWS\ujcjqm.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47dc3d43.qua'!
C:\WINDOWS\xzzkqq.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47f33d56.qua'!
C:\WINDOWS\system32\78m9854c60.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e64672.qua'!
C:\WINDOWS\system32\bho.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fgh
[INFO] The file was moved to '47e846b0.qua'!
C:\WINDOWS\system32\bvphsd.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47e946c0.qua'!
C:\WINDOWS\system32\cblpsu.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47e546af.qua'!
C:\WINDOWS\system32\ckriqp.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47eb46bf.qua'!
C:\WINDOWS\system32\cwomae.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47e846d4.qua'!
C:\WINDOWS\system32\EADEC1B6.DLL
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47bd46b3.qua'!
C:\WINDOWS\system32\eifgem.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47df46db.qua'!
C:\WINDOWS\system32\ekeqat.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47de46de.qua'!
C:\WINDOWS\system32\ekglve.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47e046de.qua'!
C:\WINDOWS\system32\fbnbma.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47e746d9.qua'!
C:\WINDOWS\system32\gbuadg.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '47ee46de.qua'!
C:\WINDOWS\system32\hcxqto.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47f146e2.qua'!
C:\WINDOWS\system32\jdpald.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47e946f3.qua'!
C:\WINDOWS\system32\jefmoj.dll
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47df46f5.qua'!
C:\WINDOWS\system32\k113519801111.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa46c3.qua'!
C:\WINDOWS\system32\k113519802019.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6b53c.qua'!
C:\WINDOWS\system32\k113562429111.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa46c4.qua'!
C:\WINDOWS\system32\k113562429817.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6b53d.qua'!
C:\WINDOWS\system32\k113597196811.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa46c5.qua'!
C:\WINDOWS\system32\k113597197819.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6b53e.qua'!
C:\WINDOWS\system32\kukqya.dll
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47e4470d.qua'!
C:\WINDOWS\system32\LotusHlp.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47ed470c.qua'!
C:\WINDOWS\system32\LYLOADER(2).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c546f9.qua'!
C:\WINDOWS\system32\LYLOADER(3).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '46b9b502.qua'!
C:\WINDOWS\system32\LYLOADER(4).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c546fb.qua'!
C:\WINDOWS\system32\LYLOADER(5).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c546fa.qua'!
C:\WINDOWS\system32\LYLOADMR.EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '46b9b503.qua'!
C:\WINDOWS\system32\lzkklj.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47e4471c.qua'!
C:\WINDOWS\system32\meyzlw.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f24709.qua'!
C:\WINDOWS\system32\mtmbtg.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47e64737.qua'!
C:\WINDOWS\system32\NAVMon32.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47cf4705.qua'!
C:\WINDOWS\system32\pfigac.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47e2473c.qua'!
C:\WINDOWS\system32\pjchoz.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjr.2
[INFO] The file was moved to '47dc4741.qua'!
C:\WINDOWS\system32\PTSShell.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47cc472f.qua'!
C:\WINDOWS\system32\pvjsej.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e34751.qua'!
C:\WINDOWS\system32\RegSrv64D.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e04749.qua'!
C:\WINDOWS\system32\reifbj.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47e2474a.qua'!
C:\WINDOWS\system32\SSLDyn.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lxt.1
[INFO] The file was moved to '47c5474a.qua'!
C:\WINDOWS\system32\WINSvr32.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47c74761.qua'!
C:\WINDOWS\system32\xztxwu.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ed47ac.qua'!
C:\WINDOWS\system32\dllcache\svchost.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47dc486f.qua'!
C:\WINDOWS\system32\E029E\ctfmon.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47df48a4.qua'!
C:\WINDOWS\system32\E029E\svchost.~tmp
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47dc48a7.qua'!
C:\WINDOWS\system32\wbem\rhgjxhvnb.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47e048b9.qua'!
C:\WINDOWS\system32\wbem\3648\svchost.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47dc48cf.qua'!
End of the scan: lundi 31 décembre 2007 20:52
Used time: 3:43:03 min
The scan has been done completely.
6980 Scanning directories
287741 Files were scanned
226 viruses and/or unwanted programs were found
18 Files were classified as suspicious:
0 files were deleted
0 files were repaired
243 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
287515 Files not concerned
7496 Archives were scanned
1 Warnings
8 Notes
clean:
31/12/2007 a 21:00:45,01
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\WhenU\" FOUND
"C:\Program Files\Everest Poker\" FOUND
*** Fin du rapport !
Report file date: lundi 31 décembre 2007 17:09
Scanning for 996949 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Compaq_Propriétaire
Computer name: NOM-EB85C523610
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:59:48
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 15:59:48
ANTIVIR3.VDF : 7.0.1.181 36352 Bytes 31/12/2007 15:59:48
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 31/12/2007 15:59:49
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 31/12/2007 15:59:49
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 31 décembre 2007 17:09
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '35' files ).
Starting the file scan:
Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Windows\rayio.exe
[DETECTION] Is the Trojan horse TR/WinButler.2
[INFO] The file was moved to '47f215bc.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\cs0619[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47a91f7e.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\jr[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47d41f7f.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\qqhx[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47e11f80.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\wd0618[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47a91f74.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1T1EQ4B3\wl0618[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47a91f7c.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\dh3[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47ac1f9b.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\e47e57844ef30ab4[1].exe
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47b01f68.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\jh0619[1].exe
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47a91f9d.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\qj0617[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjo
[INFO] The file was moved to '47a91fa1.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\qqsg[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47ec1fa8.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\rm6_stat[1].js
[DETECTION] Contains detection pattern of the Java script virus JS/Spy.Agent.A
[INFO] The file was moved to '47af1fa4.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\wow0617[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47f01fa8.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K9IZ4TMZ\zt0616[1].exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47a91fad.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\cq0619[1].exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47a91fae.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\dh0616[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47a91fa5.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\huaxia[1].exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47da1fb4.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\jt[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47d41fb4.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\RPBXDWRJ\zy[1].exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47d41fbb.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TMZ0AQ0J\mh0618[1].exe
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47a91faf.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TMZ0AQ0J\my0616[1].exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47a91fc0.qua'!
C:\Program Files\HijackThis\backups\backup-20071222-161701-264.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fgh
[INFO] The file was moved to '47dc294a.qua'!
C:\qoobox\Quarantine\catchme2007-12-22_162529.17.zip
[0] Archive type: ZIP
--> wspmyg93.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> 7i6szsbha.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47ed3826.qua'!
C:\qoobox\Quarantine\C\auto.exe.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47ed383b.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEM\finder.dll.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47e73830.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEM.vir\sysloader.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47ec3841.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_3103.dll.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47db382e.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\CPUSH\cpush.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.Agent.258560
[INFO] The file was moved to '47ee383a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\AVPSrv.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjr.2
[INFO] The file was moved to '47c93821.qua'!
C:\qoobox\Quarantine\C\WINDOWS\cmdbcs.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47dd3839.qua'!
C:\qoobox\Quarantine\C\WINDOWS\DbgHlp32.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47e0382e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\hkxaxt.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47f13837.qua'!
C:\qoobox\Quarantine\C\WINDOWS\kmrawm.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47eb383a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\Kvsc3.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjo
[INFO] The file was moved to '47ec3844.qua'!
C:\qoobox\Quarantine\C\WINDOWS\LotusHlp.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47ed383d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\mppds.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47e9383e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\msccrt.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47dc3842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\MsIMMs32.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47c23842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\MsPrint32D.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47c93842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\myjexx.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e33849.qua'!
C:\qoobox\Quarantine\C\WINDOWS\NAVMon32.exE.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47cf3811.qua'!
C:\qoobox\Quarantine\C\WINDOWS\NVDispDRV.EXE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47bd3826.qua'!
C:\qoobox\Quarantine\C\WINDOWS\PTSShell.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47cc3825.qua'!
C:\qoobox\Quarantine\C\WINDOWS\RegSrv64D.exE.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e03836.qua'!
C:\qoobox\Quarantine\C\WINDOWS\sknoya.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e7383d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\SSLDyn.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c53825.qua'!
C:\qoobox\Quarantine\C\WINDOWS\tempaq.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.cpk.1
[INFO] The file was moved to '47e63838.qua'!
C:\qoobox\Quarantine\C\WINDOWS\upxdnd.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47f13843.qua'!
C:\qoobox\Quarantine\C\WINDOWS\WINSvr32.exE.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47c7381c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\WSockDrv32.exe.vir
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47e83827.qua'!
C:\qoobox\Quarantine\C\WINDOWS\xbdeui.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47dd3836.qua'!
C:\qoobox\Quarantine\C\WINDOWS\xkjfzz.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e33840.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\7E110700.DLL.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47aa381b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\907382B0.EXE.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47b03806.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\AVPSrv.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjr.2
[INFO] The file was moved to '47c9382d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bho.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fgh
[INFO] The file was moved to '47e8383f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\bkcjkr.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '465c3cd3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\C93A88F4.EXE.vir
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47ac3811.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cmdbcs.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47dd3845.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cwykgz.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f23850.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\DbgHlp32.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47e0383b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\didsjb.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47dd3842.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dodolook591.exe.vir
[DETECTION] Is the Trojan horse TR/Drop.Agent.1805
[INFO] The file was moved to '47dd3849.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hewmvo.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lxt.1
[INFO] The file was moved to '47f0383f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jlutqz.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ee3847.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k113562371511.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa380c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k113562372317.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa380d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119831679711.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c9e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119831680719.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa380e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119832052911.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c9f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119832053919.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa380f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119833528711.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c80.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119833529619.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa3811.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119867845211.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3810.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119867846017.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '462a3c81.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11989586167.exe.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '462a3c82.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119895862817.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa3813.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11989628852.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c84.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11989628939.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3812.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990132893.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3815.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901330516.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3814.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990137643.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c86.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990137719.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3816.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901378016.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c87.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901378117.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3817.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990181213.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c88.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990181256.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3818.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k11990181299.exe.vir
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '462a3c89.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901814119.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa381a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901913611.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c8b.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119901914619.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa381c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119902897311.exe.vir
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '462a3c8c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\k119902898319.exe.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '462a3c8d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\Kvsc3.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjo
[INFO] The file was moved to '47ec3861.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\lxncvj.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e73863.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\LYLOADER.EXE.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c53844.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\LYMANGR.DLL.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c63845.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mppds.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47e9385c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\msccrt.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47dc385f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\MSDEG32.DLL.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
[INFO] The file was moved to '47bd3840.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\MsIMMs32.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47c23860.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\MsPrint32D.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47c93860.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nlqcuh.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mdx.2
[INFO] The file was moved to '47ea385a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nulpsp.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e53863.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\NVDispDrv.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47bd3845.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ofprll.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.27648.25
[INFO] The file was moved to '47e93855.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\onpmqw.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e9385d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qjmgnc.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '47e6385a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\SHQ.DLL.vir
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ca3838.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\svchost.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47dc3866.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tcykiz.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lkt.3
[INFO] The file was moved to '47f23854.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\tltcke.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47ed385d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\upxdnd.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47f13861.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vljula.dll.vir
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e3385e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\wspmyg93.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47e93865.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ztxvxj.dll.vir
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47f13866.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\acpidisk.sys.vir
[DETECTION] Contains detection pattern of the rootkit RKIT/Cinmus.M
[INFO] The file was moved to '47e93856.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\jrk1zao2.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '47e43866.qua'!
C:\qoobox\Quarantine\D\auto.exe.vir
[DETECTION] Is the Trojan horse TR/Autorun.CA
[INFO] The file was moved to '47ed3869.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19378.url
[DETECTION] Is the Trojan horse TR/Farfli.A.6
[INFO] The file was moved to '47aa3929.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19391.exe
[DETECTION] Contains detection pattern of the dropper DR/YokBar.N.14
[INFO] The file was moved to '47aa3937.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19392
[DETECTION] Contains detection pattern of the dropper DR/Agent.bff
[INFO] The file was moved to '47aa3938.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19402
[DETECTION] Is the Trojan horse TR/SearchScope.A
[INFO] The file was moved to '47aa393b.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19441
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '47aa3945.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19444.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.1805
[INFO] The file was moved to '47aa3946.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19684.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47aa3967.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19685.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6ca90.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19751.DLL
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47aa396e.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19766.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3970.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19767.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3971.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19768.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa3972.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20414.exe
[DETECTION] Is the Trojan horse TR/PSW.29696.7
[INFO] The file was moved to '47ab39b5.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20415.exe
[DETECTION] Is the Trojan horse TR/PSW.29696.7
[INFO] The file was moved to '47ab39b6.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20428.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '47ab39b7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20429.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '47ab39b8.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20430.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.39
[INFO] The file was moved to '46d7ca41.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20442.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47ab39ba.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20443.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '46d7ca43.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20452.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47ab39bd.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20453.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47ab39be.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20454.exe
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '46d7ca47.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20465.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '47ab39c1.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20466.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '47ab39c2.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20468.exe
[DETECTION] Is the Trojan horse TR/PSW.28160.32
[INFO] The file was moved to '47ab39c3.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20469.exe
[DETECTION] Is the Trojan horse TR/PSW.28160.32
[INFO] The file was moved to '47ab39c4.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20480.exe
[DETECTION] Is the Trojan horse TR/PSW.27648.25
[INFO] The file was moved to '47ab39c6.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20481.exe
[DETECTION] Is the Trojan horse TR/PSW.27648.25
[INFO] The file was moved to '46d7ca3f.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20485.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lkt.3
[INFO] The file was moved to '47ab39c7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20495.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47ab39c9.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20496.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47ab39ca.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20497.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcc.2
[INFO] The file was moved to '47ab39cb.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20503.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39cd.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20505.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39ce.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20508.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39cf.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20512.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39d2.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20513.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ab39d4.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20524.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47ab39d6.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20525.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47ab39d7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20527.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mch.1
[INFO] The file was moved to '47ab39d9.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20528.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mch.1
[INFO] The file was moved to '46d7ca22.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20529.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mch.1
[INFO] The file was moved to '47ab39da.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20555.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47ab39dc.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20557.exe
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ab39dd.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20629.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47ab39e2.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20691.exe
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.47
[INFO] The file was moved to '47ab39e7.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20692.exe
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.47
[INFO] The file was moved to '46d7ca10.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20700.exe
[DETECTION] Contains detection pattern of the worm WORM/Winko.I.46
[INFO] The file was moved to '47ab39e8.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc20835.EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ab39f1.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc21311.htm
[DETECTION] Is the Trojan horse TR/Exploit.Real.A.1
[INFO] The file was moved to '47ab3a0b.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc21534.DLL
[DETECTION] Is the Trojan horse TR/PSW.Online.gyo.2
[INFO] The file was moved to '47ab3a18.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc21554.js
[DETECTION] Contains detection pattern of the Java script virus JS/Spy.Agent.A
[INFO] The file was moved to '47ab3a1a.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc22108.DLL
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47ab3a33.qua'!
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc22717.DLL
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mhc
[INFO] The file was moved to '47ab3a4b.qua'!
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc4\NOD32.SmartSecurity.v3.0.566.0.Final.rar
[0] Archive type: RAR
--> NOD32.SmartSecurity.v3.0.566.0.Final\Addons\NOD32.FiX.v3.0.nsane.exe
[DETECTION] Is the Trojan horse TR/Gendal.551137
[INFO] The file was moved to '47bd3cf5.qua'!
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc4\NOD32.SmartSecurity.v3.0.566.0.Final\Addons\NOD32.FiX.v3.0.nsane.exe
[DETECTION] Is the Trojan horse TR/Gendal.551137
[INFO] The file was moved to '47bd3d03.qua'!
C:\WINDOWS\533931MM.DLL
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47ac3cf4.qua'!
C:\WINDOWS\533931WL.DLL
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ac3cf5.qua'!
C:\WINDOWS\agnnfh.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47e73d29.qua'!
C:\WINDOWS\aszcei.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47f33d36.qua'!
C:\WINDOWS\cthoql.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e13d38.qua'!
C:\WINDOWS\cubgaq.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47db3d39.qua'!
C:\WINDOWS\dpzigv.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f33d35.qua'!
C:\WINDOWS\dvdfcd.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47dd3d3c.qua'!
C:\WINDOWS\fhzdkr.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47f33d2f.qua'!
C:\WINDOWS\fzpwou.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e93d41.qua'!
C:\WINDOWS\glovzt.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e83d34.qua'!
C:\WINDOWS\hnzmpa.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4688d347.qua'!
C:\WINDOWS\icozmw.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47e83d2c.qua'!
C:\WINDOWS\iobuwe.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '46a0d34a.qua'!
C:\WINDOWS\ivfggi.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47df3d42.qua'!
C:\WINDOWS\izbwig.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47db3d46.qua'!
C:\WINDOWS\kjgtiv.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mcd
[INFO] The file was moved to '47e03d3d.qua'!
C:\WINDOWS\nhzrxu.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mce.3
[INFO] The file was moved to '47f33d3c.qua'!
C:\WINDOWS\soytbe.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f23d46.qua'!
C:\WINDOWS\sxgeiq.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e03d50.qua'!
C:\WINDOWS\ujcjqm.exe
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47dc3d43.qua'!
C:\WINDOWS\xzzkqq.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47f33d56.qua'!
C:\WINDOWS\system32\78m9854c60.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e64672.qua'!
C:\WINDOWS\system32\bho.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fgh
[INFO] The file was moved to '47e846b0.qua'!
C:\WINDOWS\system32\bvphsd.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47e946c0.qua'!
C:\WINDOWS\system32\cblpsu.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjn
[INFO] The file was moved to '47e546af.qua'!
C:\WINDOWS\system32\ckriqp.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47eb46bf.qua'!
C:\WINDOWS\system32\cwomae.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mji
[INFO] The file was moved to '47e846d4.qua'!
C:\WINDOWS\system32\EADEC1B6.DLL
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47bd46b3.qua'!
C:\WINDOWS\system32\eifgem.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47df46db.qua'!
C:\WINDOWS\system32\ekeqat.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47de46de.qua'!
C:\WINDOWS\system32\ekglve.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjp.2
[INFO] The file was moved to '47e046de.qua'!
C:\WINDOWS\system32\fbnbma.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47e746d9.qua'!
C:\WINDOWS\system32\gbuadg.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lzw
[INFO] The file was moved to '47ee46de.qua'!
C:\WINDOWS\system32\hcxqto.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47f146e2.qua'!
C:\WINDOWS\system32\jdpald.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47e946f3.qua'!
C:\WINDOWS\system32\jefmoj.dll
[DETECTION] Is the Trojan horse TR/PSW.28672.43
[INFO] The file was moved to '47df46f5.qua'!
C:\WINDOWS\system32\k113519801111.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa46c3.qua'!
C:\WINDOWS\system32\k113519802019.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6b53c.qua'!
C:\WINDOWS\system32\k113562429111.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa46c4.qua'!
C:\WINDOWS\system32\k113562429817.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6b53d.qua'!
C:\WINDOWS\system32\k113597196811.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47aa46c5.qua'!
C:\WINDOWS\system32\k113597197819.exe
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '46d6b53e.qua'!
C:\WINDOWS\system32\kukqya.dll
[DETECTION] Is the Trojan horse TR/PSW.28672.47
[INFO] The file was moved to '47e4470d.qua'!
C:\WINDOWS\system32\LotusHlp.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47ed470c.qua'!
C:\WINDOWS\system32\LYLOADER(2).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c546f9.qua'!
C:\WINDOWS\system32\LYLOADER(3).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '46b9b502.qua'!
C:\WINDOWS\system32\LYLOADER(4).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c546fb.qua'!
C:\WINDOWS\system32\LYLOADER(5).EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '47c546fa.qua'!
C:\WINDOWS\system32\LYLOADMR.EXE
[DETECTION] Is the Trojan horse TR/PSW.Online.agb.2
[INFO] The file was moved to '46b9b503.qua'!
C:\WINDOWS\system32\lzkklj.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47e4471c.qua'!
C:\WINDOWS\system32\meyzlw.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47f24709.qua'!
C:\WINDOWS\system32\mtmbtg.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjl
[INFO] The file was moved to '47e64737.qua'!
C:\WINDOWS\system32\NAVMon32.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47cf4705.qua'!
C:\WINDOWS\system32\pfigac.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47e2473c.qua'!
C:\WINDOWS\system32\pjchoz.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjr.2
[INFO] The file was moved to '47dc4741.qua'!
C:\WINDOWS\system32\PTSShell.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjs.1
[INFO] The file was moved to '47cc472f.qua'!
C:\WINDOWS\system32\pvjsej.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mjk.2
[INFO] The file was moved to '47e34751.qua'!
C:\WINDOWS\system32\RegSrv64D.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47e04749.qua'!
C:\WINDOWS\system32\reifbj.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mll.4
[INFO] The file was moved to '47e2474a.qua'!
C:\WINDOWS\system32\SSLDyn.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.lxt.1
[INFO] The file was moved to '47c5474a.qua'!
C:\WINDOWS\system32\WINSvr32.dll
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.mnx
[INFO] The file was moved to '47c74761.qua'!
C:\WINDOWS\system32\xztxwu.dll
[DETECTION] Is the Trojan horse TR/Spy.Gen
[INFO] The file was moved to '47ed47ac.qua'!
C:\WINDOWS\system32\dllcache\svchost.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47dc486f.qua'!
C:\WINDOWS\system32\E029E\ctfmon.exe
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '47df48a4.qua'!
C:\WINDOWS\system32\E029E\svchost.~tmp
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47dc48a7.qua'!
C:\WINDOWS\system32\wbem\rhgjxhvnb.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47e048b9.qua'!
C:\WINDOWS\system32\wbem\3648\svchost.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47dc48cf.qua'!
End of the scan: lundi 31 décembre 2007 20:52
Used time: 3:43:03 min
The scan has been done completely.
6980 Scanning directories
287741 Files were scanned
226 viruses and/or unwanted programs were found
18 Files were classified as suspicious:
0 files were deleted
0 files were repaired
243 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
287515 Files not concerned
7496 Archives were scanned
1 Warnings
8 Notes
clean:
31/12/2007 a 21:00:45,01
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\WhenU\" FOUND
"C:\Program Files\Everest Poker\" FOUND
*** Fin du rapport !
--
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!))
Salut Philae !
Ouais 226 virus .
C'est de plus en plus notre lôt depuis un bout ces conneries.
C'est ce qui s'appelle ne pas nettoyer pour des caprices LOll! ! ;-)
Passes une bonne année !
@+ Jal
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!))
Salut Philae !
Ouais 226 virus .
C'est de plus en plus notre lôt depuis un bout ces conneries.
C'est ce qui s'appelle ne pas nettoyer pour des caprices LOll! ! ;-)
Passes une bonne année !
@+ Jal
--
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!))
Et en plus : Belles exploitations des failles laissées par nos ingénieurs Java et leurs versions non écrasées encore ! ;-)
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!))
Et en plus : Belles exploitations des failles laissées par nos ingénieurs Java et leurs versions non écrasées encore ! ;-)
lol normalement je faire attention, mais mon antivirus ete perimé, je ne l'avais pas remarquer d'une durée de 2 jours, puis aprés ca impossible d'installer norton ce qui a du agraver les chose...
bonsoir,
je suis à nouveau là. Je regarde tout ca à première vue antivir a viré pas mal de m....tu vois effectivement où cela mène de ne pas sécuriser son pc. UN pc demande pas mal d'attention si on veut être tranquille, j'espère que tu l'auras compris.
Garde antivir qui à mon avis est pas si mal que ça. (perso je l'utilise depuis bien longtemps)
même si un AV ne fait pas toute une protection, elle y contribue.
fait ceci maintenant
* Redémarre en mode sans échec. Pour cela : au démarrage du PC, tapote sur F8 (ou F5). Ton PC démarre, mais sans accès à Internet.
* Ouvre le dossier jaune nommé clean sur ton bureau.
* Double-clique sur clean.cmd
* Choisis l'option 2 et copie sur le bureau le rapport généré.
* Si une fenêtre s'ouvre, laisse-la.
* Clique sur Q pour quitter le programme.
* Redémarre normalement.
ET
* Télécharge CCleaner.
https://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
* Lance Ccleaner pour un nettoyage complet.
------
* télécharge AVG Anti-Spyware (ewido)
https://www.avg.com/en-ww/free-antivirus-download
* tu l'installes
* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
puis
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.
Puis sur l'onglet Paramètres,
sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option 3
"Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport".
Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le.
reposte un nouveau rapport hijackthis ensuite
je suis à nouveau là. Je regarde tout ca à première vue antivir a viré pas mal de m....tu vois effectivement où cela mène de ne pas sécuriser son pc. UN pc demande pas mal d'attention si on veut être tranquille, j'espère que tu l'auras compris.
Garde antivir qui à mon avis est pas si mal que ça. (perso je l'utilise depuis bien longtemps)
même si un AV ne fait pas toute une protection, elle y contribue.
fait ceci maintenant
* Redémarre en mode sans échec. Pour cela : au démarrage du PC, tapote sur F8 (ou F5). Ton PC démarre, mais sans accès à Internet.
* Ouvre le dossier jaune nommé clean sur ton bureau.
* Double-clique sur clean.cmd
* Choisis l'option 2 et copie sur le bureau le rapport généré.
* Si une fenêtre s'ouvre, laisse-la.
* Clique sur Q pour quitter le programme.
* Redémarre normalement.
ET
* Télécharge CCleaner.
https://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
* Lance Ccleaner pour un nettoyage complet.
------
* télécharge AVG Anti-Spyware (ewido)
https://www.avg.com/en-ww/free-antivirus-download
* tu l'installes
* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
puis
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.
Puis sur l'onglet Paramètres,
sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option 3
"Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport".
Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le.
reposte un nouveau rapport hijackthis ensuite
--
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Oui soit nous donnons des aspirins aux blessés de guerres ou nous militons activement pour la paix !
J'ai au moins la satisfaction que depuis 2 jours j'ai reçu 220 Emails et seulement un pour de l'aide.
Parcontre j'en ai reçu 5 qui me mentionnent qu'il ont appliqué mes recommandations sur mon blog et qu'ils en sont enchantés .
Ceci est bien mieux pour le moral.
Mais comme je le dis: C'est donc compliquer d'expliquer simplement.
;-)
Ok je vous laisse à vos bibites .
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
Oui soit nous donnons des aspirins aux blessés de guerres ou nous militons activement pour la paix !
J'ai au moins la satisfaction que depuis 2 jours j'ai reçu 220 Emails et seulement un pour de l'aide.
Parcontre j'en ai reçu 5 qui me mentionnent qu'il ont appliqué mes recommandations sur mon blog et qu'ils en sont enchantés .
Ceci est bien mieux pour le moral.
Mais comme je le dis: C'est donc compliquer d'expliquer simplement.
;-)
Ok je vous laisse à vos bibites .
BONNE ANNEE!!
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 13:06:55 01/01/2008
+ Résultat de l'analyse:
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP26\A0021390.exe -> Adware.Casino : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19748.cab/adblock.dll -> Adware.Yok : Aucune action entreprise.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP23\A0020253.exe -> Dropper.BHO.av : Aucune action entreprise.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP26\A0021300.exe -> Dropper.BHO.av : Aucune action entreprise.
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\CPUSH\Uninst.exe.vir -> Dropper.BHO.av : Aucune action entreprise.
:mozilla.148:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16796.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25520.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.159:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.174:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17002.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17258.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17282.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17321.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17322.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25738.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16384.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16560.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25411.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25483.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25913.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17548.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25858.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14576.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24518.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17690.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25912.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc102.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17536.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25871.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc98.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17665.txt -> TrackingCookie.Belstat : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23773.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc9792.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc89.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16645.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16921.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25943.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc13661.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17633.txt -> TrackingCookie.Com : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc15440.txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25022.txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc12167.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17467.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23818.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25831.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17706.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25910.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc80.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17725.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25920.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14278.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc13662.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23946.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16031.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16871.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14728.txt -> TrackingCookie.Information : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16324.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.162:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17749.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25921.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc101.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.173:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc82.txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14418.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25615.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17463.txt -> TrackingCookie.Paypal : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc15852.txt -> TrackingCookie.Revenue : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17152.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23035.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25734.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc57.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc84.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.90:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14988.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24734.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc70.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14635.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25901.txt -> TrackingCookie.Spylog : Aucune action entreprise.
:mozilla.45:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14994.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24730.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.143:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.144:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24282.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc92.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16540.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.72:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14463.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24610.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc100.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25638.txt -> TrackingCookie.Yadro : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc12959.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24121.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
Fin du rapport
hijack:
Logfile of HijackThis v1.99.1
Scan saved at 13:25:40, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe (file missing)
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 13:06:55 01/01/2008
+ Résultat de l'analyse:
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP26\A0021390.exe -> Adware.Casino : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc19748.cab/adblock.dll -> Adware.Yok : Aucune action entreprise.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP23\A0020253.exe -> Dropper.BHO.av : Aucune action entreprise.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP26\A0021300.exe -> Dropper.BHO.av : Aucune action entreprise.
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\CPUSH\Uninst.exe.vir -> Dropper.BHO.av : Aucune action entreprise.
:mozilla.148:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16796.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25520.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.159:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.174:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17002.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17258.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17282.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17321.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17322.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25738.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16384.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16560.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25411.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25483.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25913.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.79:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17548.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25858.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14576.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24518.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17690.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25912.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc102.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17536.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25871.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc98.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17665.txt -> TrackingCookie.Belstat : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23773.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc9792.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc89.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16645.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16921.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25943.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc13661.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17633.txt -> TrackingCookie.Com : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc15440.txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25022.txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc12167.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17467.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23818.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25831.txt -> TrackingCookie.Dealtime : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17706.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25910.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc80.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17725.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25920.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14278.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc13662.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23946.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16031.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16871.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14728.txt -> TrackingCookie.Information : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16324.txt -> TrackingCookie.Liveperson : Aucune action entreprise.
:mozilla.162:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17749.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25921.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc101.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.173:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc82.txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14418.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25615.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17463.txt -> TrackingCookie.Paypal : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc15852.txt -> TrackingCookie.Revenue : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc17152.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc23035.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25734.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc57.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc84.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.90:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14988.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24734.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc70.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14635.txt -> TrackingCookie.Specificclick : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25901.txt -> TrackingCookie.Spylog : Aucune action entreprise.
:mozilla.45:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14994.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24730.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.143:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.144:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24282.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc92.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc16540.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.72:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc14463.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24610.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-2903846003-3835825511-2401260648-1008\Dc100.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc25638.txt -> TrackingCookie.Yadro : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\xzfpdnxc.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc12959.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\RECYCLER\S-1-5-21-1401492894-723679195-3767947408-1008\Dc24121.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
Fin du rapport
hijack:
Logfile of HijackThis v1.99.1
Scan saved at 13:25:40, on 01/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://7255.com/?g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8F776B2A-72DF-40C1-BD69-EDB642A706D7} - C:\WINDOWS\system32\bho.dll (file missing)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: Yahoo Service (YahooSvr) - Unknown owner - C:\WINDOWS\system32\E029E\svchost.exe (file missing)
