Sujet Précédent Sujet Suivant

Double attaque de trojan

Résolu/Fermé
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012 - 23 janv. 2008 à 07:40
 wincpp - 30 août 2009 à 05:47
Bonjour, suite a mes déboires grâce au virus msn "c'est toi?", j'ai désormais une attaque de: TR/AGENT.18944 et de TR/CRYPT.FKM.GEN

mon antivirus est depuis hier hier antivir et il ne cesse de me demander ce que je veux faire avec eux sans que ça ait une quelconqe utilité apparente.

J'ai besoin de votre aide s'il vous plait Merci d'avance

(P.S, je usis absente durant quelques heures mais postez je verrai en rentrant à midi^^)
A voir également:

56 réponses

Réponse 1 / 56
curagio Messages postés 400 Date d'inscription vendredi 14 décembre 2007 Statut Membre Dernière intervention 2 février 2008 9
26 janv. 2008 à 13:26
1) Tout d'abord, on va supprimer toutes les traces des logiciels que nous avons utilisés qui traitent des infections spécifiques et ceci grace a ToolsCleaner de A.Roshtein


· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur quitter , pour que le rapport puisse se créer.

· Ferme le rapport qui s'ouvre, et poste le dans ta prochaine réponse.(Il se trouve a la racine du disque C:\TCleaner.txt)

2) Scan en ligne chez Bitdefender

* fais un scan antivirus en ligne https://www.bitdefender.fr/ avec IE et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

Aide toi de ce Tuto (merci Morgane) http://pageperso.aol.fr/loraline60/bitdefender_scan.htm

Poste en réponse le rapport de scan qui se trouve ici C:\windows\bdoscan8\scanres.txt ou scanres.html

3) Rapports :

J'attends donc le rapport de Toolcleaner situé ici C:\TCleaner.txt et le rapport de Bitdefender On line

@ suivre car il restera des conseils de sécurité a appliquer




2
Réponse 2 / 56
curagio Messages postés 400 Date d'inscription vendredi 14 décembre 2007 Statut Membre Dernière intervention 2 février 2008 9
27 janv. 2008 à 19:41
re
YOUPI!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

oui que demander de mieux ;-)

reste a suivre quel que conseil pour éviter un max de problèmes


sa va être un peu long, mai crois moi sa en vau la peine


-- Pour CCleaner ----> Tu peux par contre, garder et utiliser CCleaner fonction "nettoyeur" sans modération , reccoche seulement dans avancés "ne pas effacer fichiers...48h"
un ptit complément d info sur CC http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
(Attention toutefois a l'utilisation de la fonction erreur , sauvegarder les changements fait dans le registre par sécurité.)

--Pour AVG AS --->
Au bout des 30 jours d'essai , AVG Anti-Spyware restera utilisable sans limitation de durée, mais avec deux restrictions:
*- pas de surveillance en temps réel,
*- pas de mise à jour automatique en ligne.
Il restera un bon scan passif avec lequel tu pourras effectuer un ptit"nettoyage", sans oublier de faire une mise à jour manuelle avant d'exécuter le balayage.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------

=> Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.


* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

=> Pour améliorer la sécurité de ton PC prend quelques instants pour lire

Sécuriser son PC +WIFI (versions "hot" & "light") de Philae https://forum.pcastuces.com/default.asp

https://www.malekal.com/fichiers/projetantimalwares/prevention-protection.pdf (téléchargeable en Pdf)

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

=> Pour sécuriser ta navigation

-- Un programme incontournable : SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa liste Hosts )
https://www.safer-networking.org/

-démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
-Tuto :
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm

--Essaye le navigateur Firefox plus sur/sécurisé qu IE

-Téléchargement: http://www.mozilla-europe.org/fr/products/firefox/
-Tutorial pour le sécuriser: https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

Firefox n utilise pas le dangereux protocole ActiveX
Ce que sont les activeX : http://assiste.com.free.fr/p/abc/a/activex_dangers.html
S'en protéger: http://assiste.com.free.fr/p/abc/c/anti_activex.html

--Comportement a adopter http://assiste.com.free.fr/p/abc/a/safe_cex.html

--------------------------------------------------------------------------------------------------------------------------------------------------------------------


=> Afin d’éviter les failles de sécurité :

* Mets a jour Windows régulièrement


* Vérifie tes mises a jours des différents softs régulièrement: ici et mets a jour ce qui n’y est pas. https://www.flexera.com/products/operations/software-vulnerability-management.html
-Tuto https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
-Autre possibilité, t'abonner gratuitement a "la lettre hebdomadaire de secuser.com" ici http://www.secuser.com/ a gauche en bas de page.

* Mise a jour de la console Java :

Rends toi sur https://www.java.com/fr/download/manual.jsp et télécharge la dernière version (si ta version actuelle n'est pas à jour) ou ici https://filehippo.com/download_jre_32/?ex=CORE-116.0
Après avoir installé la dernière version, désinstalle les anciennes versions (de java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions.
via Démarrer / paramètres / panneau de config / et dans ajout/suppression de programme navigue jusqu'aux anciennes versions de la console java qui s'y trouvent, puis supprimer, suis les invites de commandes dans la boite de dialogue qui va s'ouvrir afin d'amener la désinstallation a son terme.
Fais cela pour chacune d'elle, une a une, fais redémarrer ton PC quand cela te le sera demandé .
Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

=> Pour optimiser un peu ton PC

Pense a lancer une petite défragmentation.
Tuto : http://www.linternaute.com/hightech/nettoyagepc/nettoyagepc1.shtml

* Gère tes services grâce a ces 2 liens
http://speedweb1.free.fr/frames2.php?page=service3 et http://speedweb1.free.fr/frames2.php?page=service4

* Utilise Zeb Utility
une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
Téléchargement : https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
Tuto : https://www.zebulon.fr/dossiers/autres/58-zebutility.html

--------------------------------------------------------------------------------------------------------------------------------------------------------------------



n'oublie pas de mettre ton poste en résolut :


Voila bon courage, bonnes lectures , et bon surf

@+ ;-)

curagio



"Si on vous laisse poireauter aussi longtemps dans les urgences,
c'est que le temps guérit tous les maux."
1
Réponse 3 / 56
Utilisateur anonyme
23 janv. 2008 à 09:42
bonjour , macaillette ! lol

pour commencer !

Télécharge sur le bureau" outil de diagnostic et reparation"
ftp://ftp.commentcamarche.com/download/HJTInstall.exe ici tu telecharge
= Clic-droit sur Hijackthis
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe) <== Important
=Double-clic dessus
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm ici mode d'emplois en images


ensuite

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0
Réponse 4 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 12:08
tout d'abord merci beaucoup pour la réponse bien détaillée comme je les aime^^

voici mon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:47, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\C8C7CBCFCFCA.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\bhij.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Spyware Doctor\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B935524D-314B-4791-AB4E-64FDFD64A689} - C:\Program Files\MSN\hopeweC:\DOCUME~1\Sandrine\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - btask.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [2423272B2B2625] C8C7CBCFCFCA.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 12:50
me revoilà avec le rapport sdfix:

SDFix: Version 1.130

Run by Sandrine on 23/01/2008 at 12:29

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\-55028~1 - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\ps1.dat - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\sft.res - Deleted



Folder C:\Program Files\Helper - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 12:37:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drtya]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\drtya"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drtya\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\drtya]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\drtya"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\drtya\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 42


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Sandrine\\Bureau\\emule.exe"="C:\\Documents and Settings\\Sandrine\\Bureau\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Browser"
"C:\\DOCUME~1\\Sandrine\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Sandrine\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 18 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 14 Nov 2006 69,120 ...H. --- "C:\Documents and Settings\Sandrine\Mes documents\~WRL0778.tmp"
Sun 24 Sep 2006 24,064 ...H. --- "C:\Documents and Settings\Sandrine\Mes documents\~WRL3366.tmp"
Mon 11 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 21 Feb 2006 20,992 A..H. --- "C:\Documents and Settings\Sandrine\Mes documents\SR2\~WRL3831.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITA.tmp"
Tue 22 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT8.tmp"

Finished!


j'espère que c'est encourageant^^
0
Réponse 6 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 15:52
j'ai effectué un scan avec antivir pour vir suite a l'utilisation de sdfix



AntiVir PersonalEdition Classic
Report file date: mercredi 23 janvier 2008 14:49

Scanning for 1063907 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: AMILO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:58:27
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 21:58:27
ANTIVIR3.VDF : 7.0.2.31 319488 Bytes 22/01/2008 21:58:27
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 22/01/2008 21:58:27
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 22/01/2008 21:58:28
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 23 janvier 2008 14:49

The scan of running processes will be started
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'bhij.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'spfprc.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'C8C7CBCFCFCA.exe' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'spftray.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'OSDCtrl.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
55 processes with 55 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\info.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.hnw.3
[INFO] The file was moved to '47fd468f.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47fd468f.qua
[DETECTION] Is the Trojan horse TR/Dldr.Small.hnw.3
[INFO] The file was moved to '47fd4662.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I1E3ATUV\mutex_n1_21_01_08_0[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '480b46f3.qua'!
C:\Documents and Settings\Sandrine\Bureau\MSNFix\MSNFix\22012008_19095310.zip
[0] Archive type: ZIP
--> backup/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/abbtzh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/abwndx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/acxjoz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/apdvvz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/apewbf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ashtdi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/awoarr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bbonxc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bibghx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bjfznn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bjzsnq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bmaekm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bmeotg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/brbrqe.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/buijqv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bunlbx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bydiok.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/chqpen.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cmohfr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cozikl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/crfmep.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/crsacj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cxbhas.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dcnsjx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dcqalk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/defvdi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dkbrdk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dkofwi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dutija.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dwnfvi.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/ebrtov.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ecynjg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/eheuwn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ekeqat.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/epkbiw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/eswxkt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/eyeedo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ffigka.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fhvjze.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fkaabc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fsmzts.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fzwahg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gbdbrm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gesnzg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ghqezr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/glbnkr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gmkmje.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gubasw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hfjswa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hjeflw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hqhyak.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hrwcah.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/icecqi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ifpkjo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ilffkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/imhrze.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/irrmug.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/iuomco.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ixypah.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/iytydj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jbthfo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jiraop.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jkljsp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jmhvhj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jpwhpd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jtlfxb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jtyweg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kcyohl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kcyzql.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kddfff.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kdlacb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kdvfwm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kjztls.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kutxbl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kxlckx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kybgby.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kyehsc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/laqnzb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lbmapt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ljtjlh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lmqrwg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lweczq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lyjwyp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/macppk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/megvna.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mhsqlp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mkgzae.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mqhntp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrahwj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/njqdue.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nqslzh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nrkgej.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/nstjtz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/oalbiw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ofjdmp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ofznwn.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/okowja.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pczysc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pnliax.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/prcedb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/psojjj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ptytzb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pzwmyu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qvpjgx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/raesje.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ravagg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rofvxr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rtpqmj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sadjvy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> backup/shpblm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/sumdvx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tbhfxa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tcwrsp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tdlpic.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tgojfv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/thmqdx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tijpnq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tpuviy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ttoynn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uglrzg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ugpvhz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uhwxfr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ukcmvu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ulhmaa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ulppdz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ulztkx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/umxmgq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uraads.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uukpnv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uxlqyx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vcisqc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vejrxd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/veqqts.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vjnvyh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vlxipc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vmuyyi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vwrxxp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vydnvo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wldzdd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wlhjze.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wmssdj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wyalvz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xafcfr.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xdwphq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xnhstj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xosqfl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xqolva.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xvwjui.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yakgbi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yblaep.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ycbzdu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ygoaie.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/ymyltj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ynrjsy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yyxijy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zgbsol.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zhtxbe.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/zognss.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zpajys.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zsclmt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ztbilm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c74709.qua'!
C:\Program Files\Mozilla Firefox\bbplqm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4807511f.qua'!
C:\Program Files\Mozilla Firefox\cfofhc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48065126.qua'!
C:\Program Files\Mozilla Firefox\kwwsgw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '480e5139.qua'!
C:\Program Files\Mozilla Firefox\mjoast.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4806512e.qua'!
C:\Program Files\Mozilla Firefox\nikkvq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48025131.qua'!
C:\Program Files\Mozilla Firefox\pibuon.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47f95133.qua'!
C:\Program Files\Mozilla Firefox\qjiowv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48005137.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP302\A0062690.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c75149.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP311\A0062946.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c7515d.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP338\A0065401.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c75190.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP344\A0065670.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c751a4.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP377\A0072439.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c751e8.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP377\A0073037.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75205.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP377\A0073038.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75208.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP377\A0073043.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
[INFO] The file was moved to '47c7520f.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP377\A0073044.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was moved to '47c75212.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0074050.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was moved to '47c75218.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0075110.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7521d.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0075111.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75220.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0076107.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47c75223.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0076108.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47c75225.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0076109.exe:exm.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47c75228.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0076114.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7522a.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0076115.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7522c.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0076116.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75230.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0077122.exe
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '47c75234.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0077123.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47c75236.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0077124.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47c75238.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0077128.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75240.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0077129.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75243.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0077151.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75249.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078167.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47c7524d.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078168.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47c7525b.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078171.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75274.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078172.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75277.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078176.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7527a.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078177.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7527d.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078178.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75284.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078179.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75287.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078180.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7528d.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078181.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75296.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078182.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75298.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078183.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7529b.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078184.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7529e.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078185.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078186.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752a5.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078187.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752a9.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752d6.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078189.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752d8.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078190.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '47c752e0.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078191.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752e3.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078192.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752e6.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078193.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752e8.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078194.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752ea.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078195.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752ec.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078196.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752ed.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078197.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752ef.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078198.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752fe.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078199.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c752ff.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078200.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75308.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078201.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7530a.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078202.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7530c.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078203.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75317.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078204.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7531c.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078205.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7531f.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078206.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '47c75321.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078207.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75326.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078208.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75328.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078209.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7532f.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078210.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '47c75333.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078211.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75383.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078212.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75386.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078213.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75388.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078214.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7538b.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078215.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7538d.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078216.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c7538f.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078217.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75391.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078218.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75393.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078219.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c75395.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078220.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c753aa.qua'!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078221.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[WARNING] The file was ignored!
C:\System Volume Information\_restore{E39DFEEF-CF06-4D1F-9BD3-9AB31098009B}\RP378\A0078222.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen


End of the scan: mercredi 23 janvier 2008 15:47
Used time: 57:57 min

The scan has been canceled!

3044 Scanning directories
205081 Files were scanned
250 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
83 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
204831 Files not concerned
700 Archives were scanned
2 Warnings
0 Notes
0
Réponse 7 / 56
Utilisateur anonyme
23 janv. 2008 à 16:03
bonjour !

Télécharge Combofix.exe de sUBs sur ton Bureau,

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

Double clique sur Combofix.exe
pendant que le fix s'execute tu ne dois pas toucher ta souris suis les directive de combofix ( appuyer sur une touche , redemarrer, ...)
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra.


reactive ton antivirus !

Poste lerapport dans ta prochaine réponse.

Note : Le rapport se trouve également là : C:\Combofix.txt+

Note : Si ton Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Onglet "Processus" > Fichier (menu) > Nouvelle tâche (Exécuter...) > tape explorer et clique sur OK.


poste moi un nouveaurapport hijackthis ! en plus de celui de combofix !
0
Réponse 8 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 16:35
question très bête : je fais comment pour désactiver mon antivirus?
0
Réponse 9 / 56
Utilisateur anonyme
23 janv. 2008 à 16:36
clic droit sur l'icone dans la barre de tache puis quitter ! (mais hors connection!)
0
Réponse 10 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 16:39
merci a toute^^
0
Réponse 11 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 17:18
donc rebonjour:

voici le rapport de combofix

ComboFix 08-01-23.2 - Sandrine 2008-01-23 17:05:32.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.489 [GMT 1:00]
Endroit: C:\Documents and Settings\Sandrine\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Sandrine\Application Data\MessengerSkinner
C:\Documents and Settings\Sandrine\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\Sandrine\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\Sandrine\Menu D‚marrer\Programmes\MessengerSkinner
C:\Documents and Settings\Sandrine\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\Sandrine\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\MessengerSkinner.url
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\winperformance
C:\Program Files\winperformance\extensions\index.ext
C:\Program Files\winperformance\extensions\main.dll
C:\Program Files\winperformance\extensions\main.ldb
C:\Program Files\winperformance\extensions\main.mdb
C:\Program Files\winperformance\files\warn_bad.bmp
C:\Program Files\winperformance\files\warn_trusted.bmp
C:\Program Files\winperformance\files\warn_unknown.bmp
C:\Program Files\winperformance\registry_backup\2008.01.22 18.57.38.rb
C:\Program Files\winperformance\scan.archive
C:\Program Files\winperformance\WinPerformance.ini
C:\Program Files\winperformance\zlib.dll
C:\WINDOWS\pack.epk
c:\WINDOWS\system32\gbytbwlos.dat
C:\WINDOWS\system32\gbytbwlos.exe
C:\WINDOWS\system32\gbytbwlos_nav.dat
C:\WINDOWS\system32\gbytbwlos_navps.dat
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm






((((((((((((((((((((((((((((( Fichiers créés 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 16:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 12:25 . 2008-01-23 12:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-22 21:19 . 2008-01-22 21:19 <REP> d-------- C:\Program Files\Avira
2008-01-22 20:18 . 2008-01-22 20:18 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\WINDOWS\system32\07060A0E0E09
2008-01-22 19:00 . 2007-12-14 13:40 120,832 --a------ C:\WINDOWS\system32\C8C7CBCFCFCA.exe
2008-01-22 18:22 . 2008-01-22 18:22 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-22 07:26 . 2008-01-22 07:26 <REP> d-------- C:\WINDOWS\leunemdf
2008-01-22 07:26 . 2008-01-22 07:26 192,000 --a------ C:\WINDOWS\ydwxwrql.dll
2008-01-22 07:25 . 2008-01-22 07:25 36,864 --a------ C:\WINDOWS\dwpcfazm.exe
2008-01-21 19:16 . 2008-01-21 19:16 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-21 19:16 . 2008-01-21 19:16 10,752 --a------ C:\bhij.exe
2008-01-21 19:16 . 2008-01-22 02:14 92 --a------ C:\3670019.bat
2008-01-21 07:13 . 2008-01-21 07:13 25,984 --a------ C:\WINDOWS\system32\drivers\Ahn64.sys
2008-01-20 23:40 . 2008-01-20 23:40 54,764 --a------ C:\WINDOWS\system32\drivers\drtya
2008-01-20 22:40 . 2008-01-22 19:49 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 22:40 . 2008-01-20 22:45 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 19:02 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-20 19:02 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-20 19:02 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-20 19:02 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-20 19:01 . 2008-01-23 15:29 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-20 19:01 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-20 18:43 . 2008-01-20 18:44 <REP> d-------- C:\Program Files\SPYWAREfighter
2008-01-20 18:43 . 2008-01-20 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Application
2007-12-30 16:32 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-30 16:32 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-23 02:20 . 2007-12-23 02:20 180,224 --a------ C:\WINDOWS\system32\MI19.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 18:48 --------- d-----w C:\Program Files\Neuf
2008-01-22 18:47 --------- d-----w C:\Program Files\VideoLAN
2008-01-22 01:14 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-21 19:08 --------- d-----w C:\Program Files\Launch Manager
2008-01-20 18:00 --------- d-----w C:\Program Files\Google
2008-01-20 17:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 09:44 --------- d-----w C:\Program Files\eMule
2007-11-07 09:50 733,696 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-02 20:53 1,401 ----a-w C:\Program Files\uninstal.log
2001-08-13 13:51 1,396,337 ----a-w C:\Program Files\Captura.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B935524D-314B-4791-AB4E-64FDFD64A689}]
C:\Program Files\MSN\hopeweC:\DOCUME~1\Sandrine\LOCALS~1\Temp\mst455101.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2006-04-28 09:32 569344]
"Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 14:19 389120]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 21:13 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"WintelUpdate"="C:\bhij.exe" [2008-01-21 19:16 10752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 577536 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 16:35 32768]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 14:29 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-05-02 13:09 57344]
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [2005-03-16 12:52 204800]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-10-11 09:47 245760]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 10:41 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-19 23:00 761946]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 13:28 20480]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 20:05 339968]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-22 14:17 282624]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52 115608]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"2423272B2B2625"="C8C7CBCFCFCA.exe" [2007-12-14 13:40 120832 C:\WINDOWS\system32\C8C7CBCFCFCA.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-22 22:58 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52 53248]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-20 19:00:47 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahn64.sys]
@="Driver"

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 14:18]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2007-06-08 11:52]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2007-06-08 11:52]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
S2 FFI;FFI;C:\WINDOWS\system32\svchost.exe:exm.exe []
S3 Ahn64;Ahn64;C:\WINDOWS\System32\drivers\Ahn64.sys [2008-01-21 07:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b52a6fb0-0feb-11db-a283-00904bde7d26}]
\Shell\AutoRun\command - E:\setupSNK.exe

*Newly Created Service* - IDRIVERT
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-23 15:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 17:08:55
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FFI]
"ImagePath"="C:\WINDOWS\system32\svchost.exe:exm.exe"
.



et voici celui de hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\C8C7CBCFCFCA.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\bhij.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B935524D-314B-4791-AB4E-64FDFD64A689} - C:\Program Files\MSN\hopeweC:\DOCUME~1\Sandrine\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [2423272B2B2625] C8C7CBCFCFCA.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
0
Réponse 12 / 56
Utilisateur anonyme
23 janv. 2008 à 18:38
petite question , tu lis le sanskrit ?
0
Réponse 13 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 18:45
le quoi?
0
Réponse 14 / 56
Utilisateur anonyme
23 janv. 2008 à 20:14
Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\ztx86.sys
Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
0
Réponse 15 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 20:37
voici le résultat:

0 bytes size received / Se ha recibido un archivo vacio


ce machin est vide :s
0
Réponse 16 / 56
Utilisateur anonyme
23 janv. 2008 à 20:57
Copie le texte ci-dessous :
( remercie Le sioux pour se script !)



Driver::
astq
Ahn64
drtya

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B935524D-314B-4791-AB4E-64FDFD64A689}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"spywarefighterguard"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahn64.sys]

File::
C:\WINDOWS\system32\07060A0E0E09
C:\WINDOWS\system32\C8C7CBCFCFCA.exe
C:\WINDOWS\leunemdf
C:\WINDOWS\ydwxwrql.dll
C:\WINDOWS\dwpcfazm.exe
C:\bhij.exe
C:\3670019.bat
C:\WINDOWS\system32\MI19.tmp
C:\WINDOWS\system32\drivers\astq.tga
C:\WINDOWS\system32\drivers\Ahn64.sys
C:\WINDOWS\system32\drivers\drtya
C:\Documents and Settings\Sandrine\Local Settings\Temp\mst455101.exe.dll
C:\Program Files\MSN\hopewe

Folder::
C:\Program Files\SPYWAREfighter
C:\Program Files\MSN\hopewe





Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 17 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 21:40
Voila le rapport de combo, je m'apprétais a virer spywarefighter, j'aurais du le faire avant de lancer combofix apparemment ^^

ComboFix 08-01-23.2 - Sandrine 2008-01-23 21:18:34.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.468 [GMT 1:00]
Endroit: C:\Documents and Settings\Sandrine\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sandrine\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE
C:\3670019.bat
C:\bhij.exe
C:\Documents and Settings\Sandrine\Local Settings\Temp\mst455101.exe.dll
C:\Program Files\MSN\hopewe
C:\WINDOWS\dwpcfazm.exe
C:\WINDOWS\leunemdf
C:\WINDOWS\system32\07060A0E0E09
C:\WINDOWS\system32\C8C7CBCFCFCA.exe
C:\WINDOWS\system32\drivers\Ahn64.sys
C:\WINDOWS\system32\drivers\astq.tga
C:\WINDOWS\system32\drivers\drtya
C:\WINDOWS\system32\MI19.tmp
C:\WINDOWS\ydwxwrql.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\3670019.bat
C:\bhij.exe
C:\Program Files\SPYWAREfighter
C:\Program Files\SPYWAREfighter\engine.dll
C:\Program Files\SPYWAREfighter\Graphics\account_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\account_white.gif
C:\Program Files\SPYWAREfighter\Graphics\advanced_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\cat_select.bmp
C:\Program Files\SPYWAREfighter\Graphics\cat_select.gif
C:\Program Files\SPYWAREfighter\Graphics\Checkbox.ico
C:\Program Files\SPYWAREfighter\Graphics\Hand.ico
C:\Program Files\SPYWAREfighter\Graphics\info_dgrey.gif
C:\Program Files\SPYWAREfighter\Graphics\info_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\logo.gif
C:\Program Files\SPYWAREfighter\Graphics\logo_bg.gif
C:\Program Files\SPYWAREfighter\Graphics\no_dgrey.gif
C:\Program Files\SPYWAREfighter\Graphics\no_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\opdatere_grey.bmp
C:\Program Files\SPYWAREfighter\Graphics\opdatere_white.bmp
C:\Program Files\SPYWAREfighter\Graphics\pad_grey.bmp
C:\Program Files\SPYWAREfighter\Graphics\pad_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\pad_white.bmp
C:\Program Files\SPYWAREfighter\Graphics\pad_white.gif
C:\Program Files\SPYWAREfighter\Graphics\proxy_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\Quarantine_grey.bmp
C:\Program Files\SPYWAREfighter\Graphics\Quarantine_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\quarantine_white.bmp
C:\Program Files\SPYWAREfighter\Graphics\quarantine_white.gif
C:\Program Files\SPYWAREfighter\Graphics\scan_error_small_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\scan_grey.bmp
C:\Program Files\SPYWAREfighter\Graphics\scan_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\scan_ok_small_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\scan_small_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\scan_white.bmp
C:\Program Files\SPYWAREfighter\Graphics\scan_white.gif
C:\Program Files\SPYWAREfighter\Graphics\shield_error_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\shield_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\shield_ok_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\spyfighter_large.bmp
C:\Program Files\SPYWAREfighter\Graphics\spywarefighter.ico
C:\Program Files\SPYWAREfighter\Graphics\spywarefighterrunning.ico
C:\Program Files\SPYWAREfighter\Graphics\spywarefighterwarning.ico
C:\Program Files\SPYWAREfighter\Graphics\Thumbs.db
C:\Program Files\SPYWAREfighter\Graphics\top_buy_da.gif
C:\Program Files\SPYWAREfighter\Graphics\top_buy_de.gif
C:\Program Files\SPYWAREfighter\Graphics\top_buy_en.gif
C:\Program Files\SPYWAREfighter\Graphics\top_buy_pro.gif
C:\Program Files\SPYWAREfighter\Graphics\update_error_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\update_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\update_large_grey.gif
C:\Program Files\SPYWAREfighter\Graphics\update_large_white.gif
C:\Program Files\SPYWAREfighter\Graphics\warning_dgrey.gif
C:\Program Files\SPYWAREfighter\Graphics\warning_white.gif
C:\Program Files\SPYWAREfighter\Graphics\yes_dgrey.gif
C:\Program Files\SPYWAREfighter\Graphics\yes_white.gif
C:\Program Files\SPYWAREfighter\Languages\DALNG5.ini
C:\Program Files\SPYWAREfighter\Languages\DARES5.ini
C:\Program Files\SPYWAREfighter\Languages\DELNG5.ini
C:\Program Files\SPYWAREfighter\Languages\DERES5.ini
C:\Program Files\SPYWAREfighter\Languages\ELLNG5.ini
C:\Program Files\SPYWAREfighter\Languages\ELRES5.ini
C:\Program Files\SPYWAREfighter\Languages\ENLNG5.ini
C:\Program Files\SPYWAREfighter\Languages\ENRES5.ini
C:\Program Files\SPYWAREfighter\Languages\ESLNG5.ini
C:\Program Files\SPYWAREfighter\Languages\ESRES5.ini
C:\Program Files\SPYWAREfighter\Languages\FRLNG5.ini
C:\Program Files\SPYWAREfighter\Languages\FRRES5.ini
C:\Program Files\SPYWAREfighter\Languages\NLLNG5.ini
C:\Program Files\SPYWAREfighter\Languages\NLRES5.ini
C:\Program Files\SPYWAREfighter\Languages\SVLNG5.ini
C:\Program Files\SPYWAREfighter\Languages\SVRES5.ini
C:\Program Files\SPYWAREfighter\Languages\ZHLNG5.ini
C:\Program Files\SPYWAREfighter\Languages\ZHRES5.ini
C:\Program Files\SPYWAREfighter\Reminder.exe
C:\Program Files\SPYWAREfighter\scdriver.dll
C:\Program Files\SPYWAREfighter\scimoredb.dll
C:\Program Files\SPYWAREfighter\scimoreDB\dbevents.log
C:\Program Files\SPYWAREfighter\scimoreDB\spf\spdir_19.dat
C:\Program Files\SPYWAREfighter\scimoreDB\spf\spfile_21.dat
C:\Program Files\SPYWAREfighter\scimoreDB\syscatalogs.dat
C:\Program Files\SPYWAREfighter\scimoreDB\syscolumns.dat
C:\Program Files\SPYWAREfighter\scimoreDB\sysindexes.dat
C:\Program Files\SPYWAREfighter\scimoreDB\sysinstances.dat
C:\Program Files\SPYWAREfighter\scimoreDB\sysprocdql.dat
C:\Program Files\SPYWAREfighter\scimoreDB\sysprocedures.dat
C:\Program Files\SPYWAREfighter\scimoreDB\sysredo.log
C:\Program Files\SPYWAREfighter\scimoreDB\systables.dat
C:\Program Files\SPYWAREfighter\scimoreDB\systemp.dat
C:\Program Files\SPYWAREfighter\scimoreDB\sysundo.dat
C:\Program Files\SPYWAREfighter\scimoreDB\sysxact.dat
C:\Program Files\SPYWAREfighter\scimoreDB\userredo.log
C:\Program Files\SPYWAREfighter\Signatures\2000.dat
C:\Program Files\SPYWAREfighter\Signatures\2001.dat
C:\Program Files\SPYWAREfighter\Signatures\2002.dat
C:\Program Files\SPYWAREfighter\Signatures\2003.dat
C:\Program Files\SPYWAREfighter\Signatures\2004.dat
C:\Program Files\SPYWAREfighter\Signatures\2005.dat
C:\Program Files\SPYWAREfighter\Signatures\2006.dat
C:\Program Files\SPYWAREfighter\Signatures\2007.dat
C:\Program Files\SPYWAREfighter\Signatures\2008.dat
C:\Program Files\SPYWAREfighter\Signatures\2009.dat
C:\Program Files\SPYWAREfighter\Signatures\2010.dat
C:\Program Files\SPYWAREfighter\Signatures\2011.dat
C:\Program Files\SPYWAREfighter\Signatures\2012.dat
C:\Program Files\SPYWAREfighter\Signatures\2013.dat
C:\Program Files\SPYWAREfighter\Signatures\2014.dat
C:\Program Files\SPYWAREfighter\Signatures\2015.dat
C:\Program Files\SPYWAREfighter\Signatures\2016.dat
C:\Program Files\SPYWAREfighter\Signatures\2017.dat
C:\Program Files\SPYWAREfighter\Signatures\2018.dat
C:\Program Files\SPYWAREfighter\Signatures\2019.dat
C:\Program Files\SPYWAREfighter\Signatures\2020.dat
C:\Program Files\SPYWAREfighter\Signatures\2021.dat
C:\Program Files\SPYWAREfighter\Signatures\2022.dat
C:\Program Files\SPYWAREfighter\Signatures\2023.dat
C:\Program Files\SPYWAREfighter\Signatures\2024.dat
C:\Program Files\SPYWAREfighter\Signatures\2025.dat
C:\Program Files\SPYWAREfighter\Signatures\2026.dat
C:\Program Files\SPYWAREfighter\Signatures\2027.dat
C:\Program Files\SPYWAREfighter\Signatures\2028.dat
C:\Program Files\SPYWAREfighter\Signatures\2029.dat
C:\Program Files\SPYWAREfighter\Signatures\2030.dat
C:\Program Files\SPYWAREfighter\Signatures\2031.dat
C:\Program Files\SPYWAREfighter\Signatures\2032.dat
C:\Program Files\SPYWAREfighter\Signatures\2033.dat
C:\Program Files\SPYWAREfighter\Signatures\2034.dat
C:\Program Files\SPYWAREfighter\Signatures\2035.dat
C:\Program Files\SPYWAREfighter\Signatures\2036.dat
C:\Program Files\SPYWAREfighter\Signatures\2037.dat
C:\Program Files\SPYWAREfighter\Signatures\2038.dat
C:\Program Files\SPYWAREfighter\Signatures\2039.dat
C:\Program Files\SPYWAREfighter\Signatures\2040.dat
C:\Program Files\SPYWAREfighter\Signatures\2041.dat
C:\Program Files\SPYWAREfighter\Signatures\2042.dat
C:\Program Files\SPYWAREfighter\Signatures\2043.dat
C:\Program Files\SPYWAREfighter\Signatures\2044.dat
C:\Program Files\SPYWAREfighter\Signatures\2045.dat
C:\Program Files\SPYWAREfighter\Signatures\2046.dat
C:\Program Files\SPYWAREfighter\Signatures\2047.dat
C:\Program Files\SPYWAREfighter\Signatures\2048.dat
C:\Program Files\SPYWAREfighter\Signatures\2049.dat
C:\Program Files\SPYWAREfighter\Signatures\2050.dat
C:\Program Files\SPYWAREfighter\Signatures\2051.dat
C:\Program Files\SPYWAREfighter\Signatures\2052.dat
C:\Program Files\SPYWAREfighter\Signatures\2053.dat
C:\Program Files\SPYWAREfighter\Signatures\2054.dat
C:\Program Files\SPYWAREfighter\Signatures\2055.dat
C:\Program Files\SPYWAREfighter\Signatures\2056.dat
C:\Program Files\SPYWAREfighter\Signatures\2057.dat
C:\Program Files\SPYWAREfighter\Signatures\2058.dat
C:\Program Files\SPYWAREfighter\Signatures\2059.dat
C:\Program Files\SPYWAREfighter\Signatures\2060.dat
C:\Program Files\SPYWAREfighter\Signatures\2061.dat
C:\Program Files\SPYWAREfighter\Signatures\2062.dat
C:\Program Files\SPYWAREfighter\Signatures\2063.dat
C:\Program Files\SPYWAREfighter\Signatures\2064.dat
C:\Program Files\SPYWAREfighter\Signatures\2065.dat
C:\Program Files\SPYWAREfighter\Signatures\2066.dat
C:\Program Files\SPYWAREfighter\Signatures\2067.dat
C:\Program Files\SPYWAREfighter\Signatures\2068.dat
C:\Program Files\SPYWAREfighter\Signatures\2069.dat
C:\Program Files\SPYWAREfighter\Signatures\2070.dat
C:\Program Files\SPYWAREfighter\Signatures\2071.dat
C:\Program Files\SPYWAREfighter\Signatures\2072.dat
C:\Program Files\SPYWAREfighter\Signatures\2073.dat
C:\Program Files\SPYWAREfighter\Signatures\2074.dat
C:\Program Files\SPYWAREfighter\Signatures\2075.dat
C:\Program Files\SPYWAREfighter\Signatures\2076.dat
C:\Program Files\SPYWAREfighter\Signatures\2077.dat
C:\Program Files\SPYWAREfighter\Signatures\2078.dat
C:\Program Files\SPYWAREfighter\Signatures\2079.dat
C:\Program Files\SPYWAREfighter\Signatures\2080.dat
C:\Program Files\SPYWAREfighter\Signatures\2081.dat
C:\Program Files\SPYWAREfighter\Signatures\2082.dat
C:\Program Files\SPYWAREfighter\Signatures\2083.dat
C:\Program Files\SPYWAREfighter\Signatures\2084.dat
C:\Program Files\SPYWAREfighter\Signatures\2085.dat
C:\Program Files\SPYWAREfighter\Signatures\2086.dat
C:\Program Files\SPYWAREfighter\Signatures\2087.dat
C:\Program Files\SPYWAREfighter\Signatures\2088.dat
C:\Program Files\SPYWAREfighter\Signatures\2089.dat
C:\Program Files\SPYWAREfighter\Signatures\2090.dat
C:\Program Files\SPYWAREfighter\Signatures\2091.dat
C:\Program Files\SPYWAREfighter\Signatures\2092.dat
C:\Program Files\SPYWAREfighter\Signatures\2093.dat
C:\Program Files\SPYWAREfighter\Signatures\2094.dat
C:\Program Files\SPYWAREfighter\Signatures\2095.dat
C:\Program Files\SPYWAREfighter\Signatures\2096.dat
C:\Program Files\SPYWAREfighter\Signatures\2097.dat
C:\Program Files\SPYWAREfighter\Signatures\2098.dat
C:\Program Files\SPYWAREfighter\Signatures\2099.dat
C:\Program Files\SPYWAREfighter\Signatures\2100.dat
C:\Program Files\SPYWAREfighter\Signatures\2101.dat
C:\Program Files\SPYWAREfighter\Signatures\2102.dat
C:\Program Files\SPYWAREfighter\Signatures\2103.dat
C:\Program Files\SPYWAREfighter\Signatures\2104.dat
C:\Program Files\SPYWAREfighter\Signatures\2105.dat
C:\Program Files\SPYWAREfighter\Signatures\2106.dat
C:\Program Files\SPYWAREfighter\Signatures\2107.dat
C:\Program Files\SPYWAREfighter\Signatures\2108.dat
C:\Program Files\SPYWAREfighter\Signatures\2109.dat
C:\Program Files\SPYWAREfighter\Signatures\2110.dat
C:\Program Files\SPYWAREfighter\Signatures\2111.dat
C:\Program Files\SPYWAREfighter\Signatures\2112.dat
C:\Program Files\SPYWAREfighter\Signatures\2113.dat
C:\Program Files\SPYWAREfighter\Signatures\2114.dat
C:\Program Files\SPYWAREfighter\Signatures\2115.dat
C:\Program Files\SPYWAREfighter\Signatures\2116.dat
C:\Program Files\SPYWAREfighter\Signatures\2117.dat
C:\Program Files\SPYWAREfighter\Signatures\2118.dat
C:\Program Files\SPYWAREfighter\Signatures\2119.dat
C:\Program Files\SPYWAREfighter\Signatures\2120.dat
C:\Program Files\SPYWAREfighter\Signatures\2121.dat
C:\Program Files\SPYWAREfighter\Signatures\2122.dat
C:\Program Files\SPYWAREfighter\Signatures\2123.dat
C:\Program Files\SPYWAREfighter\Signatures\2124.dat
C:\Program Files\SPYWAREfighter\Signatures\2125.dat
C:\Program Files\SPYWAREfighter\Signatures\2126.dat
C:\Program Files\SPYWAREfighter\Signatures\2127.dat
C:\Program Files\SPYWAREfighter\Signatures\2128.dat
C:\Program Files\SPYWAREfighter\Signatures\2129.dat
C:\Program Files\SPYWAREfighter\Signatures\2130.dat
C:\Program Files\SPYWAREfighter\Signatures\2131.dat
C:\Program Files\SPYWAREfighter\Signatures\2132.dat
C:\Program Files\SPYWAREfighter\Signatures\2133.dat
C:\Program Files\SPYWAREfighter\Signatures\2134.dat
C:\Program Files\SPYWAREfighter\Signatures\2135.dat
C:\Program Files\SPYWAREfighter\Signatures\2136.dat
C:\Program Files\SPYWAREfighter\Signatures\2137.dat
C:\Program Files\SPYWAREfighter\Signatures\2138.dat
C:\Program Files\SPYWAREfighter\Signatures\2139.dat
C:\Program Files\SPYWAREfighter\Signatures\2140.dat
C:\Program Files\SPYWAREfighter\Signatures\2141.dat
C:\Program Files\SPYWAREfighter\Signatures\2142.dat
C:\Program Files\SPYWAREfighter\Signatures\2143.dat
C:\Program Files\SPYWAREfighter\Signatures\2144.dat
C:\Program Files\SPYWAREfighter\Signatures\2145.dat
C:\Program Files\SPYWAREfighter\Signatures\2146.dat
C:\Program Files\SPYWAREfighter\Signatures\2147.dat
C:\Program Files\SPYWAREfighter\Signatures\2148.dat
C:\Program Files\SPYWAREfighter\Signatures\2149.dat
C:\Program Files\SPYWAREfighter\Signatures\2150.dat
C:\Program Files\SPYWAREfighter\Signatures\2151.dat
C:\Program Files\SPYWAREfighter\Signatures\2152.dat
C:\Program Files\SPYWAREfighter\Signatures\2153.dat
C:\Program Files\SPYWAREfighter\Signatures\2154.dat
C:\Program Files\SPYWAREfighter\Signatures\2155.dat
C:\Program Files\SPYWAREfighter\Signatures\2156.dat
C:\Program Files\SPYWAREfighter\Signatures\2157.dat
C:\Program Files\SPYWAREfighter\Signatures\2158.dat
C:\Program Files\SPYWAREfighter\Signatures\2159.dat
C:\Program Files\SPYWAREfighter\Signatures\2160.dat
C:\Program Files\SPYWAREfighter\Signatures\2161.dat
C:\Program Files\SPYWAREfighter\Signatures\2162.dat
C:\Program Files\SPYWAREfighter\Signatures\2163.dat
C:\Program Files\SPYWAREfighter\Signatures\2164.dat
C:\Program Files\SPYWAREfighter\Signatures\2165.dat
C:\Program Files\SPYWAREfighter\Signatures\2166.dat
C:\Program Files\SPYWAREfighter\Signatures\2167.dat
C:\Program Files\SPYWAREfighter\Signatures\2168.dat
C:\Program Files\SPYWAREfighter\Signatures\2169.dat
C:\Program Files\SPYWAREfighter\Signatures\2170.dat
C:\Program Files\SPYWAREfighter\Signatures\2171.dat
C:\Program Files\SPYWAREfighter\Signatures\2172.dat
C:\Program Files\SPYWAREfighter\Signatures\2173.dat
C:\Program Files\SPYWAREfighter\Signatures\2174.dat
C:\Program Files\SPYWAREfighter\Signatures\2175.dat
C:\Program Files\SPYWAREfighter\Signatures\2176.dat
C:\Program Files\SPYWAREfighter\Signatures\2177.dat
C:\Program Files\SPYWAREfighter\Signatures\2178.dat
C:\Program Files\SPYWAREfighter\Signatures\2179.dat
C:\Program Files\SPYWAREfighter\Signatures\2180.dat
C:\Program Files\SPYWAREfighter\Signatures\2181.dat
C:\Program Files\SPYWAREfighter\Signatures\2182.dat
C:\Program Files\SPYWAREfighter\Signatures\2183.dat
C:\Program Files\SPYWAREfighter\Signatures\2184.dat
C:\Program Files\SPYWAREfighter\Signatures\2185.dat
C:\Program Files\SPYWAREfighter\Signatures\2186.dat
C:\Program Files\SPYWAREfighter\Signatures\2187.dat
C:\Program Files\SPYWAREfighter\Signatures\2188.dat
C:\Program Files\SPYWAREfighter\Signatures\2189.dat
C:\Program Files\SPYWAREfighter\Signatures\2190.dat
C:\Program Files\SPYWAREfighter\Signatures\2191.dat
C:\Program Files\SPYWAREfighter\Signatures\2192.dat
C:\Program Files\SPYWAREfighter\Signatures\2193.dat
C:\Program Files\SPYWAREfighter\Signatures\2194.dat
C:\Program Files\SPYWAREfighter\Signatures\2195.dat
C:\Program Files\SPYWAREfighter\Signatures\2196.dat
C:\Program Files\SPYWAREfighter\Signatures\2197.dat
C:\Program Files\SPYWAREfighter\Signatures\2198.dat
C:\Program Files\SPYWAREfighter\Signatures\2199.dat
C:\Program Files\SPYWAREfighter\Signatures\2200.dat
C:\Program Files\SPYWAREfighter\Signatures\2201.dat
C:\Program Files\SPYWAREfighter\Signatures\2202.dat
C:\Program Files\SPYWAREfighter\Signatures\2203.dat
C:\Program Files\SPYWAREfighter\Signatures\2204.dat
C:\Program Files\SPYWAREfighter\Signatures\2205.dat
C:\Program Files\SPYWAREfighter\Signatures\2206.dat
C:\Program Files\SPYWAREfighter\Signatures\2207.dat
C:\Program Files\SPYWAREfighter\Signatures\2208.dat
C:\Program Files\SPYWAREfighter\Signatures\2209.dat
C:\Program Files\SPYWAREfighter\Signatures\2210.dat
C:\Program Files\SPYWAREfighter\Signatures\2211.dat
C:\Program Files\SPYWAREfighter\Signatures\2212.dat
C:\Program Files\SPYWAREfighter\Signatures\2213.dat
C:\Program Files\SPYWAREfighter\Signatures\2214.dat
C:\Program Files\SPYWAREfighter\Signatures\2215.dat
C:\Program Files\SPYWAREfighter\Signatures\2216.dat
C:\Program Files\SPYWAREfighter\Signatures\2217.dat
C:\Program Files\SPYWAREfighter\Signatures\2218.dat
C:\Program Files\SPYWAREfighter\Signatures\2219.dat
C:\Program Files\SPYWAREfighter\Signatures\2220.dat
C:\Program Files\SPYWAREfighter\Signatures\2221.dat
C:\Program Files\SPYWAREfighter\Signatures\2222.dat
C:\Program Files\SPYWAREfighter\Signatures\2223.dat
C:\Program Files\SPYWAREfighter\Signatures\2224.dat
C:\Program Files\SPYWAREfighter\Signatures\2225.dat
C:\Program Files\SPYWAREfighter\Signatures\2226.dat
C:\Program Files\SPYWAREfighter\Signatures\2227.dat
C:\Program Files\SPYWAREfighter\Signatures\2228.dat
C:\Program Files\SPYWAREfighter\Signatures\2229.dat
C:\Program Files\SPYWAREfighter\Signatures\2230.dat
C:\Program Files\SPYWAREfighter\Signatures\2231.dat
C:\Program Files\SPYWAREfighter\Signatures\2232.dat
C:\Program Files\SPYWAREfighter\Signatures\2233.dat
C:\Program Files\SPYWAREfighter\Signatures\2234.dat
C:\Program Files\SPYWAREfighter\Signatures\2235.dat
C:\Program Files\SPYWAREfighter\Signatures\2236.dat
C:\Program Files\SPYWAREfighter\Signatures\2237.dat
C:\Program Files\SPYWAREfighter\Signatures\2238.dat
C:\Program Files\SPYWAREfighter\Signatures\2239.dat
C:\Program Files\SPYWAREfighter\Signatures\2240.dat
C:\Program Files\SPYWAREfighter\Signatures\2241.dat
C:\Program Files\SPYWAREfighter\Signatures\2242.dat
C:\Program Files\SPYWAREfighter\Signatures\2243.dat
C:\Program Files\SPYWAREfighter\Signatures\2244.dat
C:\Program Files\SPYWAREfighter\Signatures\2245.dat
C:\Program Files\SPYWAREfighter\Signatures\2246.dat
C:\Program Files\SPYWAREfighter\Signatures\2247.dat
C:\Program Files\SPYWAREfighter\Signatures\2248.dat
C:\Program Files\SPYWAREfighter\Signatures\2249.dat
C:\Program Files\SPYWAREfighter\Signatures\2250.dat
C:\Program Files\SPYWAREfighter\Signatures\2251.dat
C:\Program Files\SPYWAREfighter\Signatures\2252.dat
C:\Program Files\SPYWAREfighter\Signatures\2253.dat
C:\Program Files\SPYWAREfighter\Signatures\2254.dat
C:\Program Files\SPYWAREfighter\Signatures\2255.dat
C:\Program Files\SPYWAREfighter\Signatures\2256.dat
C:\Program Files\SPYWAREfighter\Signatures\2257.dat
C:\Program Files\SPYWAREfighter\Signatures\2258.dat
C:\Program Files\SPYWAREfighter\Signatures\2259.dat
C:\Program Files\SPYWAREfighter\Signatures\2260.dat
C:\Program Files\SPYWAREfighter\Signatures\2261.dat
C:\Program Files\SPYWAREfighter\Signatures\2262.dat
C:\Program Files\SPYWAREfighter\Signatures\2263.dat
C:\Program Files\SPYWAREfighter\Signatures\2264.dat
C:\Program Files\SPYWAREfighter\Signatures\2265.dat
C:\Program Files\SPYWAREfighter\Signatures\2266.dat
C:\Program Files\SPYWAREfighter\Signatures\2267.dat
C:\Program Files\SPYWAREfighter\Signatures\2268.dat
C:\Program Files\SPYWAREfighter\Signatures\2269.dat
C:\Program Files\SPYWAREfighter\Signatures\2270.dat
C:\Program Files\SPYWAREfighter\Signatures\2271.dat
C:\Program Files\SPYWAREfighter\Signatures\2272.dat
C:\Program Files\SPYWAREfighter\Signatures\2273.dat
C:\Program Files\SPYWAREfighter\Signatures\2274.dat
C:\Program Files\SPYWAREfighter\Signatures\2275.dat
C:\Program Files\SPYWAREfighter\Signatures\2276.dat
C:\Program Files\SPYWAREfighter\Signatures\2277.dat
C:\Program Files\SPYWAREfighter\Signatures\2278.dat
C:\Program Files\SPYWAREfighter\Signatures\2279.dat
C:\Program Files\SPYWAREfighter\Signatures\2280.dat
C:\Program Files\SPYWAREfighter\Signatures\2281.dat
C:\Program Files\SPYWAREfighter\Signatures\2282.dat
C:\Program Files\SPYWAREfighter\Signatures\2283.dat
C:\Program Files\SPYWAREfighter\Signatures\2284.dat
C:\Program Files\SPYWAREfighter\Signatures\2285.dat
C:\Program Files\SPYWAREfighter\Signatures\2286.dat
C:\Program Files\SPYWAREfighter\Signatures\2287.dat
C:\Program Files\SPYWAREfighter\Signatures\2288.dat
C:\Program Files\SPYWAREfighter\Signatures\2289.dat
C:\Program Files\SPYWAREfighter\Signatures\2290.dat
C:\Program Files\SPYWAREfighter\Signatures\2291.dat
C:\Program Files\SPYWAREfighter\Signatures\2292.dat
C:\Program Files\SPYWAREfighter\Signatures\2293.dat
C:\Program Files\SPYWAREfighter\Signatures\2294.dat
C:\Program Files\SPYWAREfighter\Signatures\2295.dat
C:\Program Files\SPYWAREfighter\Signatures\2296.dat
C:\Program Files\SPYWAREfighter\Signatures\2297.dat
C:\Program Files\SPYWAREfighter\Signatures\2298.dat
C:\Program Files\SPYWAREfighter\Signatures\2299.dat
C:\Program Files\SPYWAREfighter\Signatures\2300.dat
C:\Program Files\SPYWAREfighter\Signatures\2301.dat
C:\Program Files\SPYWAREfighter\Signatures\2302.dat
C:\Program Files\SPYWAREfighter\Signatures\2303.dat
C:\Program Files\SPYWAREfighter\Signatures\2304.dat
C:\Program Files\SPYWAREfighter\Signatures\2305.dat
C:\Program Files\SPYWAREfighter\Signatures\2306.dat
C:\Program Files\SPYWAREfighter\Signatures\2307.dat
C:\Program Files\SPYWAREfighter\Signatures\2308.dat
C:\Program Files\SPYWAREfighter\Signatures\2309.dat
C:\Program Files\SPYWAREfighter\Signatures\2310.dat
C:\Program Files\SPYWAREfighter\Signatures\2311.dat
C:\Program Files\SPYWAREfighter\Signatures\2312.dat
C:\Program Files\SPYWAREfighter\Signatures\2313.dat
C:\Program Files\SPYWAREfighter\Signatures\2314.dat
C:\Program Files\SPYWAREfighter\Signatures\2315.dat
C:\Program Files\SPYWAREfighter\Signatures\2316.dat
C:\Program Files\SPYWAREfighter\Signatures\2317.dat
C:\Program Files\SPYWAREfighter\Signatures\2318.dat
C:\Program Files\SPYWAREfighter\Signatures\2319.dat
C:\Program Files\SPYWAREfighter\Signatures\2320.dat
C:\Program Files\SPYWAREfighter\Signatures\2321.dat
C:\Program Files\SPYWAREfighter\Signatures\2322.dat
C:\Program Files\SPYWAREfighter\Signatures\2323.dat
C:\Program Files\SPYWAREfighter\Signatures\2324.dat
C:\Program Files\SPYWAREfighter\Signatures\2325.dat
C:\Program Files\SPYWAREfighter\Signatures\2326.dat
C:\Program Files\SPYWAREfighter\Signatures\2327.dat
C:\Program Files\SPYWAREfighter\Signatures\2328.dat
C:\Program Files\SPYWAREfighter\Signatures\2329.dat
C:\Program Files\SPYWAREfighter\Signatures\2330.dat
C:\Program Files\SPYWAREfighter\Signatures\2331.dat
C:\Program Files\SPYWAREfighter\Signatures\2332.dat
C:\Program Files\SPYWAREfighter\Signatures\2333.dat
C:\Program Files\SPYWAREfighter\Signatures\2334.dat
C:\Program Files\SPYWAREfighter\Signatures\2335.dat
C:\Program Files\SPYWAREfighter\Signatures\2336.dat
C:\Program Files\SPYWAREfighter\Signatures\2337.dat
C:\Program Files\SPYWAREfighter\Signatures\2338.dat
C:\Program Files\SPYWAREfighter\Signatures\2339.dat
C:\Program Files\SPYWAREfighter\Signatures\2340.dat
C:\Program Files\SPYWAREfighter\Signatures\2341.dat
C:\Program Files\SPYWAREfighter\Signatures\2342.dat
C:\Program Files\SPYWAREfighter\Signatures\2343.dat
C:\Program Files\SPYWAREfighter\Signatures\2344.dat
C:\Program Files\SPYWAREfighter\Signatures\2345.dat
C:\Program Files\SPYWAREfighter\Signatures\2346.dat
C:\Program Files\SPYWAREfighter\Signatures\2347.dat
C:\Program Files\SPYWAREfighter\Signatures\2348.dat
C:\Program Files\SPYWAREfighter\Signatures\2349.dat
C:\Program Files\SPYWAREfighter\Signatures\2350.dat
C:\Program Files\SPYWAREfighter\Signatures\2351.dat
C:\Program Files\SPYWAREfighter\Signatures\2352.dat
C:\Program Files\SPYWAREfighter\Signatures\2353.dat
C:\Program Files\SPYWAREfighter\Signatures\2354.dat
C:\Program Files\SPYWAREfighter\Signatures\2355.dat
C:\Program Files\SPYWAREfighter\Signatures\2356.dat
C:\Program Files\SPYWAREfighter\Signatures\2357.dat
C:\Program Files\SPYWAREfighter\Signatures\2358.dat
C:\Program Files\SPYWAREfighter\Signatures\2359.dat
C:\Program Files\SPYWAREfighter\Signatures\2360.dat
C:\Program Files\SPYWAREfighter\Signatures\2361.dat
C:\Program Files\SPYWAREfighter\Signatures\2362.dat
C:\Program Files\SPYWAREfighter\Signatures\2363.dat
C:\Program Files\SPYWAREfighter\Signatures\2364.dat
C:\Program Files\SPYWAREfighter\Signatures\2365.dat
C:\Program Files\SPYWAREfighter\Signatures\2366.dat
C:\Program Files\SPYWAREfighter\Signatures\2367.dat
C:\Program Files\SPYWAREfighter\Signatures\2368.dat
C:\Program Files\SPYWAREfighter\Signatures\2369.dat
C:\Program Files\SPYWAREfighter\Signatures\2370.dat
C:\Program Files\SPYWAREfighter\Signatures\2371.dat
C:\Program Files\SPYWAREfighter\Signatures\2372.dat
C:\Program Files\SPYWAREfighter\Signatures\2373.dat
C:\Program Files\SPYWAREfighter\Signatures\2374.dat
C:\Program Files\SPYWAREfighter\Signatures\2375.dat
C:\Program Files\SPYWAREfighter\Signatures\2376.dat
C:\Program Files\SPYWAREfighter\Signatures\2377.dat
C:\Program Files\SPYWAREfighter\Signatures\2378.dat
C:\Program Files\SPYWAREfighter\Signatures\2379.dat
C:\Program Files\SPYWAREfighter\Signatures\2380.dat
C:\Program Files\SPYWAREfighter\Signatures\2381.dat
C:\Program Files\SPYWAREfighter\Signatures\2382.dat
C:\Program Files\SPYWAREfighter\Signatures\2383.dat
C:\Program Files\SPYWAREfighter\Signatures\2384.dat
C:\Program Files\SPYWAREfighter\Signatures\2385.dat
C:\Program Files\SPYWAREfighter\Signatures\2386.dat
C:\Program Files\SPYWAREfighter\Signatures\2387.dat
C:\Program Files\SPYWAREfighter\Signatures\2388.dat
C:\Program Files\SPYWAREfighter\Signatures\2389.dat
C:\Program Files\SPYWAREfighter\Signatures\2390.dat
C:\Program Files\SPYWAREfighter\Signatures\2391.dat
C:\Program Files\SPYWAREfighter\Signatures\2392.dat
C:\Program Files\SPYWAREfighter\Signatures\2393.dat
C:\Program Files\SPYWAREfighter\Signatures\2394.dat
C:\Program Files\SPYWAREfighter\Signatures\2395.dat
C:\Program Files\SPYWAREfighter\Signatures\2396.dat
C:\Program Files\SPYWAREfighter\Signatures\2397.dat
C:\Program Files\SPYWAREfighter\Signatures\2398.dat
C:\Program Files\SPYWAREfighter\Signatures\2399.dat
C:\Program Files\SPYWAREfighter\Signatures\2400.dat
C:\Program Files\SPYWAREfighter\Signatures\2401.dat
C:\Program Files\SPYWAREfighter\Signatures\2402.dat
C:\Program Files\SPYWAREfighter\Signatures\2403.dat
C:\Program Files\SPYWAREfighter\Signatures\2404.dat
C:\Program Files\SPYWAREfighter\Signatures\2405.dat
C:\Program Files\SPYWAREfighter\Signatures\2406.dat
C:\Program Files\SPYWAREfighter\Signatures\2407.dat
C:\Program Files\SPYWAREfighter\Signatures\2408.dat
C:\Program Files\SPYWAREfighter\Signatures\2409.dat
C:\Program Files\SPYWAREfighter\Signatures\2410.dat
C:\Program Files\SPYWAREfighter\Signatures\2411.dat
C:\Program Files\SPYWAREfighter\Signatures\2412.dat
C:\Program Files\SPYWAREfighter\Signatures\2413.dat
C:\Program Files\SPYWAREfighter\Signatures\2414.dat
C:\Program Files\SPYWAREfighter\Signatures\2415.dat
C:\Program Files\SPYWAREfighter\Signatures\2416.dat
C:\Program Files\SPYWAREfighter\Signatures\2417.dat
C:\Program Files\SPYWAREfighter\Signatures\2418.dat
C:\Program Files\SPYWAREfighter\Signatures\2419.dat
C:\Program Files\SPYWAREfighter\Signatures\2420.dat
C:\Program Files\SPYWAREfighter\Signatures\2421.dat
C:\Program Files\SPYWAREfighter\Signatures\2422.dat
C:\Program Files\SPYWAREfighter\Signatures\2423.dat
C:\Program Files\SPYWAREfighter\Signatures\2424.dat
C:\Program Files\SPYWAREfighter\Signatures\2425.dat
C:\Program Files\SPYWAREfighter\Signatures\2426.dat
C:\Program Files\SPYWAREfighter\Signatures\2427.dat
C:\Program Files\SPYWAREfighter\Signatures\2428.dat
C:\Program Files\SPYWAREfighter\Signatures\2429.dat
C:\Program Files\SPYWAREfighter\Signatures\2430.dat
C:\Program Files\SPYWAREfighter\Signatures\2431.dat
C:\Program Files\SPYWAREfighter\Signatures\2432.dat
C:\Program Files\SPYWAREfighter\Signatures\2433.dat
C:\Program Files\SPYWAREfighter\Signatures\2434.dat
C:\Program Files\SPYWAREfighter\Signatures\2435.dat
C:\Program Files\SPYWAREfighter\Signatures\2436.dat
C:\Program Files\SPYWAREfighter\Signatures\2437.dat
C:\Program Files\SPYWAREfighter\Signatures\2438.dat
C:\Program Files\SPYWAREfighter\Signatures\2439.dat
C:\Program Files\SPYWAREfighter\Signatures\2440.dat
C:\Program Files\SPYWAREfighter\Signatures\2441.dat
C:\Program Files\SPYWAREfighter\Signatures\2442.dat
C:\Program Files\SPYWAREfighter\Signatures\2443.dat
C:\Program Files\SPYWAREfighter\Signatures\2444.dat
C:\Program Files\SPYWAREfighter\Signatures\2445.dat
C:\Program Files\SPYWAREfighter\Signatures\2446.dat
C:\Program Files\SPYWAREfighter\Signatures\2447.dat
C:\Program Files\SPYWAREfighter\Signatures\2448.dat
C:\Program Files\SPYWAREfighter\Signatures\2449.dat
C:\Program Files\SPYWAREfighter\Signatures\2450.dat
C:\Program Files\SPYWAREfighter\Signatures\2451.dat
C:\Program Files\SPYWAREfighter\Signatures\2452.dat
C:\Program Files\SPYWAREfighter\Signatures\2453.dat
C:\Program Files\SPYWAREfighter\Signatures\2454.dat
C:\Program Files\SPYWAREfighter\Signatures\2455.dat
C:\Program Files\SPYWAREfighter\Signatures\2456.dat
C:\Program Files\SPYWAREfighter\Signatures\2457.dat
C:\Program Files\SPYWAREfighter\Signatures\2458.dat
C:\Program Files\SPYWAREfighter\Signatures\2459.dat
C:\Program Files\SPYWAREfighter\Signatures\2460.dat
C:\Program Files\SPYWAREfighter\Signatures\2461.dat
C:\Program Files\SPYWAREfighter\Signatures\2462.dat
C:\Program Files\SPYWAREfighter\Signatures\2463.dat
C:\Program Files\SPYWAREfighter\Signatures\2464.dat
C:\Program Files\SPYWAREfighter\Signatures\2465.dat
C:\Program Files\SPYWAREfighter\Signatures\2466.dat
C:\Program Files\SPYWAREfighter\Signatures\2467.dat
C:\Program Files\SPYWAREfighter\Signatures\2468.dat
C:\Program Files\SPYWAREfighter\Signatures\2469.dat
C:\Program Files\SPYWAREfighter\Signatures\2470.dat
C:\Program Files\SPYWAREfighter\Signatures\2471.dat
C:\Program Files\SPYWAREfighter\Signatures\2472.dat
C:\Program Files\SPYWAREfighter\Signatures\2473.dat
C:\Program Files\SPYWAREfighter\Signatures\2474.dat
C:\Program Files\SPYWAREfighter\Signatures\2475.dat
C:\Program Files\SPYWAREfighter\Signatures\2476.dat
C:\Program Files\SPYWAREfighter\Signatures\2477.dat
C:\Program Files\SPYWAREfighter\Signatures\2478.dat
C:\Program Files\SPYWAREfighter\Signatures\2479.dat
C:\Program Files\SPYWAREfighter\Signatures\2480.dat
C:\Program Files\SPYWAREfighter\Signatures\2481.dat
C:\Program Files\SPYWAREfighter\Signatures\2482.dat
C:\Program Files\SPYWAREfighter\Signatures\2483.dat
C:\Program Files\SPYWAREfighter\Signatures\2484.dat
C:\Program Files\SPYWAREfighter\Signatures\2485.dat
C:\Program Files\SPYWAREfighter\Signatures\2486.dat
C:\Program Files\SPYWAREfighter\Signatures\2487.dat
C:\Program Files\SPYWAREfighter\Signatures\2488.dat
C:\Program Files\SPYWAREfighter\Signatures\2489.dat
C:\Program Files\SPYWAREfighter\Signatures\2490.dat
C:\Program Files\SPYWAREfighter\Signatures\2491.dat
C:\Program Files\SPYWAREfighter\Signatures\2492.dat
C:\Program Files\SPYWAREfighter\Signatures\2493.dat
C:\Program Files\SPYWAREfighter\Signatures\2494.dat
C:\Program Files\SPYWAREfighter\Signatures\2495.dat
C:\Program Files\SPYWAREfighter\Signatures\2496.dat
C:\Program Files\SPYWAREfighter\Signatures\2497.dat
C:\Program Files\SPYWAREfighter\Signatures\2498.dat
C:\Program Files\SPYWAREfighter\Signatures\2499.dat
C:\Program Files\SPYWAREfighter\Signatures\2500.dat
C:\Program Files\SPYWAREfighter\Signatures\2501.dat
C:\Program Files\SPYWAREfighter\Signatures\2502.dat
C:\Program Files\SPYWAREfighter\Signatures\2503.dat
C:\Program Files\SPYWAREfighter\Signatures\2504.dat
C:\Program Files\SPYWAREfighter\Signatures\2505.dat
C:\Program Files\SPYWAREfighter\Signatures\2506.dat
C:\Program Files\SPYWAREfighter\Signatures\2507.dat
C:\Program Files\SPYWAREfighter\Signatures\2508.dat
C:\Program Files\SPYWAREfighter\Signatures\2509.dat
C:\Program Files\SPYWAREfighter\Signatures\2510.dat
C:\Program Files\SPYWAREfighter\Signatures\2511.dat
C:\Program Files\SPYWAREfighter\Signatures\2512.dat
C:\Program Files\SPYWAREfighter\Signatures\2513.dat
C:\Program Files\SPYWAREfighter\Signatures\2514.dat
C:\Program Files\SPYWAREfighter\Signatures\2515.dat
C:\Program Files\SPYWAREfighter\Signatures\2516.dat
C:\Program Files\SPYWAREfighter\Signatures\2517.dat
C:\Program Files\SPYWAREfighter\Signatures\2518.dat
C:\Program Files\SPYWAREfighter\Signatures\2519.dat
C:\Program Files\SPYWAREfighter\Signatures\2520.dat
C:\Program Files\SPYWAREfighter\Signatures\2521.dat
C:\Program Files\SPYWAREfighter\Signatures\2522.dat
C:\Program Files\SPYWAREfighter\Signatures\2523.dat
C:\Program Files\SPYWAREfighter\Signatures\2524.dat
C:\Program Files\SPYWAREfighter\Signatures\2525.dat
C:\Program Files\SPYWAREfighter\Signatures\2526.dat
C:\Program Files\SPYWAREfighter\Signatures\2527.dat
C:\Program Files\SPYWAREfighter\Signatures\2528.dat
C:\Program Files\SPYWAREfighter\Signatures\2529.dat
C:\Program Files\SPYWAREfighter\Signatures\2530.dat
C:\Program Files\SPYWAREfighter\Signatures\2531.dat
C:\Program Files\SPYWAREfighter\Signatures\2532.dat
C:\Program Files\SPYWAREfighter\Signatures\2533.dat
C:\Program Files\SPYWAREfighter\Signatures\2534.dat
C:\Program Files\SPYWAREfighter\Signatures\2535.dat
C:\Program Files\SPYWAREfighter\Signatures\2536.dat
C:\Program Files\SPYWAREfighter\Signatures\2537.dat
C:\Program Files\SPYWAREfighter\Signatures\2538.dat
C:\Program Files\SPYWAREfighter\Signatures\2539.dat
C:\Program Files\SPYWAREfighter\Signatures\2540.dat
C:\Program Files\SPYWAREfighter\Signatures\2541.dat
C:\Program Files\SPYWAREfighter\Signatures\2542.dat
C:\Program Files\SPYWAREfighter\Signatures\2543.dat
C:\Program Files\SPYWAREfighter\Signatures\2544.dat
C:\Program Files\SPYWAREfighter\Signatures\2545.dat
C:\Program Files\SPYWAREfighter\Signatures\2546.dat
C:\Program Files\SPYWAREfighter\Signatures\2547.dat
C:\Program Files\SPYWAREfighter\Signatures\2548.dat
C:\Program Files\SPYWAREfighter\Signatures\2549.dat
C:\Program Files\SPYWAREfighter\Signatures\2550.dat
C:\Program Files\SPYWAREfighter\Signatures\2551.dat
C:\Program Files\SPYWAREfighter\Signatures\2552.dat
C:\Program Files\SPYWAREfighter\Signatures\2553.dat
C:\Program Files\SPYWAREfighter\Signatures\2554.dat
C:\Program Files\SPYWAREfighter\Signatures\2555.dat
C:\Program Files\SPYWAREfighter\Signatures\2556.dat
C:\Program Files\SPYWAREfighter\Signatures\2557.dat
C:\Program Files\SPYWAREfighter\Signatures\2558.dat
C:\Program Files\SPYWAREfighter\Signatures\2559.dat
C:\Program Files\SPYWAREfighter\Signatures\2560.dat
C:\Program Files\SPYWAREfighter\Signatures\2561.dat
C:\Program Files\SPYWAREfighter\Signatures\2562.dat
C:\Program Files\SPYWAREfighter\Signatures\2563.dat
C:\Program Files\SPYWAREfighter\Signatures\2564.dat
C:\Program Files\SPYWAREfighter\Signatures\2565.dat
C:\Program Files\SPYWAREfighter\Signatures\2566.dat
C:\Program Files\SPYWAREfighter\Signatures\2567.dat
C:\Program Files\SPYWAREfighter\Signatures\2568.dat
C:\Program Files\SPYWAREfighter\Signatures\2569.dat
C:\Program Files\SPYWAREfighter\Signatures\2570.dat
C:\Program Files\SPYWAREfighter\Signatures\2571.dat
C:\Program Files\SPYWAREfighter\Signatures\2572.dat
C:\Program Files\SPYWAREfighter\Signatures\2573.dat
C:\Program Files\SPYWAREfighter\Signatures\2574.dat
C:\Program Files\SPYWAREfighter\Signatures\2575.dat
C:\Program Files\SPYWAREfighter\Signatures\2576.dat
C:\Program Files\SPYWAREfighter\Signatures\2577.dat
C:\Program Files\SPYWAREfighter\Signatures\2578.dat
C:\Program Files\SPYWAREfighter\Signatures\2579.dat
C:\Program Files\SPYWAREfighter\Signatures\2580.dat
C:\Program Files\SPYWAREfighter\Signatures\2581.dat
C:\Program Files\SPYWAREfighter\Signatures\2582.dat
C:\Program Files\SPYWAREfighter\Signatures\2583.dat
C:\Program Files\SPYWAREfighter\Signatures\2584.dat
C:\Program Files\SPYWAREfighter\Signatures\2585.dat
C:\Program Files\SPYWAREfighter\Signatures\2586.dat
C:\Program Files\SPYWAREfighter\Signatures\2587.dat
C:\Program Files\SPYWAREfighter\Signatures\2588.dat
C:\Program Files\SPYWAREfighter\Signatures\2589.dat
C:\Program Files\SPYWAREfighter\Signatures\2590.dat
C:\Program Files\SPYWAREfighter\Signatures\2591.dat
C:\Program Files\SPYWAREfighter\Signatures\2592.dat
C:\Program Files\SPYWAREfighter\Signatures\2593.dat
C:\Program Files\SPYWAREfighter\Signatures\2594.dat
C:\Program Files\SPYWAREfighter\Signatures\2595.dat
C:\Program Files\SPYWAREfighter\Signatures\2596.dat
C:\Program Files\SPYWAREfighter\Signatures\2597.dat
C:\Program Files\SPYWAREfighter\Signatures\2598.dat
C:\Program Files\SPYWAREfighter\Signatures\2599.dat
C:\Program Files\SPYWAREfighter\Signatures\2600.dat
C:\Program Files\SPYWAREfighter\Signatures\2601.dat
C:\Program Files\SPYWAREfighter\Signatures\2602.dat
C:\Program Files\SPYWAREfighter\Signatures\2603.dat
C:\Program Files\SPYWAREfighter\Signatures\2604.dat
C:\Program Files\SPYWAREfighter\Signatures\2605.dat
C:\Program Files\SPYWAREfighter\Signatures\2606.dat
C:\Program Files\SPYWAREfighter\Signatures\2607.dat
C:\Program Files\SPYWAREfighter\Signatures\2608.dat
C:\Program Files\SPYWAREfighter\Signatures\2609.dat
C:\Program Files\SPYWAREfighter\Signatures\2610.dat
C:\Program Files\SPYWAREfighter\Signatures\2611.dat
C:\Program Files\SPYWAREfighter\Signatures\2612.dat
C:\Program Files\SPYWAREfighter\Signatures\2613.dat
C:\Program Files\SPYWAREfighter\Signatures\2614.dat
C:\Program Files\SPYWAREfighter\Signatures\2615.dat
C:\Program Files\SPYWAREfighter\Signatures\2616.dat
C:\Program Files\SPYWAREfighter\Signatures\2617.dat
C:\Program Files\SPYWAREfighter\Signatures\2618.dat
C:\Program Files\SPYWAREfighter\Signatures\2619.dat
C:\Program Files\SPYWAREfighter\Signatures\2620.dat
C:\Program Files\SPYWAREfighter\Signatures\2621.dat
C:\Program Files\SPYWAREfighter\Signatures\2622.dat
C:\Program Files\SPYWAREfighter\Signatures\2623.dat
C:\Program Files\SPYWAREfighter\Signatures\2624.dat
C:\Program Files\SPYWAREfighter\Signatures\2625.dat
C:\Program Files\SPYWAREfighter\Signatures\2626.dat
C:\Program Files\SPYWAREfighter\Signatures\2627.dat
C:\Program Files\SPYWAREfighter\Signatures\2628.dat
C:\Program Files\SPYWAREfighter\Signatures\2629.dat
C:\Program Files\SPYWAREfighter\Signatures\2630.dat
C:\Program Files\SPYWAREfighter\Signatures\2631.dat
C:\Program Files\SPYWAREfighter\Signatures\2632.dat
C:\Program Files\SPYWAREfighter\Signatures\2633.dat
C:\Program Files\SPYWAREfighter\Signatures\2634.dat
C:\Program Files\SPYWAREfighter\Signatures\2635.dat
C:\Program Files\SPYWAREfighter\Signatures\2636.dat
C:\Program Files\SPYWAREfighter\Signatures\2637.dat
C:\Program Files\SPYWAREfighter\Signatures\2638.dat
C:\Program Files\SPYWAREfighter\Signatures\2639.dat
C:\Program Files\SPYWAREfighter\Signatures\2640.dat
C:\Program Files\SPYWAREfighter\Signatures\2641.dat
C:\Program Files\SPYWAREfighter\Signatures\2642.dat
C:\Program Files\SPYWAREfighter\Signatures\2643.dat
C:\Program Files\SPYWAREfighter\Signatures\2644.dat
C:\Program Files\SPYWAREfighter\Signatures\2645.dat
C:\Program Files\SPYWAREfighter\Signatures\2646.dat
C:\Program Files\SPYWAREfighter\Signatures\2647.dat
C:\Program Files\SPYWAREfighter\Signatures\2648.dat
C:\Program Files\SPYWAREfighter\Signatures\2649.dat
C:\Program Files\SPYWAREfighter\Signatures\2650.dat
C:\Program Files\SPYWAREfighter\Signatures\2651.dat
C:\Program Files\SPYWAREfighter\Signatures\2652.dat
C:\Program Files\SPYWAREfighter\Signatures\2653.dat
C:\Program Files\SPYWAREfighter\Signatures\2654.dat
C:\Program Files\SPYWAREfighter\Signatures\2655.dat
C:\Program Files\SPYWAREfighter\Signatures\2656.dat
C:\Program Files\SPYWAREfighter\Signatures\2657.dat
C:\Program Files\SPYWAREfighter\Signatures\2658.dat
C:\Program Files\SPYWAREfighter\Signatures\2659.dat
C:\Program Files\SPYWAREfighter\Signatures\2660.dat
C:\Program Files\SPYWAREfighter\Signatures\2661.dat
C:\Program Files\SPYWAREfighter\Signatures\2662.dat
C:\Program Files\SPYWAREfighter\Signatures\2663.dat
C:\Program Files\SPYWAREfighter\Signatures\2664.dat
C:\Program Files\SPYWAREfighter\Signatures\2665.dat
C:\Program Files\SPYWAREfighter\Signatures\2666.dat
C:\Program Files\SPYWAREfighter\Signatures\2667.dat
C:\Program Files\SPYWAREfighter\Signatures\2668.dat
C:\Program Files\SPYWAREfighter\Signatures\2669.dat
C:\Program Files\SPYWAREfighter\Signatures\2670.dat
C:\Program Files\SPYWAREfighter\Signatures\2671.dat
C:\Program Files\SPYWAREfighter\Signatures\2672.dat
C:\Program Files\SPYWAREfighter\Signatures\2673.dat
C:\Program Files\SPYWAREfighter\Signatures\2674.dat
C:\Program Files\SPYWAREfighter\Signatures\2675.dat
C:\Program Files\SPYWAREfighter\Signatures\2676.dat
C:\Program Files\SPYWAREfighter\Signatures\2677.dat
C:\Program Files\SPYWAREfighter\Signatures\2678.dat
C:\Program Files\SPYWAREfighter\Signatures\2679.dat
C:\Program Files\SPYWAREfighter\Signatures\2680.dat
C:\Program Files\SPYWAREfighter\Signatures\2681.dat
C:\Program Files\SPYWAREfighter\Signatures\2682.dat
C:\Program Files\SPYWAREfighter\Signatures\2683.dat
C:\Program Files\SPYWAREfighter\Signatures\2684.dat
C:\Program Files\SPYWAREfighter\Signatures\2685.dat
C:\Program Files\SPYWAREfighter\Signatures\2686.dat
C:\Program Files\SPYWAREfighter\Signatures\2687.dat
C:\Program Files\SPYWAREfighter\Signatures\2688.dat
C:\Program Files\SPYWAREfighter\Signatures\2689.dat
C:\Program Files\SPYWAREfighter\Signatures\2690.dat
C:\Program Files\SPYWAREfighter\Signatures\2691.dat
C:\Program Files\SPYWAREfighter\Signatures\2692.dat
C:\Program Files\SPYWAREfighter\Signatures\2693.dat
C:\Program Files\SPYWAREfighter\Signatures\2694.dat
C:\Program Files\SPYWAREfighter\Signatures\2695.dat
C:\Program Files\SPYWAREfighter\Signatures\2696.dat
C:\Program Files\SPYWAREfighter\Signatures\2697.dat
C:\Program Files\SPYWAREfighter\Signatures\2698.dat
C:\Program Files\SPYWAREfighter\Signatures\2699.dat
C:\Program Files\SPYWAREfighter\Signatures\2700.dat
C:\Program Files\SPYWAREfighter\Signatures\2701.dat
C:\Program Files\SPYWAREfighter\Signatures\2702.dat
C:\Program Files\SPYWAREfighter\Signatures\2703.dat
C:\Program Files\SPYWAREfighter\Signatures\2704.dat
C:\Program Files\SPYWAREfighter\Signatures\2705.dat
C:\Program Files\SPYWAREfighter\Signatures\2706.dat
C:\Program Files\SPYWAREfighter\Signatures\2707.dat
C:\Program Files\SPYWAREfighter\Signatures\2708.dat
C:\Program Files\SPYWAREfighter\Signatures\2709.dat
C:\Program Files\SPYWAREfighter\Signatures\2710.dat
C:\Program Files\SPYWAREfighter\Signatures\2711.dat
C:\Program Files\SPYWAREfighter\Signatures\2712.dat
C:\Program Files\SPYWAREfighter\Signatures\2713.dat
C:\Program Files\SPYWAREfighter\Signatures\2714.dat
C:\Program Files\SPYWAREfighter\Signatures\2715.dat
C:\Program Files\SPYWAREfighter\Signatures\2716.dat
C:\Program Files\SPYWAREfighter\Signatures\2717.dat
C:\Program Files\SPYWAREfighter\Signatures\2718.dat
C:\Program Files\SPYWAREfighter\Signatures\2719.dat
C:\Program Files\SPYWAREfighter\Signatures\2720.dat
C:\Program Files\SPYWAREfighter\Signatures\2721.dat
C:\Program Files\SPYWAREfighter\Signatures\2722.dat
C:\Program Files\SPYWAREfighter\Signatures\2723.dat
C:\Program Files\SPYWAREfighter\Signatures\2724.dat
C:\Program Files\SPYWAREfighter\Signatures\2725.dat
C:\Program Files\SPYWAREfighter\Signatures\2726.dat
C:\Program Files\SPYWAREfighter\Signatures\2727.dat
C:\Program Files\SPYWAREfighter\Signatures\2728.dat
C:\Program Files\SPYWAREfighter\Signatures\2729.dat
C:\Program Files\SPYWAREfighter\Signatures\2730.dat
C:\Program Files\SPYWAREfighter\Signatures\2731.dat
C:\Program Files\SPYWAREfighter\Signatures\2732.dat
C:\Program Files\SPYWAREfighter\Signatures\2733.dat
C:\Program Files\SPYWAREfighter\Signatures\2734.dat
C:\Program Files\SPYWAREfighter\Signatures\2735.dat
C:\Program Files\SPYWAREfighter\Signatures\2736.dat
C:\Program Files\SPYWAREfighter\Signatures\2737.dat
C:\Program Files\SPYWAREfighter\Signatures\2738.dat
C:\Program Files\SPYWAREfighter\Signatures\2739.dat
C:\Program Files\SPYWAREfighter\Signatures\2740.dat
C:\Program Files\SPYWAREfighter\Signatures\2741.dat
C:\Program Files\SPYWAREfighter\Signatures\2742.dat
C:\Program Files\SPYWAREfighter\Signatures\2743.dat
C:\Program Files\SPYWAREfighter\Signatures\2744.dat
C:\Program Files\SPYWAREfighter\Signatures\2745.dat
C:\Program Files\SPYWAREfighter\Signatures\2746.dat
C:\Program Files\SPYWAREfighter\Signatures\2747.dat
C:\Program Files\SPYWAREfighter\Signatures\2748.dat
C:\Program Files\SPYWAREfighter\Signatures\2749.dat
C:\Program Files\SPYWAREfighter\Signatures\2750.dat
C:\Program Files\SPYWAREfighter\Signatures\2751.dat
C:\Program Files\SPYWAREfighter\Signatures\2752.dat
C:\Program Files\SPYWAREfighter\Signatures\2753.dat
C:\Program Files\SPYWAREfighter\Signatures\2754.dat
C:\Program Files\SPYWAREfighter\Signatures\2755.dat
C:\Program Files\SPYWAREfighter\Signatures\2756.dat
C:\Program Files\SPYWAREfighter\Signatures\2757.dat
C:\Program Files\SPYWAREfighter\Signatures\2758.dat
C:\Program Files\SPYWAREfighter\Signatures\2759.dat
C:\Program Files\SPYWAREfighter\Signatures\2760.dat
C:\Program Files\SPYWAREfighter\Signatures\2761.dat
C:\Program Files\SPYWAREfighter\Signatures\2762.dat
C:\Program Files\SPYWAREfighter\Signatures\2763.dat
C:\Program Files\SPYWAREfighter\Signatures\2764.dat
C:\Program Files\SPYWAREfighter\Signatures\2765.dat
C:\Program Files\SPYWAREfighter\Signatures\2766.dat
C:\Program Files\SPYWAREfighter\Signatures\2767.dat
C:\Program Files\SPYWAREfighter\Signatures\2768.dat
C:\Program Files\SPYWAREfighter\Signatures\2769.dat
C:\Program Files\SPYWAREfighter\Signatures\2770.dat
C:\Program Files\SPYWAREfighter\Signatures\2771.dat
C:\Program Files\SPYWAREfighter\Signatures\2772.dat
C:\Program Files\SPYWAREfighter\Signatures\2773.dat
C:\Program Files\SPYWAREfighter\Signatures\2774.dat
C:\Program Files\SPYWAREfighter\Signatures\2775.dat
C:\Program Files\SPYWAREfighter\Signatures\2776.dat
C:\Program Files\SPYWAREfighter\Signatures\2777.dat
C:\Program Files\SPYWAREfighter\Signatures\2778.dat
C:\Program Files\SPYWAREfighter\Signatures\2779.dat
C:\Program Files\SPYWAREfighter\Signatures\2780.dat
C:\Program Files\SPYWAREfighter\Signatures\2781.dat
C:\Program Files\SPYWAREfighter\Signatures\2782.dat
C:\Program Files\SPYWAREfighter\Signatures\2783.dat
C:\Program Files\SPYWAREfighter\Signatures\2784.dat
C:\Program Files\SPYWAREfighter\Signatures\2785.dat
C:\Program Files\SPYWAREfighter\Signatures\2786.dat
C:\Program Files\SPYWAREfighter\Signatures\2787.dat
C:\Program Files\SPYWAREfighter\Signatures\2788.dat
C:\Program Files\SPYWAREfighter\Signatures\2789.dat
C:\Program Files\SPYWAREfighter\Signatures\2790.dat
C:\Program Files\SPYWAREfighter\Signatures\2791.dat
C:\Program Files\SPYWAREfighter\Signatures\2792.dat
C:\Program Files\SPYWAREfighter\Signatures\2793.dat
C:\Program Files\SPYWAREfighter\Signatures\2794.dat
C:\Program Files\SPYWAREfighter\Signatures\2795.dat
C:\Program Files\SPYWAREfighter\Signatures\2796.dat
C:\Program Files\SPYWAREfighter\Signatures\2797.dat
C:\Program Files\SPYWAREfighter\Signatures\2798.dat
C:\Program Files\SPYWAREfighter\Signatures\2799.dat
C:\Program Files\SPYWAREfighter\Signatures\2800.dat
C:\Program Files\SPYWAREfighter\Signatures\2801.dat
C:\Program Files\SPYWAREfighter\Signatures\2802.dat
C:\Program Files\SPYWAREfighter\Signatures\2803.dat
C:\Program Files\SPYWAREfighter\Signatures\2804.dat
C:\Program Files\SPYWAREfighter\Signatures\2805.dat
C:\Program Files\SPYWAREfighter\Signatures\2806.dat
C:\Program Files\SPYWAREfighter\Signatures\2807.dat
C:\Program Files\SPYWAREfighter\Signatures\2808.dat
C:\Program Files\SPYWAREfighter\Signatures\2809.dat
C:\Program Files\SPYWAREfighter\Signatures\2810.dat
C:\Program Files\SPYWAREfighter\Signatures\2811.dat
C:\Program Files\SPYWAREfighter\Signatures\2812.dat
C:\Program Files\SPYWAREfighter\Signatures\2813.dat
C:\Program Files\SPYWAREfighter\Signatures\2814.dat
C:\Program Files\SPYWAREfighter\Signatures\2815.dat
C:\Program Files\SPYWAREfighter\Signatures\2816.dat
C:\Program Files\SPYWAREfighter\Signatures\2817.dat
C:\Program Files\SPYWAREfighter\Signatures\2818.dat
C:\Program Files\SPYWAREfighter\Signatures\2819.dat
C:\Program Files\SPYWAREfighter\Signatures\2820.dat
C:\Program Files\SPYWAREfighter\Signatures\2821.dat
C:\Program Files\SPYWAREfighter\Signatures\2822.dat
C:\Program Files\SPYWAREfighter\Signatures\2823.dat
C:\Program Files\SPYWAREfighter\Signatures\2824.dat
C:\Program Files\SPYWAREfighter\Signatures\2825.dat
C:\Program Files\SPYWAREfighter\Signatures\2826.dat
C:\Program Files\SPYWAREfighter\Signatures\2827.dat
C:\Program Files\SPYWAREfighter\Signatures\2828.dat
C:\Program Files\SPYWAREfighter\Signatures\2829.dat
C:\Program Files\SPYWAREfighter\Signatures\2830.dat
C:\Program Files\SPYWAREfighter\Signatures\2831.dat
C:\Program Files\SPYWAREfighter\Signatures\2832.dat
C:\Program Files\SPYWAREfighter\spf.dat
C:\Program Files\SPYWAREfighter\spf.log
C:\Program Files\SPYWAREfighter\spfext.dll
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\SPYWAREfighter\spfrm.dll
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\SPYWAREfighter\spyfighter.sys
C:\Program Files\SPYWAREfighter\SPYWAREfighter.exe
C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll
C:\WINDOWS\system32\C8C7CBCFCFCA.exe
C:\WINDOWS\system32\drivers\Ahn64.sys
C:\WINDOWS\system32\drivers\astq.tga
C:\WINDOWS\system32\drivers\drtya
C:\WINDOWS\system32\MI19.tmp
.
---- Previous Run -------
.
C:\Documents and Settings\Sandrine\Application Data\MessengerSkinner
C:\Documents and Settings\Sandrine\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\Sandrine\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\Sandrine\Menu D‚marrer\Programmes\MessengerSkinner
C:\Documents and Settings\Sandrine\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\Sandrine\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\MessengerSkinner.url
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\winperformance
C:\Program Files\winperformance\extensions\index.ext
C:\Program Files\winperformance\extensions\main.dll
C:\Program Files\winperformance\extensions\main.ldb
C:\Program Files\winperformance\extensions\main.mdb
C:\Program Files\winperformance\files\warn_bad.bmp
C:\Program Files\winperformance\files\warn_trusted.bmp
C:\Program Files\winperformance\files\warn_unknown.bmp
C:\Program Files\winperformance\registry_backup\2008.01.22 18.57.38.rb
C:\Program Files\winperformance\scan.archive
C:\Program Files\winperformance\WinPerformance.ini
C:\Program Files\winperformance\zlib.dll
C:\WINDOWS\pack.epk
c:\WINDOWS\system32\gbytbwlos.dat
C:\WINDOWS\system32\gbytbwlos.exe
C:\WINDOWS\system32\gbytbwlos_nav.dat
C:\WINDOWS\system32\gbytbwlos_navps.dat
C:\WINDOWS\system32\nvs2.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm






-------\Ahn64
-------\astq
-------\drtya


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))))))))
.

2008-01-23 20:07 . 2008-01-23 21:28 153,632 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-23 20:07 . 2008-01-23 21:25 2,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-23 19:48 . 2008-01-23 21:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-23 19:46 . 2008-01-23 21:11 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-23 16:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 12:25 . 2008-01-23 12:25 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-22 21:19 . 2008-01-22 21:19 <REP> d-------- C:\Program Files\Avira
2008-01-22 20:18 . 2008-01-22 20:18 <REP> d-------- C:\Program Files\Trend Micro
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\WINDOWS\system32\07060A0E0E09
2008-01-22 18:22 . 2008-01-22 18:22 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-22 07:26 . 2008-01-22 07:26 <REP> d-------- C:\WINDOWS\leunemdf
2008-01-20 22:40 . 2008-01-22 19:49 <REP> d-------- C:\Program Files\Windows Live
2008-01-20 22:40 . 2008-01-20 22:45 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-20 19:02 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-20 19:02 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-20 19:02 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-20 19:02 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-20 19:01 . 2008-01-23 20:39 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-20 19:01 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-20 18:43 . 2008-01-20 18:43 <REP> d-------- C:\Program Files\Fichiers communs\Application
2007-12-30 16:32 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-30 16:32 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 18:48 --------- d-----w C:\Program Files\Neuf
2008-01-22 18:47 --------- d-----w C:\Program Files\VideoLAN
2008-01-21 19:08 --------- d-----w C:\Program Files\Launch Manager
2008-01-20 18:00 --------- d-----w C:\Program Files\Google
2008-01-20 17:12 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-20 09:44 --------- d-----w C:\Program Files\eMule
2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
2007-05-02 20:53 1,401 ----a-w C:\Program Files\uninstal.log
2001-08-13 13:51 1,396,337 ----a-w C:\Program Files\Captura.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_16.55.55.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 15:41:24 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 20:18:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 15:41:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 20:18:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 15:41:25 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 20:18:27 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 15:41:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 20:18:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 15:41:25 5,177,344 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 20:18:27 5,246,976 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 15:41:25 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 20:18:27 122,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-07-19 14:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 18:27:44 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
+ 2007-12-13 18:27:44 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
+ 2007-12-13 18:26:50 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
+ 2004-04-27 03:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
+ 2007-12-13 18:26:56 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-12-13 18:27:14 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-12-13 18:26:56 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-12-13 18:26:56 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-12-13 18:26:56 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-12-13 18:26:56 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-12-13 18:26:58 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-12-13 18:27:48 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
+ 2007-12-13 18:26:58 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-12-13 18:26:58 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2007-12-13 18:26:58 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-12-13 18:26:58 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-12-13 18:26:48 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-12-13 18:27:42 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll
+ 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-07-19 14:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 14:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-05-30 23:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-07-19 14:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-05-30 23:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-09-11 20:09:16 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-09-11 20:09:16 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-12-13 18:26:48 99,816
0
Réponse 18 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
23 janv. 2008 à 21:44
maintenant le rapport de hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [2423272B2B2625] C8C7CBCFCFCA.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - http://www.quest3d.com/Quest3D_WebInstall.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
0
Réponse 19 / 56
Utilisateur anonyme
23 janv. 2008 à 21:53
relancehijackthis do a scan systeme only et coche la case qui se trouve devant cs lignes puis clic sur fix chequed !

O4 - HKLM\..\Run: [2423272B2B2625] C8C7CBCFCFCA.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing)


ensuite redemarre en mode sans echecs et scan ton pc avec antivir et copie moi le rapport stp !
0
Réponse 20 / 56
yourcaillette Messages postés 56 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 13 mai 2012
24 janv. 2008 à 12:54
merci pour ton message alors voila ce matin j'ai fait ce que tu me demandais et voici le rapport après près de 5h de scan!!!



AntiVir PersonalEdition Classic
Report file date: 2008-01-24 07:35

Scanning for 1063907 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Sandrine
Computer name: AMILO

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 21:58:27
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 2008-01-15 21:58:27
ANTIVIR3.VDF : 7.0.2.31 319488 Bytes 2008-01-22 21:58:27
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 2008-01-22 21:58:27
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-22 21:58:28
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-01-24 07:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '43' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-01-23_212704.43.zip
[0] Archive type: ZIP
--> astq.tga
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> drtya
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '480c6ef3.qua'!
C:\QooBox\Quarantine\c\WINDOWS\system32\drivers\astq.tga.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '480c6f2b.qua'!
C:\QooBox\Quarantine\c\WINDOWS\system32\drivers\drtya.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '480c6f2d.qua'!
C:\WINDOWS\system32\ztx86.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4810762f.qua'!


End of the scan: 2008-01-24 12:34
Used time: 4:59:18 min

The scan has been done completely.

4515 Scanning directories
244800 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
244795 Files not concerned
994 Archives were scanned
1 Warnings
1 Notes
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
comment ecrire un double cote " "
helmii -
[Dal] -

3 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses