Sujet Précédent Sujet Suivant

Virus, aidez-moi svp !!

Fermé
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008 - 21 janv. 2008 à 18:58
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008 - 31 janv. 2008 à 18:51
Bonjour,
je vous explique mon problème. J'ai un ordinateur portable depuis 2 ans sous windows XP, mais depuis quelques semaines tout va mal. Il met de plus en plus de temps à démarrer, des pop-up s'ouvrent sans arret alors que je les ai bloqué et quand je suis sur internet il arrive que mon ordi plante.
Je sais que j'ai plein de virus (je n'en doute pas en tout cas) mais je suis pas très forte en informatique pour pouvoir m'en débarasser donc si l'un ou l'une d'entre vous veut bien m'aider et me guider je vous remercie !!
A voir également:

30 réponses

  • 1
  • 2
Réponse 1 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
21 janv. 2008 à 19:23
OUlala!!
dis moi qui t'as demandé de faire ce rapport genproc ??

ensuite:

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp



* Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* double-clic sur VirtumundoBeGone.exe
* Suis les instructions à l'écran
* Quand le scan est terminé, enregistre le rapport.
* Copie/Colle le ici
1
Réponse 2 / 30
HeeroYuy Messages postés 1203 Date d'inscription mardi 16 octobre 2007 Statut Membre Dernière intervention 27 août 2023 125
21 janv. 2008 à 18:59
Bonjour,

A-tu effectué un scan de ton disque dur ? Quel est ton anit virus ?
0
Réponse 3 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
21 janv. 2008 à 19:01
salut chtiotte,
donne nous ta config sécurité:antivirus,anti-spyware et pare-feu ???

ensuite :

1) Clique ICI pour télécharger le fichier d'installation d'HijackThis :http://www.infos-du-net.com/telecharger/HijackThis,0301-454.html

Enregistre HJTInstall.exe sur ton bureau

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là || C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
0
Réponse 4 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
21 janv. 2008 à 19:12
tout d'abord merci de m'accorder votre aide...
En ce qui concerne le scan j'en ai fais un hier et il m'a viré quelques fichiers mais aujourd'hui mon ordi rame encore et toujours. J'ai AVG Anti-spyware.
Je joins ci-dessous mon rapport hijack e celui de genproc (juste au cas ou)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:31, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MOI\Bureau\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213369B26033AAC
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [30aea7db] rundll32.exe "C:\WINDOWS\system32\nolrvtcm.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM339d9447] Rundll32.exe "C:\WINDOWS\system32\ldcqtqho.dll",s
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MOI\Application Data\Microsoft\Windows\efdjxi.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Oeso] "C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe" -vt yazb
O4 - HKCU\..\Run: [Sfub] "C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c005E6A.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jlelaosj.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
21 janv. 2008 à 19:58
voila mes 2 rapports.



VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 19:27:18 21/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\abihayrt.dll
C:\WINDOWS\system32\anmuplut.dll
C:\WINDOWS\system32\bayqfqmw.dll
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bgmghgbf.dll
C:\WINDOWS\system32\cbxvtur.dll
C:\WINDOWS\system32\cgroprbl.dll
C:\WINDOWS\system32\ckwmyhrq.dll
C:\WINDOWS\system32\clltnvnd.dll
C:\WINDOWS\system32\cteqksil.dll
C:\WINDOWS\system32\cvneqowt.dll
C:\WINDOWS\system32\dfpugulx.dll
C:\WINDOWS\system32\djjsykxn.dll
C:\WINDOWS\system32\dpjdfbok.dll
C:\WINDOWS\system32\fecprcrt.dll
C:\WINDOWS\system32\fjfqrtby.dll
C:\WINDOWS\system32\flwprrhm.dll
C:\WINDOWS\system32\fsnimoxf.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gqttavyr.dll
C:\WINDOWS\system32\gukmkmdh.dll
C:\WINDOWS\system32\havpnqmb.dll
C:\WINDOWS\system32\hpfojyfy.dll
C:\WINDOWS\system32\hqcpxpbp.dll
C:\WINDOWS\system32\idxpavqd.dll
C:\WINDOWS\system32\ijajspab.dll
C:\WINDOWS\system32\irmgnfts.dll
C:\WINDOWS\system32\ixinjwai.dll
C:\WINDOWS\system32\jjeanebo.exe
C:\WINDOWS\system32\jjuohdym.dll
C:\WINDOWS\system32\jrfuvonw.dll
C:\WINDOWS\system32\jtosgmkj.exe
C:\WINDOWS\system32\kbxlolso.dll
C:\WINDOWS\system32\khaaumsd.dll
C:\WINDOWS\system32\kntxfkum.dll
C:\WINDOWS\system32\ksmicwxn.dll
C:\WINDOWS\system32\lbrporgc.ini
C:\WINDOWS\system32\lcsvqjjc.dll
C:\WINDOWS\system32\ldcqtqho.dll
C:\WINDOWS\system32\liskqetc.ini
C:\WINDOWS\system32\luxtxitk.dll
C:\WINDOWS\system32\lwifbmlj.dll
C:\WINDOWS\system32\lwkkwtgx.dll
C:\WINDOWS\system32\mlvvoopn.dll
C:\WINDOWS\system32\muhtjbes.dll
C:\WINDOWS\system32\nopotenw.dll
C:\WINDOWS\system32\nuklotgq.dll
C:\WINDOWS\system32\nunlugpd.dll
C:\WINDOWS\system32\nvcnbqpo.dll
C:\WINDOWS\system32\nxkysjjd.ini
C:\WINDOWS\system32\ogrofacf.dll
C:\WINDOWS\system32\onmevqpt.dll
C:\WINDOWS\system32\oquwyats.dll
C:\WINDOWS\system32\oxxblhlr.dll
C:\WINDOWS\system32\petpahsr.dll
C:\WINDOWS\system32\pnqnukiy.dll
C:\WINDOWS\system32\qgcxcmfw.dll
C:\WINDOWS\system32\qhcxdxqj.dll
C:\WINDOWS\system32\qoatvlcf.dll
C:\WINDOWS\system32\qrhymwkc.ini
C:\WINDOWS\system32\rctufrhh.dll
C:\WINDOWS\system32\rgdalctk.dll
C:\WINDOWS\system32\rnmathcq.dll
C:\WINDOWS\system32\rrqruvee.dll
C:\WINDOWS\system32\rrtwstxg.dll
C:\WINDOWS\system32\siissqvw.dll
C:\WINDOWS\system32\soiqjojw.dll
C:\WINDOWS\system32\tdephejf.exe
C:\WINDOWS\system32\tnjtnbvx.dll
C:\WINDOWS\system32\tryahiba.ini
C:\WINDOWS\system32\tuhjikpo.dll
C:\WINDOWS\system32\uhltopmb.dll
C:\WINDOWS\system32\upqpyyvp.dll
C:\WINDOWS\system32\uqunhkhm.dll
C:\WINDOWS\system32\uuypgrcy.dll
C:\WINDOWS\system32\uveysnvt.exe
C:\WINDOWS\system32\vkicavgo.dll
C:\WINDOWS\system32\vrrogwam.dll
C:\WINDOWS\system32\vsbyogrc.dll
C:\WINDOWS\system32\wmvhivjv.dll
C:\WINDOWS\system32\wwuunqkp.dll
C:\WINDOWS\system32\xsmvtpag.dll
C:\WINDOWS\system32\xsqbdaeq.dll
C:\WINDOWS\system32\xwhrvcnw.dll
C:\WINDOWS\system32\ygodwbvn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abihayrt.dll
C:\WINDOWS\system32\abihayrt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\anmuplut.dll
C:\WINDOWS\system32\anmuplut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bayqfqmw.dll
C:\WINDOWS\system32\bayqfqmw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\bcbeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bgmghgbf.dll
C:\WINDOWS\system32\bgmghgbf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvtur.dll
C:\WINDOWS\system32\cbxvtur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cgroprbl.dll
C:\WINDOWS\system32\cgroprbl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckwmyhrq.dll
C:\WINDOWS\system32\ckwmyhrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\clltnvnd.dll
C:\WINDOWS\system32\clltnvnd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cteqksil.dll
C:\WINDOWS\system32\cteqksil.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cvneqowt.dll
C:\WINDOWS\system32\cvneqowt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfpugulx.dll
C:\WINDOWS\system32\dfpugulx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\djjsykxn.dll
C:\WINDOWS\system32\djjsykxn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dpjdfbok.dll
C:\WINDOWS\system32\dpjdfbok.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fecprcrt.dll
C:\WINDOWS\system32\fecprcrt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fjfqrtby.dll
C:\WINDOWS\system32\fjfqrtby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\flwprrhm.dll
C:\WINDOWS\system32\flwprrhm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fsnimoxf.dll
C:\WINDOWS\system32\fsnimoxf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gqttavyr.dll
C:\WINDOWS\system32\gqttavyr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gukmkmdh.dll
C:\WINDOWS\system32\gukmkmdh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\havpnqmb.dll
C:\WINDOWS\system32\havpnqmb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hpfojyfy.dll
C:\WINDOWS\system32\hpfojyfy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hqcpxpbp.dll
C:\WINDOWS\system32\hqcpxpbp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\idxpavqd.dll
C:\WINDOWS\system32\idxpavqd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijajspab.dll
C:\WINDOWS\system32\ijajspab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\irmgnfts.dll
C:\WINDOWS\system32\irmgnfts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ixinjwai.dll
C:\WINDOWS\system32\ixinjwai.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjeanebo.exe
C:\WINDOWS\system32\jjeanebo.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjuohdym.dll
C:\WINDOWS\system32\jjuohdym.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jrfuvonw.dll
C:\WINDOWS\system32\jrfuvonw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtosgmkj.exe
C:\WINDOWS\system32\jtosgmkj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kbxlolso.dll
C:\WINDOWS\system32\kbxlolso.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khaaumsd.dll
C:\WINDOWS\system32\khaaumsd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kntxfkum.dll
C:\WINDOWS\system32\kntxfkum.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ksmicwxn.dll
C:\WINDOWS\system32\ksmicwxn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lbrporgc.ini
C:\WINDOWS\system32\lbrporgc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lcsvqjjc.dll
C:\WINDOWS\system32\lcsvqjjc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ldcqtqho.dll
C:\WINDOWS\system32\ldcqtqho.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\liskqetc.ini
C:\WINDOWS\system32\liskqetc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\luxtxitk.dll
C:\WINDOWS\system32\luxtxitk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lwifbmlj.dll
C:\WINDOWS\system32\lwifbmlj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lwkkwtgx.dll
C:\WINDOWS\system32\lwkkwtgx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlvvoopn.dll
C:\WINDOWS\system32\mlvvoopn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\muhtjbes.dll
C:\WINDOWS\system32\muhtjbes.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nopotenw.dll
C:\WINDOWS\system32\nopotenw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nuklotgq.dll
C:\WINDOWS\system32\nuklotgq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nunlugpd.dll
C:\WINDOWS\system32\nunlugpd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nvcnbqpo.dll
C:\WINDOWS\system32\nvcnbqpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nxkysjjd.ini
C:\WINDOWS\system32\nxkysjjd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ogrofacf.dll
C:\WINDOWS\system32\ogrofacf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\onmevqpt.dll
C:\WINDOWS\system32\onmevqpt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oquwyats.dll
C:\WINDOWS\system32\oquwyats.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oxxblhlr.dll
C:\WINDOWS\system32\oxxblhlr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\petpahsr.dll
C:\WINDOWS\system32\petpahsr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pnqnukiy.dll
C:\WINDOWS\system32\pnqnukiy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qgcxcmfw.dll
C:\WINDOWS\system32\qgcxcmfw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qhcxdxqj.dll
C:\WINDOWS\system32\qhcxdxqj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qoatvlcf.dll
C:\WINDOWS\system32\qoatvlcf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrhymwkc.ini
C:\WINDOWS\system32\qrhymwkc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rctufrhh.dll
C:\WINDOWS\system32\rctufrhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rgdalctk.dll
C:\WINDOWS\system32\rgdalctk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rnmathcq.dll
C:\WINDOWS\system32\rnmathcq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrqruvee.dll
C:\WINDOWS\system32\rrqruvee.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrtwstxg.dll
C:\WINDOWS\system32\rrtwstxg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\siissqvw.dll
C:\WINDOWS\system32\siissqvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\soiqjojw.dll
C:\WINDOWS\system32\soiqjojw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tdephejf.exe
C:\WINDOWS\system32\tdephejf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tnjtnbvx.dll
C:\WINDOWS\system32\tnjtnbvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tryahiba.ini
C:\WINDOWS\system32\tryahiba.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuhjikpo.dll
C:\WINDOWS\system32\tuhjikpo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uhltopmb.dll
C:\WINDOWS\system32\uhltopmb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\upqpyyvp.dll
C:\WINDOWS\system32\upqpyyvp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uqunhkhm.dll
C:\WINDOWS\system32\uqunhkhm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uuypgrcy.dll
C:\WINDOWS\system32\uuypgrcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uveysnvt.exe
C:\WINDOWS\system32\uveysnvt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vkicavgo.dll
C:\WINDOWS\system32\vkicavgo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vrrogwam.dll
C:\WINDOWS\system32\vrrogwam.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vsbyogrc.dll
C:\WINDOWS\system32\vsbyogrc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wmvhivjv.dll
C:\WINDOWS\system32\wmvhivjv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wwuunqkp.dll
C:\WINDOWS\system32\wwuunqkp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xsmvtpag.dll
C:\WINDOWS\system32\xsmvtpag.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xsqbdaeq.dll
C:\WINDOWS\system32\xsqbdaeq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xwhrvcnw.dll
C:\WINDOWS\system32\xwhrvcnw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ygodwbvn.dll
C:\WINDOWS\system32\ygodwbvn.dll Has been deleted!

Performing Repairs to the registry.
Done!
0
Réponse 6 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
21 janv. 2008 à 19:59
et le deuxième.

[01/21/2008, 19:32:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\MOI\Bureau\VirtumundoBeGone.exe" )
[01/21/2008, 19:32:44] - User choose NOT to continue. Exiting...

[01/21/2008, 19:48:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\MOI\Bureau\VirtumundoBeGone.exe" )
[01/21/2008, 19:49:17] - Detected System Information:
[01/21/2008, 19:49:17] - Windows Version: 5.1.2600, Service Pack 2
[01/21/2008, 19:49:17] - Current Username: MOI (Admin)
[01/21/2008, 19:49:17] - Windows is in NORMAL mode.
[01/21/2008, 19:49:17] - Searching for Browser Helper Objects:
[01/21/2008, 19:49:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[01/21/2008, 19:49:17] - BHO 2: {0850CA53-CB41-4988-ADDF-643D8640E8C6} ()
[01/21/2008, 19:49:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:17] - No filename found. Continuing.
[01/21/2008, 19:49:17] - BHO 3: {0D965E96-DB3B-47BE-AB75-78C47CFEFDBB} ()
[01/21/2008, 19:49:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:17] - No filename found. Continuing.
[01/21/2008, 19:49:17] - BHO 4: {38E5C329-53F1-4892-A3B6-BDDBEA67D26F} ()
[01/21/2008, 19:49:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:17] - No filename found. Continuing.
[01/21/2008, 19:49:17] - BHO 5: {3E7B0AAA-BA39-4A51-A805-B00A7C40CE24} ()
[01/21/2008, 19:49:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:17] - No filename found. Continuing.
[01/21/2008, 19:49:17] - BHO 6: {42940831-55DD-4355-B5B2-FE7A7195CE75} ()
[01/21/2008, 19:49:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:17] - No filename found. Continuing.
[01/21/2008, 19:49:17] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[01/21/2008, 19:49:17] - BHO 8: {5C538BEB-89AC-4788-9B16-636066462DB4} ()
[01/21/2008, 19:49:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:17] - No filename found. Continuing.
[01/21/2008, 19:49:17] - BHO 9: {603FAF71-7453-4EB0-AA05-61B5226A9F95} ()
[01/21/2008, 19:49:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:17] - No filename found. Continuing.
[01/21/2008, 19:49:17] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/21/2008, 19:49:18] - BHO 11: {8752324C-0906-4F23-AA72-A61B8935BF5A} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 12: {89472F6B-D111-45EB-9A2E-950133459696} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 13: {8B2A8F7A-F1C5-45F9-A210-B260DB373ED0} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 14: {8D2B9B04-3536-4D45-A2A7-2AC17907783A} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - Checking for HKLM\...\Winlogon\Notify\
[01/21/2008, 19:49:18] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[01/21/2008, 19:49:18] - BHO 15: {904D797C-D44B-4A76-9AA5-CD8FA73FA6EB} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 16: {95ED48A9-4633-4681-A5FC-42061D5C50BE} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 17: {97D3A143-678A-395F-D82E-4DE670F40896} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - Checking for HKLM\...\Winlogon\Notify\klyuoyxs
[01/21/2008, 19:49:18] - Key not found: HKLM\...\Winlogon\Notify\klyuoyxs, continuing.
[01/21/2008, 19:49:18] - BHO 18: {9804BCA9-0278-410E-83CE-D59880DADD80} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 19: {9B05BCCD-75E3-4B0A-A941-BA40F0B510FA} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 20: {9C5A1834-8D9D-4053-956F-BAB7AED5ADDC} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 21: {A18B532E-A115-48FD-B1AE-BCA8CEBE1F99} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 22: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/21/2008, 19:49:18] - BHO 23: {AF0D173F-4D15-4E13-A350-ACD3AB3EAD41} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 24: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/21/2008, 19:49:18] - BHO 25: {B069F735-8821-41AE-92B0-9C0AF3568935} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 26: {BC426494-6C0E-4463-B8C8-7B28A98466D1} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 27: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[01/21/2008, 19:49:18] - BHO 28: {C0CA591D-4A90-4DE2-AFC3-6023E5CAE595} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - No filename found. Continuing.
[01/21/2008, 19:49:18] - BHO 29: {CF4E9639-06BF-40C9-BE8A-C6E3C977D087} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:18] - Checking for HKLM\...\Winlogon\Notify\gebcb
[01/21/2008, 19:49:18] - Key not found: HKLM\...\Winlogon\Notify\gebcb, continuing.
[01/21/2008, 19:49:18] - BHO 30: {E3DBF64D-5D51-4E6F-98EB-07A9992F2902} ()
[01/21/2008, 19:49:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:19] - No filename found. Continuing.
[01/21/2008, 19:49:19] - BHO 31: {EFE9A305-FA8B-4310-85B5-FE241B7F4165} ()
[01/21/2008, 19:49:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:19] - Checking for HKLM\...\Winlogon\Notify\
[01/21/2008, 19:49:19] - Key not found: HKLM\...\Winlogon\Notify\, continuing.
[01/21/2008, 19:49:19] - BHO 32: {F25C5E13-5394-4E62-8DB9-BFD3E6DEF19F} ()
[01/21/2008, 19:49:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:19] - No filename found. Continuing.
[01/21/2008, 19:49:19] - BHO 33: {F75A971F-D4B1-407A-8E7F-AB38164FE55D} ()
[01/21/2008, 19:49:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:19] - No filename found. Continuing.
[01/21/2008, 19:49:19] - BHO 34: {F912076D-3775-4B8B-86D3-204E022467AD} ()
[01/21/2008, 19:49:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:19] - No filename found. Continuing.
[01/21/2008, 19:49:19] - BHO 35: {FAABF33F-DDA6-4EC3-AB10-243E36BE5619} ()
[01/21/2008, 19:49:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/21/2008, 19:49:19] - No filename found. Continuing.
[01/21/2008, 19:49:19] - Finished Searching Browser Helper Objects
[01/21/2008, 19:49:19] - Finishing up...
[01/21/2008, 19:49:19] - Nothing found! Exiting...
0
Réponse 7 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
21 janv. 2008 à 20:44
quelle belle infection dis moi !!!!OUhhhh
ensuite:

télécharge combofix ici:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

0
Réponse 8 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
21 janv. 2008 à 21:40
ca y est voila le nouveau rapport :

ComboFix 08-01-20.1 - MOI 2008-01-21 20:58:57.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\MOI\Bureau\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\MOI\Application Data\WinTouch
C:\Documents and Settings\MOI\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\MOI\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\MOI\Bureau\Live Safety Center.lnk
C:\Documents and Settings\MOI\Bureau\Online Security Guide.lnk
C:\Documents and Settings\MOI\Menu D‚marrer\Programmes\Outerinfo
C:\Documents and Settings\MOI\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\MOI\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Documents and Settings\MOI\ResErrors.log
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\v.tmp
C:\Program Files\Router
C:\Program Files\Router\Router.exe
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\ttx.exe
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\b149.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\bexpelwh.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\iaxueudy.dll
C:\WINDOWS\system32\k4
C:\WINDOWS\system32\ldcqtqho.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\ypawxqem.dll

----- Unknown downloads made by BITS: ----
https://javadl.oracle.com/
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))))))))
.

2008-01-21 20:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 19:27 . 2008-01-21 19:50 <REP> d----c--- C:\VundoFix Backups
2008-01-20 22:16 . 2008-01-20 22:16 268 --ah-c--- C:\sqmdata09.sqm
2008-01-20 22:16 . 2008-01-20 22:16 244 --ah-c--- C:\sqmnoopt09.sqm
2008-01-20 16:35 . 2008-01-21 19:11 580 --a--c--- C:\Documents
2008-01-20 16:10 . 2008-01-20 16:10 1,073,472 ---hs---- C:\WINDOWS\system32\fcaforgo.ini
2008-01-19 13:54 . 2008-01-20 16:05 1,073,412 ---hs---- C:\WINDOWS\system32\mctvrlon.ini
2008-01-18 13:14 . 2008-01-18 13:14 1,075,164 ---hs---- C:\WINDOWS\system32\ryvattqg.ini
2008-01-15 22:35 . 2008-01-15 22:35 <REP> d-------- C:\Documents and Settings\MOI\Application Data\Talkback
2008-01-15 22:34 . 2008-01-15 22:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-15 22:29 . 2008-01-21 17:53 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-15 20:44 . 2008-01-15 20:45 1,061,496 ---hs---- C:\WINDOWS\system32\hhrfutcr.ini
2008-01-15 15:12 . 2008-01-15 15:12 <REP> d-------- C:\Documents and Settings\MOI\Application Data\Grisoft
2008-01-15 15:12 . 2008-01-15 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 15:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 14:25 . 2008-01-15 14:26 <REP> d-------- C:\Program Files\EcoSante
2008-01-14 20:34 . 2008-01-15 20:34 1,061,436 ---hs---- C:\WINDOWS\system32\lcregsbu.ini
2008-01-11 20:43 . 2008-01-11 20:43 1,060,382 ---hs---- C:\WINDOWS\system32\ktixtxul.ini
2008-01-11 20:33 . 2008-01-21 20:35 15,583 --a------ C:\WINDOWS\BM339d9447.xml
2008-01-11 19:30 . 2008-01-11 19:30 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-10 20:42 . 2008-01-10 20:42 1,057,895 ---hs---- C:\WINDOWS\system32\yfyjofph.ini
2008-01-10 20:33 . 2008-01-21 19:47 22 --a------ C:\WINDOWS\pskt.ini
2008-01-09 20:34 . 2008-01-09 20:34 1,049,449 ---hs---- C:\WINDOWS\system32\bmpotlhu.ini
2008-01-08 20:38 . 2008-01-08 20:38 1,054,842 ---hs---- C:\WINDOWS\system32\ogvacikv.ini
2008-01-07 20:37 . 2008-01-07 20:37 1,043,795 ---hs---- C:\WINDOWS\system32\wnovufrj.ini
2008-01-07 00:12 . 2008-01-20 16:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-07 00:12 . 2008-01-07 00:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-06 23:52 . 2008-01-06 23:53 <REP> d-------- C:\Program Files\iTunes
2008-01-06 23:52 . 2008-01-06 23:52 <REP> d-------- C:\Program Files\iPod
2008-01-06 23:48 . 2008-01-06 23:50 <REP> d-------- C:\Program Files\QuickTime
2008-01-06 23:46 . 2008-01-06 23:46 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-06 23:46 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-06 23:45 . 2008-01-06 23:45 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-06 23:45 . 2008-01-06 23:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-06 20:36 . 2008-01-07 00:10 1,043,819 ---hs---- C:\WINDOWS\system32\wnetopon.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 19:36 --------- d-----w C:\Program Files\eMule
2008-01-21 17:07 31,300 ----a-w C:\Documents and Settings\MOI\Application Data\wklnhst.dat
2008-01-17 12:54 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-17 12:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-15 21:29 --------- d-----w C:\Program Files\Google
2008-01-15 20:30 --------- d-----w C:\Program Files\Java
2008-01-15 13:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 13:44 --------- d-----w C:\Program Files\SudokuLegendSH
2008-01-12 11:29 --------- d-----w C:\Program Files\eCover3D
2008-01-12 11:27 --------- d-----w C:\Program Files\LSF
2008-01-06 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 14:07 --------- d-----w C:\Documents and Settings\MOI\Application Data\AdobeUM
2007-12-08 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-03 20:44 167 ----a-w C:\Documents and Settings\MOI\8424.bat
2007-11-29 21:58 167 ----a-w C:\Documents and Settings\MOI\5565.bat
2007-11-29 11:04 --------- d-----w C:\Program Files\Common Files
2007-11-29 10:50 167 ----a-w C:\Documents and Settings\MOI\3454.bat
2007-11-26 16:19 167 ----a-w C:\Documents and Settings\MOI\8948.bat
2007-11-23 22:20 167 ----a-w C:\Documents and Settings\MOI\1353.bat
2007-11-23 17:26 167 ----a-w C:\Documents and Settings\MOI\2024.bat
2007-11-23 15:23 167 ----a-w C:\Documents and Settings\MOI\2723.bat
2007-11-21 14:56 167 ----a-w C:\Documents and Settings\MOI\5587.bat
2007-11-19 20:16 167 ----a-w C:\Documents and Settings\MOI\5978.bat
2007-11-19 11:21 167 ----a-w C:\Documents and Settings\MOI\5951.bat
2007-11-18 18:57 167 ----a-w C:\Documents and Settings\MOI\4103.bat
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-01-16 10:37 2,315,678 -c--a-w C:\Program Files\VirtualDubMod_1.4.13.2v2.zip
2006-05-22 11:41 57,896 ----a-w C:\Documents and Settings\MOI\Application Data\GDIPFONTCACHEV1.DAT
2006-02-14 20:00 334,294 -c--a-w C:\Program Files\setupMySudoku.exe
2006-01-05 14:49 9,692,886 -c--a-w C:\Program Files\vlc-0.8.4a-win32.exe
2006-01-05 14:41 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
2006-01-02 22:58 706,874 -c--a-w C:\Program Files\install_raveille.exe
2005-11-23 22:08 1,700,200 -c--a-w C:\Program Files\2560x1600.zip
2005-11-20 20:45 6,961,664 -c--a-w C:\Program Files\PocketDivXEncoder_0.3.50.exe
2005-11-16 18:58 1,014,477 -c--a-w C:\Program Files\wrar351.exe
2005-11-15 11:34 5,834,344 -c--a-w C:\Program Files\winzip100.exe
2005-11-09 15:37 2,228,736 -c--a-w C:\Program Files\1clkunzp.exe
2005-11-07 22:13 7,515,608 -c--a-w C:\Program Files\DivXPro521XP2K.exe
2005-11-07 22:09 7,422,256 -c--a-w C:\Program Files\DivXPro521ME98.exe
2005-11-07 21:34 26,540,699 -c--a-w C:\Program Files\VDCodecPack1.7.exe
2005-11-07 18:16 9,336,520 -c--a-w C:\Program Files\Install_MSN_Messenger.EXE
2005-11-07 18:06 4,577,316 -c--a-w C:\Program Files\eMule0.46c-Installer.exe
2005-11-07 22:14 56 -csh--r C:\WINDOWS\system32\B2AA029BED.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-01-17 09:51 13,302 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0850CA53-CB41-4988-ADDF-643D8640E8C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D965E96-DB3B-47BE-AB75-78C47CFEFDBB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38E5C329-53F1-4892-A3B6-BDDBEA67D26F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E7B0AAA-BA39-4A51-A805-B00A7C40CE24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42940831-55DD-4355-B5B2-FE7A7195CE75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C538BEB-89AC-4788-9B16-636066462DB4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{603FAF71-7453-4EB0-AA05-61B5226A9F95}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8752324C-0906-4F23-AA72-A61B8935BF5A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89472F6B-D111-45EB-9A2E-950133459696}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B2A8F7A-F1C5-45F9-A210-B260DB373ED0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D2B9B04-3536-4D45-A2A7-2AC17907783A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{904D797C-D44B-4A76-9AA5-CD8FA73FA6EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95ED48A9-4633-4681-A5FC-42061D5C50BE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97D3A143-678A-395F-D82E-4DE670F40896}]
C:\WINDOWS\system32\klyuoyxs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9804BCA9-0278-410E-83CE-D59880DADD80}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B05BCCD-75E3-4B0A-A941-BA40F0B510FA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C5A1834-8D9D-4053-956F-BAB7AED5ADDC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A18B532E-A115-48FD-B1AE-BCA8CEBE1F99}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF0D173F-4D15-4E13-A350-ACD3AB3EAD41}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B069F735-8821-41AE-92B0-9C0AF3568935}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC426494-6C0E-4463-B8C8-7B28A98466D1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0CA591D-4A90-4DE2-AFC3-6023E5CAE595}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF4E9639-06BF-40C9-BE8A-C6E3C977D087}]
C:\WINDOWS\system32\gebcb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3DBF64D-5D51-4E6F-98EB-07A9992F2902}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFE9A305-FA8B-4310-85B5-FE241B7F4165}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F25C5E13-5394-4E62-8DB9-BFD3E6DEF19F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F75A971F-D4B1-407A-8E7F-AB38164FE55D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F912076D-3775-4B8B-86D3-204E022467AD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAABF33F-DDA6-4EC3-AB10-243E36BE5619}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Oeso"="C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe" [ ]
"Sfub"="C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 17:02 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"SfKg6w"="C:\Documents and Settings\MOI\Application Data\Microsoft\Windows\efdjxi.exe" [ ]
"Insider"="C:\Program Files\Insider\Insider.exe" [ ]
"WinAble"="C:\Program Files\WinAble\winable.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 21:43 118784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 17:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 17:24 688218]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 13:39 58992]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 16:19 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 17:34 229438]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-01 18:20 180269]
"30aea7db"="C:\WINDOWS\system32\nolrvtcm.dll" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 09:00 160768]
"runner1"="C:\WINDOWS\mrofinu1000140.exe" [ ]
"@"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30aea7db]
C:\WINDOWS\system32\nolrvtcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]
C:\Program Files\BestsellerAntivirus\pgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM339d9447]
C:\WINDOWS\system32\ldcqtqho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-12 13:39 58992 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-10-13 17:34 229438 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 09:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-09-17 16:19 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-17 21:43 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 07:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-18 18:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 15:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-17 21:48 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oeso]
C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-11-10 16:06 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\MOI\Application Data\Microsoft\Windows\efdjxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sfub]
C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-01-24 18:58 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 17:02 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-28 07:20 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-05 17:24 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-05 17:25 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-01 18:20 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\MOI\Application Data\WinTouch\WinTouch.exe

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 FTD2XX;USB Downloader Device Driver;C:\WINDOWS\system32\Drivers\FTD2XX.sys [2002-08-07 15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a30795f-2a2b-11da-80f6-0012f00d1b61}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-19 13:05:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 23:24:27 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - MOI.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-01-21 16:58:37 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 21:05:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?4?0?2??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 21:34:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 20:34:38
.
2008-01-10 11:06:32 --- E O F ---
0
Réponse 9 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
21 janv. 2008 à 22:53
reposte moi un nouvel hijackthis STP.
avant que j'oubli ton explorer n'est pas a jour:https://support.microsoft.com/fr-fr/allproducts
0
Réponse 10 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
22 janv. 2008 à 17:10
merci pour la mise a jour je la fais de suite, en attendant voila le hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:31, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MOI\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8D2B9B04-3536-4D45-A2A7-2AC17907783A} - \
O2 - BHO: (no name) - {97D3A143-678A-395F-D82E-4DE670F40896} - C:\WINDOWS\system32\klyuoyxs.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF4E9639-06BF-40C9-BE8A-C6E3C977D087} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {EFE9A305-FA8B-4310-85B5-FE241B7F4165} - \
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [30aea7db] rundll32.exe "C:\WINDOWS\system32\nolrvtcm.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213369B26033AAC
O4 - HKCU\..\Run: [Oeso] "C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe" -vt yazb
O4 - HKCU\..\Run: [Sfub] "C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MOI\Application Data\Microsoft\Windows\efdjxi.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 11 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
22 janv. 2008 à 20:53
voila j'ai fais les mises a jour et refait un hijack (au cas ou ca change quelque chose)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:04, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MOI\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8D2B9B04-3536-4D45-A2A7-2AC17907783A} - \
O2 - BHO: (no name) - {97D3A143-678A-395F-D82E-4DE670F40896} - C:\WINDOWS\system32\klyuoyxs.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF4E9639-06BF-40C9-BE8A-C6E3C977D087} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {EFE9A305-FA8B-4310-85B5-FE241B7F4165} - \
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [30aea7db] rundll32.exe "C:\WINDOWS\system32\nolrvtcm.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213369B26033AAC
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Oeso] "C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe" -vt yazb
O4 - HKCU\..\Run: [Sfub] "C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MOI\Application Data\Microsoft\Windows\efdjxi.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 12 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
22 janv. 2008 à 21:13
re,
je vais te donner encore du travail:

Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31

http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Dézippe le puis

* Installe le à la racine de C

Tu crees un nouveau dossier, via clic droit "créer /nouveau dossier que tu nommes SmitfraudFix --> C:\SmitfraudFix

Regarde un exemple a E ) « Faire un répertoire dédié » https://forum.pcastuces.com/sujet.asp?f=25&s=3902

* double clic sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
* Double clique sur smitfraudfix.cmd
* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
* Poste le rapport ici

ensuite:

télécharge combofix ici:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
0
Réponse 13 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
22 janv. 2008 à 21:59
voila j'ai fais mon travail. Les deux rapports

SmitFraudFix v2.274

Rapport fait à 21:33:23,98, 22/01/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Messenger\msmsgs.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MOI


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\MOI\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FDB3A34-5D89-4BB9-8AB0-920AC58B8F5E}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FDB3A34-5D89-4BB9-8AB0-920AC58B8F5E}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9FDB3A34-5D89-4BB9-8AB0-920AC58B8F5E}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


ComboFix 08-01-20.1 - MOI 2008-01-22 21:44:21.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\MOI\Bureau\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\WINDOWS\system32\airrlygn.ini
C:\WINDOWS\system32\anrfokvy.ini
C:\WINDOWS\system32\atvobuxw.ini
C:\WINDOWS\system32\bhwolwss.ini
C:\WINDOWS\system32\bmpotlhu.ini
C:\WINDOWS\system32\bmqnpvah.ini
C:\WINDOWS\system32\cuntvtqn.ini
C:\WINDOWS\system32\dcvmebog.ini
C:\WINDOWS\system32\dqvapxdi.ini
C:\WINDOWS\system32\ebdevopy.ini
C:\WINDOWS\system32\fcaforgo.ini
C:\WINDOWS\system32\hhrfutcr.ini
C:\WINDOWS\system32\hsftcsch.ini
C:\WINDOWS\system32\iawjnixi.ini
C:\WINDOWS\system32\ktixtxul.ini
C:\WINDOWS\system32\lcregsbu.ini
C:\WINDOWS\system32\lgylssul.ini
C:\WINDOWS\system32\mctvrlon.ini
C:\WINDOWS\system32\mhbisfqv.ini
C:\WINDOWS\system32\mxrqflcj.ini
C:\WINDOWS\system32\ogvacikv.ini
C:\WINDOWS\system32\owrgfiks.ini
C:\WINDOWS\system32\qedkwhri.ini
C:\WINDOWS\system32\ryvattqg.ini
C:\WINDOWS\system32\stfngmri.ini
C:\WINDOWS\system32\supjgqoo.ini
C:\WINDOWS\system32\suvxuxtj.ini
C:\WINDOWS\system32\ucynuaxg.ini
C:\WINDOWS\system32\vmbakuxd.ini
C:\WINDOWS\system32\wbbfbpsf.ini
C:\WINDOWS\system32\wfpkqvti.ini
C:\WINDOWS\system32\wnetopon.ini
C:\WINDOWS\system32\wnovufrj.ini
C:\WINDOWS\system32\yfyjofph.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-22 to 2008-01-22 ))))))))))))))))))))))))))))))))))))
.

2008-01-22 21:33 . 2008-01-22 21:33 3,416 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-22 21:31 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-22 21:31 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-22 21:31 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-22 21:31 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-22 21:31 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-22 21:31 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-22 21:30 . 2008-01-22 21:30 <REP> d----c--- C:\SmitfraudFix1
2008-01-22 21:26 . 2008-01-22 21:36 <REP> d----c--- C:\SmitfraudFix
2008-01-22 21:24 . 2008-01-22 21:35 3,752 --a--c--- C:\GetPaths.vbs
2008-01-22 21:23 . 2008-01-22 21:25 1,062,625 --a--c--- C:\SmitfraudFix.zip
2008-01-22 17:21 . 2008-01-22 17:23 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-22 17:13 . 2008-01-22 17:23 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-01-22 17:13 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-22 17:13 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-22 17:13 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-22 17:13 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-22 17:13 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-22 17:13 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-22 17:13 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-22 17:13 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-22 17:13 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-21 20:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 19:27 . 2008-01-21 19:50 <REP> d----c--- C:\VundoFix Backups
2008-01-20 22:16 . 2008-01-20 22:16 268 --ah-c--- C:\sqmdata09.sqm
2008-01-20 22:16 . 2008-01-20 22:16 244 --ah-c--- C:\sqmnoopt09.sqm
2008-01-20 16:35 . 2008-01-21 19:11 580 --a--c--- C:\Documents
2008-01-15 22:35 . 2008-01-15 22:35 <REP> d-------- C:\Documents and Settings\MOI\Application Data\Talkback
2008-01-15 22:34 . 2008-01-15 22:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-15 22:29 . 2008-01-22 18:53 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-15 15:12 . 2008-01-15 15:12 <REP> d-------- C:\Documents and Settings\MOI\Application Data\Grisoft
2008-01-15 15:12 . 2008-01-15 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-15 15:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-15 14:25 . 2008-01-15 14:26 <REP> d-------- C:\Program Files\EcoSante
2008-01-11 20:33 . 2008-01-21 20:35 15,583 --a------ C:\WINDOWS\BM339d9447.xml
2008-01-11 19:30 . 2008-01-11 19:30 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-10 20:33 . 2008-01-21 19:47 22 --a------ C:\WINDOWS\pskt.ini
2008-01-06 23:52 . 2008-01-06 23:53 <REP> d-------- C:\Program Files\iTunes
2008-01-06 23:52 . 2008-01-06 23:52 <REP> d-------- C:\Program Files\iPod
2008-01-06 23:48 . 2008-01-06 23:50 <REP> d-------- C:\Program Files\QuickTime
2008-01-06 23:46 . 2008-01-06 23:46 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-06 23:46 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-06 23:45 . 2008-01-06 23:45 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-06 23:45 . 2008-01-06 23:45 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 19:40 31,718 ----a-w C:\Documents and Settings\MOI\Application Data\wklnhst.dat
2008-01-22 19:04 --------- d-----w C:\Program Files\eMule
2008-01-17 12:54 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-17 12:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-15 21:29 --------- d-----w C:\Program Files\Google
2008-01-15 20:30 --------- d-----w C:\Program Files\Java
2008-01-15 13:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 13:44 --------- d-----w C:\Program Files\SudokuLegendSH
2008-01-12 15:11 817,664 ---h--w C:\WINDOWS\system32\wodfamoh.dll
2008-01-12 11:29 --------- d-----w C:\Program Files\eCover3D
2008-01-12 11:27 --------- d-----w C:\Program Files\LSF
2008-01-06 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-17 19:58 970,614 --sh--w C:\WINDOWS\system32\ucynuaxg.tmp
2007-12-14 14:07 --------- d-----w C:\Documents and Settings\MOI\Application Data\AdobeUM
2007-12-08 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-03 20:44 167 ----a-w C:\Documents and Settings\MOI\8424.bat
2007-11-29 21:58 167 ----a-w C:\Documents and Settings\MOI\5565.bat
2007-11-29 11:04 --------- d-----w C:\Program Files\Common Files
2007-11-29 10:50 167 ----a-w C:\Documents and Settings\MOI\3454.bat
2007-11-26 16:19 167 ----a-w C:\Documents and Settings\MOI\8948.bat
2007-11-23 22:20 167 ----a-w C:\Documents and Settings\MOI\1353.bat
2007-11-23 17:26 167 ----a-w C:\Documents and Settings\MOI\2024.bat
2007-11-23 15:23 167 ----a-w C:\Documents and Settings\MOI\2723.bat
2007-11-21 14:56 167 ----a-w C:\Documents and Settings\MOI\5587.bat
2007-11-19 20:16 167 ----a-w C:\Documents and Settings\MOI\5978.bat
2007-11-19 11:21 167 ----a-w C:\Documents and Settings\MOI\5951.bat
2007-11-18 18:57 167 ----a-w C:\Documents and Settings\MOI\4103.bat
2007-11-12 09:39 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-05 04:34 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-11-05 04:34 118,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-10-31 03:53 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
2007-01-16 10:37 2,315,678 -c--a-w C:\Program Files\VirtualDubMod_1.4.13.2v2.zip
2006-05-22 11:41 57,896 ----a-w C:\Documents and Settings\MOI\Application Data\GDIPFONTCACHEV1.DAT
2006-02-14 20:00 334,294 -c--a-w C:\Program Files\setupMySudoku.exe
2006-01-05 14:49 9,692,886 -c--a-w C:\Program Files\vlc-0.8.4a-win32.exe
2006-01-05 14:41 12,814,336 -c--a-w C:\Program Files\mp10setup.exe
2006-01-02 22:58 706,874 -c--a-w C:\Program Files\install_raveille.exe
2005-11-23 22:08 1,700,200 -c--a-w C:\Program Files\2560x1600.zip
2005-11-20 20:45 6,961,664 -c--a-w C:\Program Files\PocketDivXEncoder_0.3.50.exe
2005-11-16 18:58 1,014,477 -c--a-w C:\Program Files\wrar351.exe
2005-11-15 11:34 5,834,344 -c--a-w C:\Program Files\winzip100.exe
2005-11-09 15:37 2,228,736 -c--a-w C:\Program Files\1clkunzp.exe
2005-11-07 22:13 7,515,608 -c--a-w C:\Program Files\DivXPro521XP2K.exe
2005-11-07 22:09 7,422,256 -c--a-w C:\Program Files\DivXPro521ME98.exe
2005-11-07 21:34 26,540,699 -c--a-w C:\Program Files\VDCodecPack1.7.exe
2005-11-07 18:16 9,336,520 -c--a-w C:\Program Files\Install_MSN_Messenger.EXE
2005-11-07 18:06 4,577,316 -c--a-w C:\Program Files\eMule0.46c-Installer.exe
2005-11-07 22:14 56 -csh--r C:\WINDOWS\system32\B2AA029BED.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-01-17 09:51 13,302 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-21_21.10.45.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-05 08:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-05 08:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-05 08:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll
+ 2004-12-21 11:14:24 28,672 -c----w C:\WINDOWS\ie7\custsat.dll
+ 2007-10-11 06:13:39 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-10-11 06:13:39 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-10-11 06:13:39 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-05 08:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-05 08:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-05 08:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-05 08:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-05 08:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-05 08:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-10-10 11:16:27 18,432 -c----w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-05 08:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll
+ 2007-10-11 06:13:39 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-05 08:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-05 08:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-05 08:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-05 08:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll
+ 2007-10-11 06:13:39 96,768 -c----w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:28:02 450,560 -c----w C:\WINDOWS\ie7\jscript.dll
+ 2007-10-11 06:13:39 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-05 08:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-05 08:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe
+ 2007-10-30 10:18:16 3,079,680 -c----w C:\WINDOWS\ie7\mshtml.dll
+ 2007-10-11 06:13:40 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-05 08:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-05 08:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll
+ 2007-10-11 06:13:40 146,432 -c----w C:\WINDOWS\ie7\msrating.dll
+ 2007-10-11 06:13:40 532,480 -c----w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-05 08:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll
+ 2007-10-11 06:13:40 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-09-26 17:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-09-26 17:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 16:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 16:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-05 08:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll
+ 2007-10-11 06:13:41 617,472 -c----w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-05 08:00:00 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-05 08:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll
+ 2007-10-11 06:13:41 663,552 -c----w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 17:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll.000
+ 2007-08-13 17:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 17:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 17:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 17:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe.000
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 17:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll.000
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 17:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll.000
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-13 16:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll.000
+ 2007-02-12 15:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 11:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 17:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll.000
+ 2007-08-13 17:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 17:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll.000
+ 2007-08-13 17:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 17:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 17:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe.000
+ 2007-08-13 17:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 17:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 17:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 17:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 17:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 17:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 17:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-08-13 17:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll.000
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:24:42 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 17:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll.000
+ 2007-08-13 17:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 17:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll.000
+ 2007-08-13 17:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2005-09-23 06:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2007-04-13 02:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
- 2005-09-23 06:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2007-04-13 02:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
- 2005-09-23 06:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2007-04-13 02:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
- 2005-09-23 06:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2007-04-13 02:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
- 2005-09-23 06:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2007-04-13 02:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
- 2005-09-23 06:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2007-04-13 02:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
- 2005-09-23 06:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2007-04-13 02:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
- 2005-09-23 06:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2007-04-13 02:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2007-04-13 02:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 06:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2007-04-13 02:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 06:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Accessibility.dll
+ 2005-09-23 06:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\AspNetMMCExt.dll
+ 2005-09-23 06:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\cscompmgd.dll
+ 2005-09-23 06:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\CustomMarshalers.dll
+ 2005-09-23 06:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\IEExecRemote.dll
+ 2005-09-23 06:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\IEHost.dll
+ 2005-09-23 06:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\IIEHost.dll
+ 2005-09-23 06:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\ISymWrapper.dll
+ 2005-09-23 06:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.Build.Engine.dll
+ 2005-09-23 06:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.Build.Framework.dll
+ 2005-09-23 06:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.Build.Tasks.dll
+ 2005-09-23 06:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.Build.Utilities.dll
+ 2005-09-23 06:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.JScript.dll
+ 2005-09-23 06:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 06:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 06:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.VisualBasic.dll
+ 2005-09-23 06:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 06:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.VisualC.Dll
+ 2005-09-23 06:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.Vsa.dll
+ 2005-09-23 06:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 06:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\Microsoft_VsaVb.dll
+ 2005-09-23 06:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\mscorlib.dll
+ 2005-09-23 06:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\sysglobl.dll
+ 2005-09-23 06:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.configuration.dll
+ 2005-09-23 06:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Configuration.Install.dll
+ 2005-09-23 06:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Data.dll
+ 2005-09-23 06:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Data.OracleClient.dll
+ 2005-09-23 06:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Data.SqlXml.dll
+ 2005-09-23 06:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Deployment.dll
+ 2005-09-23 06:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Design.dll
+ 2005-09-23 06:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.DirectoryServices.dll
+ 2005-09-23 06:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.DirectoryServices.Protocols.dll
+ 2005-09-23 06:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.dll
+ 2005-09-23 06:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Drawing.Design.dll
+ 2005-09-23 06:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Drawing.dll
+ 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.EnterpriseServices.dll
+ 2005-09-23 06:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 06:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Management.dll
+ 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Messaging.dll
+ 2005-09-23 06:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Runtime.Remoting.dll
+ 2005-09-23 06:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 06:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Security.dll
+ 2005-09-23 06:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.ServiceProcess.dll
+ 2005-09-23 06:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Transactions.dll
+ 2005-09-23 06:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Web.dll
+ 2005-09-23 06:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Web.Mobile.dll
+ 2005-09-23 06:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Web.RegularExpressions.dll
+ 2005-09-23 06:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Web.Services.dll
+ 2005-09-23 06:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.Windows.Forms.dll
+ 2005-09-23 06:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\GAC15667\System.XML.dll
- 2005-09-23 06:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-04-13 02:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 06:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2007-04-13 02:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
- 2005-09-23 06:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-04-13 02:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2005-09-23 06:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2007-04-13 02:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
- 2005-09-23 06:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2007-04-13 02:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
- 2005-09-23 06:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2007-04-13 02:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 06:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2007-04-13 02:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
- 2004-08-05 08:00:00 61,440 -c--a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 17:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-05 08:00:00 101,888 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 17:39:20 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-10-10 23:49:42 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 17:42:54 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-12-21 11:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 17:54:10 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-10-11 06:13:39 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:49:42 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 17:18:02 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-10-10 11:00:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 23:49:42 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:49:42 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 23:49:42 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 11:16:27 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:44:02 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 17:45:18 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-10-11 06:13:39 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-10 23:49:43 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 17:39:12 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-10-10 11:00:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 17:36:06 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-10-11 06:13:39 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:28:02 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-10-11 06:13:39 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 17:44:18 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 17:32:30 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-10-11 06:13:40 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 17:01:12 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 17:54:10 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-10-11 06:13:40 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:49:44 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-10-11 06:13:40 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:49:45 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:49:45 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-10-11 06:13:40 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-10 23:49:45 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-11 06:13:41 617,472 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 17:54:10 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 17:54:10 765,952 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-10-10 23:49:45 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-10-11 06:13:41 663,552 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:49:45 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-10-11 06:13:39 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 17:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:13:39 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:13:39 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:49:42 132,608 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-05 08:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 11:00:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-05 08:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:49:42 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-05 08:00:00 221,696 -c--a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:49:42 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-05 08:00:00 245,760 -c--a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-05 08:00:00 323,584 -c--a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:49:42 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-05 08:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 17:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-10-10 23:49:43 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-10-11 06:13:39 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 17:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-05 08:00:00 49,152 -c--a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:49:43 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:49:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-05 08:00:00 63,488 -c--a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 17:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 17:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-05 08:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 17:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-10-11 06:13:39 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 17:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:28:02 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 17:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:13:39 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-05 08:00:00 22,528 -c--a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 17:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2006-12-22 10:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-04-13 02:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 17:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-05 08:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 17:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-10-30 10:18:16 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-31 03:53:50 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:13:40 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-05 08:00:00 57,344 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 17:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-05 08:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 17:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-10-11 06:13:40 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:13:40 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:49:45 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-05 08:00:00 97,280 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:49:45 102,400 ------w C:\WINDOWS\system32\occache.dll
- 2007-10-11 06:13:40 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 17:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-05 08:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-10-11 06:13:41 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-05 08:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 17:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-05 08:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:52 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-05 08:00:00 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 17:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-10-11 06:13:41 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D2B9B04-3536-4D45-A2A7-2AC17907783A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97D3A143-678A-395F-D82E-4DE670F40896}]
C:\WINDOWS\system32\klyuoyxs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF4E9639-06BF-40C9-BE8A-C6E3C977D087}]
C:\WINDOWS\system32\gebcb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFE9A305-FA8B-4310-85B5-FE241B7F4165}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Oeso"="C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe" [ ]
"Sfub"="C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 17:02 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 21:43 118784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 17:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 17:24 688218]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-12 13:39 58992]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 16:19 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 17:34 229438]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 18:58 81920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 15:46 172032]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-01 18:20 180269]
"30aea7db"="C:\WINDOWS\system32\nolrvtcm.dll" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 09:00 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30aea7db]
C:\WINDOWS\system32\nolrvtcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BestsellerAntivirus]
C:\Program Files\BestsellerAntivirus\pgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM339d9447]
C:\WINDOWS\system32\ldcqtqho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-12 13:39 58992 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-10-13 17:34 229438 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 09:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-09-17 16:19 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-17 21:43 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 07:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-18 18:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 15:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-17 21:48 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Insider]
C:\Program Files\Insider\Insider.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 12:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oeso]
C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2003-11-10 16:06 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\MOI\Application Data\Microsoft\Windows\efdjxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sfub]
C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-01-24 18:58 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 17:02 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-11-28 07:20 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-10-05 17:24 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-10-05 17:25 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-01 18:20 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\MOI\Application Data\WinTouch\WinTouch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a30795f-2a2b-11da-80f6-0012f00d1b61}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-19 13:05:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 23:24:27 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - MOI.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-01-22 16:58:45 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 21:49:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????1?4?0?2??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-22 21:49:55
ComboFix-quarantined-files.txt 2008-01-22 20:49:42
ComboFix2.txt 2008-01-21 20:34:51
.
2008-01-10 11:06:32 --- E O F ---
0
Réponse 14 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
22 janv. 2008 à 22:43
bravo tu as bien bossé !
pour vérifier fais un scan en ligne:

E - Scan online avec BitDefender

Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X;

la barre anti-popup du SP2 (en haut) va se mettre à clignoter,
clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
Copie/Colle le rapport
http://www.malekal.com/tutorial_BitDefender_AntiSpyware.php
https://kerio.probb.fr/
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

colle un nouveau rapport hijack ensuite.
0
Réponse 15 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
24 janv. 2008 à 19:47
avec 1 jour de retard voila le nouveau rapport online : (j'espère que c'est bien ca le rapport parce que ca me parait bizarre mais d'un coté je suis nulle en informatique donc mon avis ne compte pas vraiment....)

BitDefender Online Scanner



Scan report generated at: Wed, Jan 23, 2008 - 13:17:19





Scan path: C:\;D:\;







Statistics

Time
01:03:49

Files
221332

Folders
6117

Boot Sectors
3

Archives
8220

Packed Files
10910




Results

Identified Viruses
55

Infected Files
359

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
361




Engines Info

Virus Definitions
893087

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\carlton
Infected with: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\carlton
Deleted

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\ccSvcHst.exe
Infected with: Backdoor.SdBot.DFAB

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\ccSvcHst.exe
Disinfection failed

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\ccSvcHst.exe
Deleted

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\Dance_dec_jpg.zip=>www.Dance_dec_jpg_Msn.com
Infected with: Backdoor.SdBot.DFAB

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\Dance_dec_jpg.zip=>www.Dance_dec_jpg_Msn.com
Disinfection failed

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\Dance_dec_jpg.zip=>www.Dance_dec_jpg_Msn.com
Deleted

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\Dance_dec_jpg.zip
Updated

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\mrofinu1148.exe
Infected with: Trojan.Generic.69276

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\mrofinu1148.exe
Disinfection failed

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\mrofinu1148.exe
Deleted

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\mrofinu1148.exe.tmp
Infected with: Trojan.Generic.69276

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\mrofinu1148.exe.tmp
Disinfection failed

C:\Documents and Settings\MOI\Bureau\MSNFix\MSNFix\backup\mrofinu1148.exe.tmp
Deleted

C:\Program Files\Dot1XCfg\Dot1XCfg.exe
Infected with: Trojan.Downloader.Adload.NCS

C:\Program Files\Dot1XCfg\Dot1XCfg.exe
Disinfection failed

C:\Program Files\Dot1XCfg\Dot1XCfg.exe
Deleted

C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Infected with: Backdoor.Agent.AHJ

C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Disinfection failed

C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>VerifierBug.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>VerifierBug.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>Beyond.class
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)=>Beyond.class
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip=>(Quarantine-2)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\08643F44.zip
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\1D644E00.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Small.BUY

C:\Program Files\Norton AntiVirus\Quarantine\1D644E00.exe=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1D644E00.exe=>(Quarantine-2)
Deleted

C:\QooBox\Quarantine\C\Documents and Settings\MOI\Application Data\WinTouch\WTUninstaller.exe.vir
Infected with: Trojan.Downloader.Agent.BUO

C:\QooBox\Quarantine\C\Documents and Settings\MOI\Application Data\WinTouch\WTUninstaller.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Documents and Settings\MOI\Application Data\WinTouch\WTUninstaller.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\outlook\p.zip.vir=>Setup.exe
Infected with: Win32.Worm.VB.DW

C:\QooBox\Quarantine\C\Program Files\outlook\p.zip.vir=>Setup.exe
Deleted

C:\QooBox\Quarantine\C\Program Files\outlook\p.zip.vir
Updated

C:\QooBox\Quarantine\C\Program Files\outlook\v.tmp.vir
Infected with: Win32.Worm.VB.DW

C:\QooBox\Quarantine\C\Program Files\outlook\v.tmp.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Words\UnInstall.exe.vir
Infected with: Trojan.Generic.76416

C:\QooBox\Quarantine\C\Program Files\Words\UnInstall.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Words\UnInstall.exe.vir
Deleted

C:\QooBox\Quarantine\C\Program Files\Words\Words.exe.vir
Infected with: Trojan.Generic.76427

C:\QooBox\Quarantine\C\Program Files\Words\Words.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\Program Files\Words\Words.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\bexpelwh.dll.vir
Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\bexpelwh.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\bexpelwh.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\iaxueudy.dll.vir
Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\iaxueudy.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\iaxueudy.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\ypawxqem.dll.vir
Infected with: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\ypawxqem.dll.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\ypawxqem.dll.vir
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023376.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023376.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023378.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023378.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023386.exe
Infected with: Trojan.Generic.69276

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023386.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023386.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023388.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023388.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023389.exe
Infected with: Trojan.Generic.69783

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023389.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP576\A0023389.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP582\A0023517.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP582\A0023517.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP582\A0023517.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023525.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023525.ini
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023525.ini
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023526.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023526.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023526.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023538.exe
Infected with: Trojan.Downloader.Small.BUY

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023538.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0023538.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0024534.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0024534.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP583\A0024534.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0024598.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0024598.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0024598.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0024599.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0024599.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0024599.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025593.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025593.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025593.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025600.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025600.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025600.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025610.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025610.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025610.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025612.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025612.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP584\A0025612.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025624.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025624.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025624.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025627.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025627.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025627.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025634.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025634.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP585\A0025634.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025657.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025657.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025657.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025658.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025658.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025658.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025660.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025660.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP586\A0025660.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025666.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025666.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025666.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025673.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025673.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025673.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025675.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025675.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025675.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025681.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025681.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025681.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025691.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025691.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025691.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025692.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025692.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025692.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025694.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025694.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0025694.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027691.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027691.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027691.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027692.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027692.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027692.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027693.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027693.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0027693.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028691.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028691.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028691.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028692.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028692.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028692.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028693.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028693.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028693.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028695.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028695.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP587\A0028695.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028722.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028722.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028722.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028723.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028723.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028723.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028731.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028731.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028731.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028732.exe
Infected with: Trojan.Downloader.JJEJ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028732.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028732.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028733.exe
Infected with: Trojan.Downloader.Agent.YUY

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028733.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028738.exe
Infected with: Trojan.Downloader.Agent.YUY

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028738.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028740.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028740.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028740.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028747.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028747.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028749.exe
Infected with: Trojan.Generic.78852

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028749.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP589\A0028749.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028774.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028774.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028774.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028780.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028780.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028780.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028781.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028781.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028789.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028789.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028789.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028791.exe
Infected with: Trojan.Downloader.Agent.YUY

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP590\A0028791.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP591\A0028801.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP591\A0028801.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP591\A0028801.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP591\A0028808.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP591\A0028808.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP592\A0029809.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP592\A0029809.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP592\A0029809.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP592\A0029816.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP592\A0029816.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP593\A0030815.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP593\A0030815.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP593\A0030820.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP593\A0030820.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP593\A0030820.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP593\A0030827.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP593\A0030827.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031820.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031820.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031820.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031828.exe
Infected with: Trojan.Adload.MAV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031828.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031828.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031830.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031830.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031844.exe
Infected with: Trojan.Vb.Agent.X

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031844.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031844.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031845.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031845.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031847.exe
Infected with: Trojan.Downloader.Agent.BHU

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031847.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP594\A0031847.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031858.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031858.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031858.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031865.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031865.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031866.exe
Infected with: Trojan.Downloader.Agent.BHU

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031866.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP595\A0031866.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP596\A0031873.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP596\A0031873.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP596\A0031881.exe
Infected with: Trojan.DownLoader.Agent.YUV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP596\A0031881.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP596\A0031885.exe
Infected with: Trojan.Adload.MAV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP596\A0031885.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP596\A0031885.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP597\A0031956.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP597\A0031956.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP597\A0031956.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032036.DLL
Infected with: Generic.Lineage.2259D555

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032036.DLL
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032036.DLL
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032141.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032141.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032141.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032142.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032142.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032142.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032143.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032143.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032143.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032144.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032144.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032144.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032145.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032145.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032145.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032146.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032146.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032146.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032147.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032147.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032147.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032148.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032148.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032148.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032149.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032149.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032149.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032150.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032150.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032150.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032151.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032151.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032151.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032152.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032152.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032152.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032153.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032153.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032153.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032154.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032154.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032154.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032155.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032155.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032155.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032156.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032156.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032156.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032157.exe
Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032157.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032157.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032158.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032158.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032158.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032159.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032159.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032159.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032160.dll
Infected with: Trojan.Vundo.DQO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032160.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032160.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032161.dll
Infected with: Trojan.Vundo.DQZ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032161.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032161.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032162.dll
Infected with: Trojan.Vundo.DWS

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032162.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032162.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032164.exe
Infected with: Trojan.Downloader.Downloader.DLT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032164.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032164.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032165.exe
Infected with: Trojan.Adload.MAV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032165.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032165.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032167.exe
Infected with: Trojan.Downloader.Purityscan.EN

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032167.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP598\A0032167.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP599\A0032176.dll
Infected with: Trojan.Vundo.DWS

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP599\A0032176.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP599\A0032176.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP599\A0032177.dll
Infected with: Trojan.Vundo.DST

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP599\A0032177.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP599\A0032177.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP600\A0036176.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP600\A0036176.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP600\A0036176.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP600\A0039195.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP600\A0039195.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP600\A0039195.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039255.exe
Infected with: Backdoor.Rbot.CMN

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039255.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039255.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039256.exe
Infected with: Win32.Worm.VB.DW

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039256.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039282.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039282.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039282.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039283.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039283.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039283.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039284.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039284.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039284.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039306.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039306.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP601\A0039306.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP602\A0039314.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP602\A0039314.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP602\A0039314.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP602\A0040327.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP602\A0040327.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP602\A0040327.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP605\A0044327.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP605\A0044327.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP605\A0044327.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP606\A0045351.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP606\A0045351.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP606\A0045351.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP607\A0049378.exe
Infected with: Trojan.Adload.MAV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP607\A0049378.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP607\A0049378.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP608\A0050363.dll
Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP608\A0050363.dll
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP608\A0050363.dll
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP609\A0050416.exe
Infected with: Trojan.Downloader.Agent.YWO

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP609\A0050416.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP610\A0050425.exe
Infected with: Trojan.Downloader.Agent.BHU

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP610\A0050425.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP610\A0050425.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP610\A0050429.exe
Infected with: Trojan.Adload.MAV

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP610\A0050429.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP610\A0050429.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP613\A0053504.exe
Infected with: Trojan.Downloader.Agent.YYQ

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP613\A0053504.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP614\A0053540.exe
Infected with: Trojan.Downloader.Agent.BHU

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP614\A0053540.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP614\A0053540.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP615\A0053572.exe
Infected with: Trojan.Drastwor.A

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP615\A0053572.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP615\A0053572.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054795.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054795.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054795.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054796.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054796.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054796.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054797.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054797.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054797.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054798.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054798.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054798.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054799.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054799.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054799.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054800.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054800.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054800.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054801.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054801.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054801.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054802.exe
Infected with: Trojan.Fotomoto.H

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054802.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0054802.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0055585.exe
Infected with: Trojan.Generic.76417

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0055585.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP619\A0055585.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056708.exe
Infected with: Trojan.Downloader.Agent.BHU

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056708.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056708.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056711.exe
Infected with: Backdoor.SdBot.DFAB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056711.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056711.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056713.exe
Infected with: Trojan.Downloader.JJKG

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056713.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056713.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056714.exe
Infected with: Trojan.Generic.69276

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056714.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056714.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056715.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056715.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056715.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056716.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056716.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056716.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056717.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056717.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056717.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056718.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056718.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056718.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056719.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056719.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056719.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056720.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056720.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056720.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056721.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056721.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056721.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056722.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056722.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056722.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056723.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056723.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056723.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056724.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056724.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056724.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056725.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056725.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056725.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056726.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056726.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056726.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056727.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056727.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056727.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056728.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056728.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056728.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056729.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056729.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056729.exe
Deleted

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056730.exe
Infected with: Trojan.Clicker.MNB

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP622\A0056730.exe
Disinfection failed

C:\System Volume Information\_restore{B8687C
0
Réponse 16 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
24 janv. 2008 à 20:25
et enfin le rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:22, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\MOI\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8D2B9B04-3536-4D45-A2A7-2AC17907783A} - \
O2 - BHO: (no name) - {97D3A143-678A-395F-D82E-4DE670F40896} - C:\WINDOWS\system32\klyuoyxs.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF4E9639-06BF-40C9-BE8A-C6E3C977D087} - C:\WINDOWS\system32\gebcb.dll (file missing)
O2 - BHO: (no name) - {EFE9A305-FA8B-4310-85B5-FE241B7F4165} - \
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [30aea7db] rundll32.exe "C:\WINDOWS\system32\nolrvtcm.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E2C2832213369B26033AAC
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Oeso] "C:\PROGRA~1\COMMON~1\SCURIT~1\winword.exe" -vt yazb
O4 - HKCU\..\Run: [Sfub] "C:\Program Files\Common Files\??crosoft.NET\w?aclt.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\MOI\Application Data\Microsoft\Windows\efdjxi.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
0
Réponse 17 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
24 janv. 2008 à 20:31
55 virus ,, 359 fichiers infectées !!!!
en plus tu était infecté par un virus msn (virus carlton)
tous ces virus sont dans ta restauration et tu dois avoir certains virus stockés en quarantaine dans norton(peux tu les supprimer?)

tu vas créer un nouveau point de restauration:

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

dis moi ce qu'il en est ?
0
Réponse 18 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
24 janv. 2008 à 21:17
55 virus ??? Et est-ce qu'on peut en parler au passé de ces virus ou pas encore ?
* j'ai regardé dans la quarantaine de norton et y a aucun fichier, ni virus ni rien.
J'ai fais la désactivation puis activation de la restauration (ca n'a pas été très long, c'est normal?) Ca m'a l'air d'aller mieux meme si je trouve que ca va mieux depuis 2 jours disons.
Tu penses que j'en suis venu a bout enfin ?
0
Réponse 19 / 30
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
24 janv. 2008 à 22:15
re,
il y a encore quelquechose qui m'enbete !

fais ceci:

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 20 / 30
chtiotte59 Messages postés 24 Date d'inscription lundi 21 janvier 2008 Statut Membre Dernière intervention 24 novembre 2008
28 janv. 2008 à 18:53
désolée pour le retard mais j'étais en week end, enfin voila le rapport de SDFix comme demandé :


SDFix: Version 1.131

Run by MOI on 28/01/2008 at 13:39

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\MOI\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found


x.dat and z.dat data copied to \SDFix\Data.txt


Folder C:\Program Files\Dot1XCfg - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 13:49:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 7 Nov 2005 56 ..SHR --- "C:\WINDOWS\system32\B2AA029BED.sys"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 17 Jan 2007 13,302 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 17 Dec 2007 970,614 ..SH. --- "C:\WINDOWS\system32\ucynuaxg.tmp"
Sat 12 Jan 2008 817,664 ...H. --- "C:\WINDOWS\system32\wodfamoh.dll"
Sun 8 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue 16 Jan 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 13 Aug 2004 1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Sun 15 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Mon 21 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT2.tmp"
Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT5.tmp"
Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"

Finished!


Penses-tu que je dois encore éliminer certains fichiers ?? (j'ai la bizarre impression que mon ordi recommence a ramer un ptit peu plus aujourd'hui...)
Si je dois encore effectuer certains scans ou rapports n'hésite pas a me le dire, je suis prête a tout.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses