Énorme plantage suite à un erreur du système [Résolu/Fermé]

Signaler
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009
-
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
-
Bonjour,
Mon ordinateur commence à connaître un certain problème dont il me cause beaucoup de problème, je vous explique le problème.
Environs tous les un quart d'heure, un message d'erreur apparaît :
***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)***. Inaccessible handler or device. Click this balloon to fix the problem
Et lorsque je clique dessus, il me propose de telecharger un logiciel anti-virus de première vue tout en le payant -_- . Et quand le message d'erreur apparaît mon ordi subit un énorme bug.

Voici mon Hijackthis, si quelqu'n pourrait y voir quelque chose et y trouver une réponse, je lui en serait très reconnaissant.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:20 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vhsugttdirwu.net/JEs/bwPpoESaFy_E9cxtDvyaurtsJjIDSEPR5hq/LV7y_xgylw0ao9eF2_Ui56Wb.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: (no name) - {0000DE80-AEC3-70C3-4176-CE509063E000} - (no file)
O2 - BHO: (no name) - {00534B55-3155-CA4F-B41D-0E922121D03C} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {10d5f100-b5d2-e53a-7c04-970c91cada76} - {67adac19-c079-40c7-a35e-2d5b001f5d01} - C:\WINDOWS\system32\vdmbyyxj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\odjjvpmz.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKUS\S-1-5-18\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\system32\WAUCLT~1.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tiqs] C:\WINDOWS\system32\s?stem\?ttrib.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\en8sl1l71.dll (file missing)
O20 - Winlogon Notify: odjjvpmz - C:\WINDOWS\SYSTEM32\odjjvpmz.dll
O20 - Winlogon Notify: wvurrrq - wvurrrq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html

47 réponses

Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Tu as même de la chance qu'il démarre.

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

2/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

3/ Edite les 2 rapports précédents et un rapport Hijackthis. Je regarde cela demain.

FillPCA
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009

Merci beaucoup de ta réponse, les 2 rapports ont été fait les voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:59 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tiqs] C:\WINDOWS\system32\s?stem\?ttrib.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: wvurrrq - wvurrrq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
-
End of file - 7436 bytes





SDFix: Version 1.140

Run by Administrator on Sun 02/10/2008 at 05:33 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

Path:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001634

COM+ Messages - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FDECAREW.DLL - Deleted
C:\WINDOWS\SYSTEM32\QDVIEWFE.DLL - Deleted
C:\WINDOWS\SYSTEM32\RASWENRT.DLL - Deleted
C:\WINDOWS\system32\tmpmpt1.tmp - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\cmnocfg.xml - Deleted
C:\WINDOWS\system32\drivers\etc\hosts.tim - Deleted
C:\WINDOWS\system32\explorer.exe - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\regedit.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 637,944 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 1 File(s) 637,945 bytes - Deleted



Folder C:\Program Files\Ipwindows - Removed
Folder C:\WINDOWS\Fonts\' - Removed


Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 17:52:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 17


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\gymjlfga.exe"="C:\\WINDOWS\\system32\\gym"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe"="C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 29 Dec 2006 1,056 A.SH. --- "C:\xlnjaw3o.sys"
Sat 12 Jan 2008 24 ..SH. --- "C:\WINDOWS\S2E57DA41.tmp"
Thu 26 Jan 2006 40,960 ..SH. --- "C:\Program Files\Common Files\services.exe"
Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 16 Aug 2003 579,584 A.SHR --- "C:\WINDOWS\system32\cd.exe"
Sun 10 Feb 2008 20,612 ..SH. --- "C:\WINDOWS\system32\odjjvpmz.dllbox"
Mon 27 Jun 2005 2,045 A..H. --- "C:\WINDOWS\system32\whlb32f.dll"
Tue 8 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe"
Wed 11 Aug 2004 73,728 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe"
Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Mon 2 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!





ComboFix 08-02.05.3 - User 2008-02-10 18:43:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.421 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\odjjvpmz.dll
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\User\Application Data\ASKS~1
C:\Documents and Settings\User\Application Data\CROSOF~1
C:\Documents and Settings\User\Application Data\FNTS~1
C:\Documents and Settings\User\Application Data\FNTS~2
C:\Documents and Settings\User\Application Data\ICROSO~1
C:\Documents and Settings\User\Application Data\MBOLS~1
C:\Documents and Settings\User\Application Data\PPATCH~1
C:\Documents and Settings\User\Application Data\RACLE~1
C:\Documents and Settings\User\Application Data\SKS~1
C:\Documents and Settings\User\Application Data\SKS~2
C:\Documents and Settings\User\Application Data\storageprotector
C:\Documents and Settings\User\Application Data\storageprotector\Logs\update.log
C:\Documents and Settings\User\Application Data\TSKS~1
C:\Documents and Settings\User\Application Data\WNSXS~1
C:\Documents and Settings\User\Application Data\YSTEM3~1
C:\Documents and Settings\User\My Documents\MBOLS~1
C:\Documents and Settings\User\My Documents\SSTEM3~1
C:\Documents and Settings\User\My Documents\STEM32~1
C:\Documents and Settings\User\Start Menu\Programs\Uninstall.lnk
C:\Program Files\asks~1
C:\Program Files\Common Files\{34A68~1
C:\Program Files\Common Files\{34A68~1\toolbardll.lzma
C:\Program Files\Common Files\{34A68~2
C:\Program Files\Common Files\{A4A68~1
C:\Program Files\Common Files\{A4A68~2
C:\Program Files\Common Files\{A4A68~3
C:\Program Files\Common Files\asembl~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\inetget\
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\vcclient
C:\Program Files\Common Files\vcclient\ClientUpdater.bat
C:\Program Files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\vcclient\temp.txt
C:\Program Files\Common Files\vcclient\VCClient.exe.config
C:\Program Files\Common Files\vcclient\VCUpdate.exe
C:\Program Files\Common Files\vcclient\VCUpdate.exe.config
C:\Program Files\Common Files\vcclient\Version.txt
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\crosof~1.net
C:\Program Files\dns
C:\Program Files\dns\affid.dat
C:\Program Files\dns\cwebpage.dll
C:\Program Files\dns\uid.dat
C:\Program Files\dns\urls.dat
C:\Program Files\dns\version.txt
C:\Program Files\dns\x.bmp
C:\Program Files\fnts~1
C:\Program Files\internet optimizer\
C:\Program Files\msupdate
C:\Program Files\pasystem
C:\Program Files\pasystem\support.dat
C:\Program Files\pasystem\Uninstall.exe
C:\Program Files\pscastor
C:\Program Files\racle~1
C:\Program Files\screensavers.com
C:\Program Files\sembly~1
C:\Program Files\sks~1
C:\Program Files\smbols~1
C:\Program Files\ssembl~1
C:\Program Files\stem~1
C:\Program Files\toolbar888\
C:\Program Files\windows
C:\Program Files\winupdate
C:\Program Files\winupdates
C:\Program Files\wmplayer
C:\Program Files\wnsxs~1
C:\Program Files\ymante~1
C:\Program Files\ystem~1
C:\WINDOWS\drsmartload.dat
C:\WINDOWS\fnts~1
C:\WINDOWS\gimmygames.dat
C:\WINDOWS\gimmygames101.dat
C:\WINDOWS\gimmygames91.dat
C:\WINDOWS\icroso~1
C:\WINDOWS\icroso~2
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\keyboard101.dat
C:\WINDOWS\keyboard11.dat
C:\WINDOWS\keyboard111.dat
C:\WINDOWS\keyboard121.dat
C:\WINDOWS\keyboard131.dat
C:\WINDOWS\keyboard141.dat
C:\WINDOWS\keyboard151.dat
C:\WINDOWS\keyboard161.dat
C:\WINDOWS\keyboard171.dat
C:\WINDOWS\keyboard181.dat
C:\WINDOWS\keyboard191.dat
C:\WINDOWS\keyboard201.dat
C:\WINDOWS\keyboard21.dat
C:\WINDOWS\keyboard211.dat
C:\WINDOWS\keyboard221.dat
C:\WINDOWS\keyboard231.dat
C:\WINDOWS\keyboard31.dat
C:\WINDOWS\keyboard41.dat
C:\WINDOWS\keyboard51.dat
C:\WINDOWS\keyboard61.dat
C:\WINDOWS\keyboard71.dat
C:\WINDOWS\keyboard81.dat
C:\WINDOWS\keyboard91.dat
C:\WINDOWS\mbols~1
C:\WINDOWS\mcroso~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\??pPatch\
C:\WINDOWS\racle~1
C:\WINDOWS\racle~2
C:\WINDOWS\rising28.exe
C:\WINDOWS\rising640.exe
C:\WINDOWS\rising845.exe
C:\WINDOWS\rising991.exe
C:\WINDOWS\ssembl~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\battyrun.dll
C:\WINDOWS\system32\cplvaibu.ini
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~2
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\gjvtckbi.dll
C:\WINDOWS\system32\iexplorer.dll .dbt
C:\WINDOWS\system32\mcroso~1.net
C:\WINDOWS\system32\odjjvpmz.dll
C:\WINDOWS\system32\odjjvpmz.dllbox
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\RCX3A.tmp
C:\WINDOWS\system32\rk.bin
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\sfvqdhhn.ini
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\ubiavlpc.dll
C:\WINDOWS\system32\vdmbyyxj.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\winsysupd1.dat
C:\WINDOWS\winsysupd101.dat
C:\WINDOWS\winsysupd111.dat
C:\WINDOWS\winsysupd121.dat
C:\WINDOWS\winsysupd21.dat
C:\WINDOWS\winsysupd31.dat
C:\WINDOWS\winsysupd41.dat
C:\WINDOWS\winsysupd51.dat
C:\WINDOWS\winsysupd61.dat
C:\WINDOWS\winsysupd71.dat
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NPF
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK


((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-02-10 18:23 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-10 17:09 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
2008-02-02 13:02 . 2008-02-02 13:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 22:52 . 2008-01-26 22:54 <DIR> d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll
2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini
2008-01-26 10:55 . 2008-01-26 10:55 <DIR> d-------- C:\Documents and Settings\User\RadiantSettings
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\GtkRadiant-1.4
2008-01-20 16:29 . 2008-01-22 20:32 <DIR> d----c--- C:\vdp
2008-01-20 11:15 . 2008-01-20 11:20 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\Data
2008-01-19 12:08 . 2008-01-19 12:08 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-19 10:22 . 2008-01-19 10:26 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-19 10:08 . 2008-01-19 10:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 09:11 . 2008-01-19 09:11 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:08 . 2008-01-19 09:08 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-13 16:26 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-13 16:26 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-13 16:26 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-13 16:26 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-13 14:01 . 2008-01-13 14:01 <DIR> d-------- C:\Program Files\RaGEZONE
2008-01-12 15:56 . 2008-01-12 15:56 20,480 --a------ C:\WINDOWS\quit.exe
2008-01-12 12:56 . 2008-01-12 18:39 24 ---hs---- C:\WINDOWS\S2E57DA41.tmp
2008-01-12 12:48 . 2008-01-12 12:48 <DIR> d-------- C:\Program Files\SlySoft
2008-01-11 19:54 . 2008-01-19 08:57 <DIR> d-------- C:\Documents and Settings\User\Application Data\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 21:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 04:18 103,936 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-07 00:43 800,768 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 03:00 1,920,512 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:52 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-20 02:26 --------- d-----w C:\Documents and Settings\User\Application Data\exitglue
2008-01-20 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\heart wave amok film
2008-01-19 14:07 --------- d-----w C:\Program Files\LocalCooling
2008-01-19 12:58 133,120 ----a-w C:\WINDOWS\Internet Logs\xDB43D.tmp
2008-01-19 12:58 1,861,632 ----a-w C:\WINDOWS\Internet Logs\xDB43E.tmp
2008-01-18 01:33 1,854,976 ----a-w C:\WINDOWS\Internet Logs\xDB3053.tmp
2008-01-18 01:33 1,336,320 ----a-w C:\WINDOWS\Internet Logs\xDB2E60.tmp
2008-01-18 00:42 1,849,344 ----a-w C:\WINDOWS\Internet Logs\xDB2E59.tmp
2008-01-17 01:22 508,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-01-16 22:13 508,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-01-14 01:07 1,831,936 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2008-01-13 23:39 1,830,400 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2008-01-13 20:07 1,834,496 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2008-01-13 15:59 50,176 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2008-01-13 15:24 1,806,336 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2008-01-12 23:51 378,880 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2008-01-12 23:05 728,576 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2008-01-12 22:40 2,988,032 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2008-01-12 22:40 1,795,584 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 16:15 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-01-05 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 04:18 2,905,600 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2008-01-05 03:57 --------- d-----w C:\Program Files\MSN Messenger
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2008-01-05 01:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire
2008-01-02 19:44 369,664 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp
2008-01-02 19:44 1,688,576 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2007-12-31 23:48 1,644,032 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2007-12-31 23:48 1,092,096 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2007-12-31 18:29 1,624,576 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com
2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks
2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX
2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-29 03:12 77,824 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2007-12-29 01:56 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio
2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-28 05:08 1,584,640 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2007-12-28 05:08 1,020,416 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation
2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA
2007-12-27 05:21 1,548,800 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2007-12-27 05:21 1,158,144 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com
2007-12-26 19:25 1,528,832 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2007-12-26 19:25 1,222,656 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2007-12-24 23:09 2,085,888 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2007-12-24 23:09 1,519,616 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2007-12-24 05:18 1,522,688 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2007-12-23 23:39 230,400 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2007-12-23 23:39 1,516,032 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2007-12-23 04:50 403,456 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2007-12-22 20:54 137,728 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2007-12-22 06:03 2,945,024 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2007-12-21 04:05 --------- d-----w C:\Documents and Settings\User\Application Data\DivX
2007-12-16 01:05 --------- d-----w C:\Program Files\DivX
2007-12-14 00:42 1,482,240 -c--a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2007-12-12 02:16 2,757,632 -c--a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-09 15:39 862,208 -c--a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2007-12-09 15:39 1,467,392 -c--a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2007-12-08 03:37 3,501,056 -c--a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2007-12-08 03:37 1,449,472 -c--a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2007-11-19 01:55 1,346,560 -c--a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2007-11-17 04:29 509,440 -c--a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2007-11-16 01:01 52,736 -c--a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2007-11-16 01:01 1,278,464 -c--a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2007-11-15 02:39 427,008 -c--a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2007-11-11 05:55 722,944 -c--a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2007-11-11 05:55 2,227,712 -c--a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2007-11-11 05:54 2,227,712 -c--a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2007-11-10 04:37 2,226,688 -c--a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
2003-08-16 18:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe
.
[code]<pre>
----a-w 307,200 2008-01-09 22:30:10 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 79,224 2008-01-14 02:48:09 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 451,896 2008-01-09 22:29:57 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
----a-w 98,304 2008-01-09 22:29:57 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder .exe
----a-w 36,975 2008-01-09 22:29:39 C:\Program Files\Java\jre1.5.0_01\bin\jusched .exe
----a-w 36,975 2008-01-09 01:12:07 C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w 2,056,875 2008-01-13 17:28:16 C:\Program Files\LocalCooling\localcooling .exe
----a-w 190,024 2008-01-20 16:13:32 C:\Program Files\MessengerPlus! 3\MsgPlus .exe
----a-w 5,674,352 2008-01-05 01:05:02 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 536,576 2008-01-09 22:30:11 C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
----a-w 451,896 2008-01-09 22:29:59 C:\Program Files\Pure Networks\Network Magic\nmapp .exe
----a-w 57,344 2008-01-13 16:04:07 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 02:12:44 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 919,280 2008-01-20 16:21:59 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 508,928 2008-01-17 01:22:45 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-20 16:12:31 C:\WINDOWS\system32\ctfmon .exe
----a-w 1,622,016 2008-01-13 16:04:02 C:\WINDOWS\system32\rlvknlg .exe
</pre>/code


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe" [2008-01-20 11:21 919280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Seoe"="C:\WINDOWS\PPATCH~1\notepad.exe" [ ]
"Tiqs"="C:\WINDOWS\system32\s?stem\?ttrib.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurrrq]
wvurrrq.dll

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amok film nurb meal]
C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a--c--- 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockChecker]
C:\Program Files\Block Checker\block-checker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\creative barb]
C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorhandler]
C:\WINDOWS\errorhandler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H005RPbFR]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaSystem]
C:\Program Files\pasystem\pasystem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QMusic2]
C:\Program Files\BenQ\QMusic2\QMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageProtector]
C:\Program Files\StorageProtector\SysRep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]
C:\Program Files\TClock\tclock_install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheTurtle]
C:\Program Files\TheTurtle\TheTurtle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0513-1033-0519-031213200001}]
C:\Program Files\Common Files\{A4A68187-0513-1033-0519-031213200001}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0514-1033-0519-031213200001}]
C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0515-1033-0519-031213200001}]
C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}\Update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\system32\msasvc.exe []
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 00:00:01 C:\WINDOWS\Tasks\A1DF315A9184B062.job"
- c:\docume~1\user\applic~1\exitglue\bleh file eq.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 19:12:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-10 19:21:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 00:21:22
.
2008-02-10 19:30:19 --- E O F ---


J'espère que toutes les procédures ont été bien fait, merci d'avance de ton aide.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Il faut toujours faire Hijackthis en dernier, ce qui permet de faire l'état des lieux suite au passage des outils de nettoyage. Il en reste encore énormément.

1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

2/ * Peux-tu tester ceci : C:\Program Files\MSN Messenger\winmm.dll
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

Fais la même chose avec ces fichiers :
C:\Program Files\Windows Live\Messenger\winmm.dll

et

C:\WINDOWS\system32\cd.exe

2/ Merci à Lazzzy

* Télécharger lopxpMH : http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
* Dézippe-le au moyen d'un clic droit et extrais-le sur le bureau.
* Edite le rapport généré.

3/ # Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

4/ Edite ces 5 rapports (rapports virustotal, LopXPMH2, SREng) et un nouveau rapport Hijackthis.

FillPCA
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009

Salut, je te remercie de ta réponse et du temps accorder

Voila les rapports :
Celui de virustotal :

C:\Program Files\MSN Messenger\winmm.dll
Rapport :
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.11 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 -


Pour
C:\Program Files\Windows Live\Messenger\winmm.dll
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.11 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 -


Et pour
C:\WINDOWS\system32\cd.exe
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.12.10 2008.02.11 -
AntiVir 7.6.0.62 2008.02.11 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.11 -
AVG 7.5.0.516 2008.02.11 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.11 -
ClamAV 0.92 2008.02.11 -
DrWeb 4.44.0.09170 2008.02.11 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5529 2008.02.11 -
Ewido 4.0 2008.02.11 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.11 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.11 -
Ikarus T3.1.1.20 2008.02.11 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5227 2008.02.11 -
Microsoft 1.3204 2008.02.11 -
NOD32v2 2866 2008.02.11 -
Norman 5.80.02 2008.02.11 -
Panda 9.0.0.4 2008.02.11 -
Prevx1 V2 2008.02.12 Generic.Malware
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.11 -
Sunbelt 2.2.907.0 2008.02.09 -
Symantec 10 2008.02.11 -
TheHacker 6.2.9.217 2008.02.11 -
VBA32 3.12.6.0 2008.02.11 suspected of Backdoor.XiaoBird.31
VirusBuster 4.3.26:9 2008.02.11 -
Webwasher-Gateway 6.6.2 2008.02.11 Win32.Malware.gen!88 (suspicious)


Rapport lopxpMH2 version 2.0 fait à 18:54:56.37 le Mon 02/11/2008
C:\Documents and Settings\User\Desktop\lopxpMH2

******************************************
## Répertoires Application Data

Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Administrator\Application Data

01/13/2008 03:10 PM <DIR> .
01/13/2008 03:10 PM <DIR> ..
01/19/2008 12:08 PM <DIR> Macromedia
01/13/2008 03:10 PM <DIR> Microsoft
01/19/2008 10:07 AM <DIR> Mozilla
01/19/2008 10:08 AM <DIR> Talkback
01/13/2008 03:10 PM 62 desktop.ini
1 File(s) 62 bytes
6 Dir(s) 17,650,475,008 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data

01/13/2008 03:10 PM <DIR> .
01/13/2008 03:10 PM <DIR> ..
01/13/2008 03:10 PM <DIR> Microsoft
01/19/2008 10:07 AM <DIR> Mozilla
01/19/2008 10:09 AM 42,288 GDIPFONTCACHEV1.DAT
01/13/2008 03:26 PM 3,712,656 IconCache.db
2 File(s) 3,754,944 bytes
4 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\All Users\Application Data

07/11/2005 11:28 AM <DIR> .
07/11/2005 11:28 AM <DIR> ..
05/27/2006 11:01 AM <DIR> Adobe
03/04/2006 11:51 PM <DIR> Apple Computer
01/20/2008 11:15 AM <DIR> Data
07/26/2007 11:42 AM <DIR> ENJOY Plus!
07/25/2007 05:28 PM <DIR> FLEXnet
09/12/2006 06:07 PM <DIR> Google
08/29/2005 02:15 PM <DIR> heart wave amok film
08/28/2005 05:39 PM <DIR> Messenger Plus!
07/11/2005 11:28 AM <DIR> Microsoft
03/25/2006 05:21 PM <DIR> muvee Technologies
08/05/2005 07:58 AM <DIR> Newsoft
12/28/2007 09:32 PM <DIR> Pure Networks
01/19/2008 09:11 AM <DIR> SalesMon
01/05/2008 11:09 AM <DIR> Someplayer
12/02/2006 11:18 PM <DIR> Spybot - Search & Destroy
08/14/2005 01:07 PM <DIR> Symantec
12/31/2007 06:25 PM <DIR> TEMP
08/14/2005 02:28 PM <DIR> Ulead Systems
07/23/2005 08:49 PM <DIR> vidctrl
07/12/2006 10:30 AM <DIR> Windows Genuine Advantage
01/04/2008 10:20 PM <DIR> WLInstaller
01/12/2008 06:38 PM 41 .zreglib
05/27/2006 03:19 PM 305 addr_file.html
07/11/2005 11:29 AM 62 desktop.ini
03/05/2006 11:58 AM 1,377 QTSBandwidthCache
4 File(s) 1,785 bytes
23 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Default User\Application Data

07/11/2005 11:28 AM <DIR> .
07/11/2005 11:28 AM <DIR> ..
07/11/2005 11:28 AM <DIR> Microsoft
07/11/2005 11:29 AM 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\Default User\Local Settings\Application Data

07/11/2005 11:29 AM <DIR> .
07/11/2005 11:29 AM <DIR> ..
07/11/2005 04:00 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\LocalService\Application Data

07/11/2005 04:09 PM <DIR> .
07/11/2005 04:09 PM <DIR> ..
09/15/2005 05:51 PM <DIR> exitglue
09/15/2005 06:02 PM <DIR> Macromedia
07/11/2005 04:09 PM <DIR> Microsoft
12/28/2007 04:28 PM <DIR> Xfire
0 File(s) 0 bytes
6 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\LocalService\Local Settings\Application Data

07/11/2005 04:09 PM <DIR> .
07/11/2005 04:09 PM <DIR> ..
07/11/2005 04:09 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\NetworkService\Application Data

07/11/2005 04:07 PM <DIR> .
07/11/2005 04:07 PM <DIR> ..
07/11/2005 04:07 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\NetworkService\Local Settings\Application Data

07/11/2005 04:07 PM <DIR> .
07/11/2005 04:07 PM <DIR> ..
07/11/2005 04:07 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\User\Application Data

07/11/2005 04:10 PM <DIR> .
07/11/2005 04:10 PM <DIR> ..
04/13/2006 12:12 PM <DIR> Adobe
05/27/2006 11:27 AM <DIR> AdobeUM
03/04/2006 11:57 PM <DIR> Apple Computer
09/29/2007 11:59 AM <DIR> ArcSoft
09/16/2005 05:11 PM <DIR> Block Checker
09/18/2005 05:10 PM <DIR> Canon
04/17/2006 02:33 PM <DIR> Dev-Cpp
12/15/2007 08:06 PM <DIR> DivX
07/26/2007 11:42 AM <DIR> ENJOY Plus!
09/16/2005 05:16 PM <DIR> exitglue
01/12/2006 08:05 PM <DIR> Google
03/25/2007 10:57 AM <DIR> GreatMemo
10/01/2005 05:26 PM <DIR> Help
07/04/2007 09:34 PM <DIR> ijjigame
04/17/2006 08:24 PM <DIR> Jasc
09/03/2006 08:12 PM <DIR> Lavasoft
09/17/2006 07:26 PM <DIR> Leadertech
07/27/2007 05:09 PM <DIR> ma-config.com
09/16/2005 05:11 PM <DIR> Macromedia
04/10/2007 05:48 PM <DIR> MailFrontier
07/11/2005 04:10 PM <DIR> Microsoft
03/18/2006 10:04 PM <DIR> Mozilla
07/12/2005 05:57 PM <DIR> MSNInstaller
12/27/2007 06:45 PM <DIR> NHN Corporation
03/18/2006 09:53 PM <DIR> Notepad++
01/27/2007 09:44 AM <DIR> Nvu
02/07/2008 07:36 PM <DIR> OpenOffice.org2
02/03/2008 09:13 PM <DIR> RadiantSettings
10/16/2006 03:11 PM <DIR> Real
01/22/2006 10:00 AM <DIR> Registry Cleaner
11/16/2007 11:04 PM <DIR> Screaming Bee
03/08/2007 01:45 PM <DIR> Screenshot Sender
05/20/2006 11:49 AM <DIR> Sixthviewblue
01/05/2008 11:15 AM <DIR> Someplayer
07/19/2005 11:11 AM <DIR> Sun
08/14/2005 01:08 PM <DIR> Symantec
10/05/2006 05:45 PM <DIR> System Requirements Lab
01/11/2008 07:54 PM <DIR> SystemRequirementsLab
05/23/2006 07:24 PM <DIR> Talkback
04/09/2006 05:42 PM <DIR> teamspeak2
04/20/2007 07:39 PM <DIR> Thunderbird
08/14/2005 02:30 PM <DIR> Ulead Systems
06/30/2006 02:04 PM <DIR> Visicom Media
05/27/2006 10:53 AM 875 AdobeDLM.log
07/11/2005 04:10 PM 62 desktop.ini
05/27/2006 10:53 AM 0 dm.ini
3 File(s) 937 bytes
45 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Documents and Settings\User\Local Settings\Application Data

07/11/2005 04:10 PM <DIR> .
07/11/2005 04:10 PM <DIR> ..
07/16/2005 06:18 PM <DIR> Adobe
03/04/2006 11:57 PM <DIR> Apple Computer
01/15/2006 04:47 PM <DIR> Google
08/23/2005 07:18 PM <DIR> Help
07/17/2005 07:50 PM <DIR> Identities
08/14/2007 09:35 PM <DIR> Logitech-LS
07/11/2005 04:10 PM <DIR> Microsoft
03/18/2006 10:05 PM <DIR> Mozilla
08/05/2005 08:12 AM <DIR> NewSoft
04/01/2006 05:43 PM <DIR> RcIncidents
07/16/2005 01:23 PM <DIR> Skype
11/15/2006 07:10 PM <DIR> Stardock
04/20/2007 07:39 PM <DIR> Thunderbird
03/25/2006 07:08 PM <DIR> WMTools Downloaded Files
07/11/2005 04:26 PM 74,240 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
07/13/2005 07:18 AM 43,104 GDIPFONTCACHEV1.DAT
12/02/2006 12:45 AM 5,863,276 IconCache.db
3 File(s) 5,980,620 bytes
16 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\WINDOWS\system32\config\systemprofile\Application Data

07/11/2005 04:05 PM <DIR> .
07/11/2005 04:05 PM <DIR> ..
07/11/2005 04:05 PM <DIR> Microsoft
07/11/2005 04:05 PM 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 17,650,409,472 bytes free
Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

07/11/2005 04:05 PM <DIR> .
07/11/2005 04:05 PM <DIR> ..
07/11/2005 04:05 PM <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 17,650,409,472 bytes free

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\A1DF315A9184B062.job
 k5$ŸôÔFŽîŽdÃi¬F Î <
> 4 c : \ d o c u m e ~ 1 \ u s e r \ a p p l i c ~ 1 \ e x i t g l u e \ b l e h f i l e e q . e x e  U s e r  H€  0 Ë   <  
******************************************
## Répertoires de C:\Program Files

Volume in drive C has no label.
Volume Serial Number is A4A6-8187

Directory of C:\Program Files

02/10/2008 06:46 PM <DIR> .
02/10/2008 06:46 PM <DIR> ..
07/19/2007 03:42 PM <DIR> Adobe
02/05/2006 07:18 PM <DIR> Alwil Software
12/16/2006 08:43 PM <DIR> Audacity
05/04/2006 07:37 PM <DIR> AVPersonal
08/24/2007 10:14 AM <DIR> BitComet
07/19/2007 03:10 PM <DIR> Bonjour
09/23/2006 01:58 PM <DIR> CamStudio
09/04/2005 11:52 AM <DIR> Canon
02/02/2008 01:03 PM <DIR> CCleaner
02/10/2008 07:07 PM <DIR> Common Files
12/28/2007 10:23 PM <DIR> DIFX
12/15/2007 08:05 PM <DIR> DivX
01/26/2008 10:54 PM <DIR> Dynex Wireless G Enhanced Adapter
01/20/2008 12:29 PM <DIR> e-anim701
01/20/2008 12:39 PM <DIR> EasyPHP1-8
01/19/2008 11:07 PM <DIR> Exolon
03/07/2007 04:04 PM <DIR> FileZilla
11/19/2005 08:16 PM <DIR> Freeze.com
02/03/2008 09:43 AM <DIR> Google
02/03/2008 09:11 PM <DIR> GtkRadiant 1.5.0
01/26/2008 11:35 AM <DIR> GtkRadiant-1.4
07/27/2007 05:10 PM <DIR> HardwareDetection
08/18/2007 12:17 PM <DIR> Hewlett-Packard
03/08/2006 06:25 PM <DIR> INAC
12/14/2007 06:38 PM <DIR> Internet Explorer
04/17/2006 08:22 PM <DIR> Jasc Software Inc
02/07/2008 07:27 PM <DIR> Java
06/16/2006 06:08 PM <DIR> JCalc
12/19/2005 05:51 PM <DIR> Kjzxhr
09/03/2006 08:12 PM <DIR> Lavasoft
02/18/2007 07:07 PM <DIR> LEGO Media
01/02/2008 04:14 PM <DIR> LimeWire
01/19/2008 09:07 AM <DIR> LocalCooling
08/18/2007 08:55 AM <DIR> Logitech
12/26/2007 11:16 PM <DIR> ma-config.com
08/17/2007 09:42 PM <DIR> ManyCam 2.1
09/03/2006 08:29 PM <DIR> Messenger
01/04/2008 08:04 PM <DIR> Messenger Plus! Live
01/20/2008 11:52 AM <DIR> MessengerPlus! 3
07/11/2005 04:28 PM <DIR> microsoft frontpage
07/11/2005 04:51 PM <DIR> Microsoft Office
06/11/2006 03:48 PM <DIR> Movie Maker
02/11/2008 06:23 PM <DIR> Mozilla Firefox
07/16/2007 10:25 AM <DIR> Mozilla Thunderbird
07/12/2005 05:56 PM <DIR> MSN
09/17/2006 07:29 PM <DIR> MSN Games
07/11/2005 03:55 PM <DIR> MSN Gaming Zone
01/04/2008 10:57 PM <DIR> MSN Messenger
07/23/2005 07:58 PM <DIR> MsnMusic
06/18/2006 07:54 PM <DIR> NetMeeting
12/09/2007 11:31 AM <DIR> NewSoft
12/27/2007 06:35 PM <DIR> NHN USA
09/25/2005 07:44 PM <DIR> Norton AntiVirus
03/03/2007 12:50 PM <DIR> Notepad++
08/17/2007 04:51 PM <DIR> Nvu
11/05/2006 09:44 PM <DIR> Octatec
05/28/2006 09:16 AM <DIR> Online Services
07/01/2006 09:26 AM <DIR> OpenLibraries
02/07/2008 07:30 PM <DIR> OpenOffice.org 2.3
06/14/2007 11:50 AM <DIR> Outlook Express
01/28/2006 08:16 PM <DIR> Panicware
05/23/2006 06:07 PM <DIR> PhotoFiltre
01/02/2007 07:46 PM <DIR> Project64 v1.5
01/19/2008 11:17 PM <DIR> psdriver
12/28/2007 10:24 PM <DIR> Pure Networks
05/21/2006 05:21 PM <DIR> QuickTime
01/13/2008 02:01 PM <DIR> RaGEZONE
01/10/2008 07:17 PM <DIR> RaGEZONE GunZ C4.7
09/29/2007 06:45 PM <DIR> Ref Hotkey
09/29/2007 11:50 AM <DIR> SanDisk
01/12/2008 12:48 PM <DIR> SlySoft
02/04/2008 10:22 AM <DIR> SnIco Edit
02/10/2008 04:03 PM <DIR> Spybot - Search & Destroy
05/22/2006 08:50 AM <DIR> Spyware Nuker 2004
09/25/2005 07:47 PM <DIR> Symantec
01/19/2008 09:08 AM <DIR> SystemRequirementsLab
06/24/2006 11:17 AM <DIR> TClock
11/20/2005 10:17 AM <DIR> The Weather Channel FW
01/19/2008 11:20 PM <DIR> themexp
01/07/2008 12:33 PM <DIR> TheTurtle
08/21/2007 03:20 PM <DIR> TRELLIAN
07/16/2007 10:25 AM <DIR> Tremulous
06/19/2006 01:58 PM <DIR> Virtools Web Player 3.0
09/03/2006 04:55 PM <DIR> Visicom Media
12/28/2007 04:35 PM <DIR> Voice Studio
07/24/2006 02:47 PM <DIR> Web Media Player
07/24/2006 02:45 PM <DIR> WebcamFirst Mail
07/24/2006 02:46 PM <DIR> WhoIs
01/04/2008 10:20 PM <DIR> Windows Live
09/29/2007 12:00 PM <DIR> Windows Media Player
04/09/2006 07:36 PM <DIR> Windows NT
03/24/2007 09:55 AM <DIR> WinRAR
12/17/2006 12:41 PM <DIR> WinZip
01/26/2008 11:35 AM <DIR> Wolfenstein - Enemy Territory
07/11/2005 04:01 PM <DIR> xerox
01/02/2007 10:00 PM <DIR> Zone Labs
0 File(s) 0 bytes
98 Dir(s) 17,650,470,912 bytes free

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.musiqueplus.com REG_BINARY
PopupMgr REG_SZ yes

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IPXX929Z.DEFAULT\HOSTPERM.1
host popup 1 codesauxcliques.com
host popup 1 www.masseurox.com
host popup 1 foud.piczo.com
host popup 1 www.jippii.fr
host popup 1 www.msntrucastuce.fr
host popup 1 darhan.be.cx
host popup 1 www.alalettre.com
host popup 1 www.maxicodes.com
host popup 1 www.gameplaymaniak.piczo.com
host popup 1 maxicodes.com
host popup 1 www.trafic-booster.com

******************************************
## Registre

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Amok film nurb meal REG_SZ ; C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
creative barb REG_SZ ; C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************

Celui de SREng

[CODE]

2008-02-11,18:49:22

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"> [(Verified)Check Point Software Technologies Ltd.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<CDBurn><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvurrrq]
<WinlogonNotify: wvurrrq><wvurrrq.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Amok film nurb meal><; C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe> [N/A]
<avast!><; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<avgnt><; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min> [N/A]
<BlockChecker><; C:\Program Files\Block Checker\block-checker.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<creative barb><; C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<errorhandler><; C:\WINDOWS\errorhandler.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<H005RPbFR><; ir4sock.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IESet><; IExplorer.dll .dbt> [N/A]
<LocalCooling><; "C:\Program Files\LocalCooling\localcooling.exe" -s> [N/A]
<nmapp><; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash> [N/A]
<nmctxth><; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"> [N/A]
<OrderReminder><; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PaSystem><; "C:\Program Files\pasystem\pasystem.exe"> [N/A]
<PopUpStopperFreeEdition><; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<QMusic2><; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"> [N/A]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<StorageProtector><; C:\Program Files\StorageProtector\SysRep.exe> [N/A]
<SunJavaUpdateSched><; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe> [N/A]
<TClock.exe><; C:\Program Files\TClock\tclock_install.exe> [N/A]
<TheTurtle><; C:\Program Files\TheTurtle\TheTurtle.exe> [N/A]
<updateMgr><; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<winupdates><; C:\Program Files\winupdates\winupdates.exe /auto> [N/A]
<{A4A68187-0513-1033-0519-031213200001}><; "C:\Program Files\Common Files\{A4A68187-0513-1033-0519-031213200001}\Update.exe" mc-110-12-0001634> [N/A]
<{A4A68187-0514-1033-0519-031213200001}><; "C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}\Update.exe" mc-110-12-0001634> [N/A]
<{A4A68187-0515-1033-0519-031213200001}><; "C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}\Update.exe" mc-110-12-0001634> [N/A]

==================================
Startup Folders
[Lancement rapide d'Adobe Reader]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
Services
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
/ Bonjour Service[Running/Auto Start]
<"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[Dynex Wireless G Enhanced Adapter Service / Dynex DX-WGPUSB WLService][Running/Auto Start]
<C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe><N/A>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Microsoft authenticate service / MsaSvc][Stopped/Auto Start]
<C:\WINDOWS\system32\msasvc.exe><N/A>
[Pure Networks Platform Service / nmservice][Running/Auto Start]
<"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"><Pure Networks, Inc.>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
Drivers
[Achernar - SCSI Command Filters / Achernar][Running/Boot Start]
<\SystemRoot\System32\Drivers\Achernar.sys><An Chen Computer Co., Ltd.>
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Aldebaran - SCSI Command Filters / Aldebaran][Running/Manual Start]
<\SystemRoot\System32\Drivers\Aldebaran.sys><An Chen Computer Co., Ltd.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[driverhardwarev2 / driverhardwarev2][Stopped/Manual Start]
<\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys><Ma-Config.com>
[ManyCam Virtual Webcam, WDM Video Capture Driver / ManyCam][Running/Manual Start]
<system32\DRIVERS\ManyCam.sys><>
[Eye Toy / ovt519][Stopped/Manual Start]
<System32\Drivers\ov519vid.sys><OmniVision Technologies, Inc.>
[Pure Networks Device Discovery Driver / pnarp][Running/Auto Start]
<system32\DRIVERS\pnarp.sys><Pure Networks, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Pure Networks Wireless Driver / purendis][Running/Auto Start]
<system32\DRIVERS\purendis.sys><Pure Networks, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Screaming Bee Audio / SCREAMINGBDRIVER][Stopped/Manual Start]
<system32\drivers\ScreamingBAudio.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[PC Camera (6029 CIF) / SNPP106][Running/Manual Start]
<system32\DRIVERS\snpp106.sys><>
[srescan / srescan][Running/Boot Start]
<\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[Scientific Atlanta USB Cable Modem Driver / USBCM][Stopped/Manual Start]
<system32\DRIVERS\Sacm2K.sys><>
[Vcs support / Vcs][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\Vcs.sys><N/A>
[vsdatant / vsdatant][Running/System Start]
<System32\vsdatant.sys><Zone Labs, LLC>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[GTNDIS5 NDIS Protocol Driver / GTNDIS5][Running/Manual Start]
<\??\C:\WINDOWS\system32\GTNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

==================================
Browser Add-ons
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll, BitComet>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[MessengerStatsClient Class]
{14B87622-7E19-4EA8-93B3-97215F77A6BC} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Macromedia, Inc.>
[Minesweeper Flags Class]
{2917297F-F02B-4B9D-81DF-494B6333150B} <C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
[WebGameLoader Class]
{3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} <C:\WINDOWS\Downloaded Program Files\ReflexiveWebGameLoader.dll, >
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[UnoCtrl Class]
{5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, Microsoft>
[ijjiPlugin2 Class]
{5F5F9FB8-878E-4455-95E0-F64B2314288A} <C:\WINDOWS\system32\ijjiPlugin2.dll, TODO: <Company name>>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[MessengerStatsClient Class]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[ZoneIntro Class]
{B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, Microsoft Corporation>
[MessengerStatsClient Class]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll, Microsoft Corporation>
[Virtools WebPlayer Class]
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} <C:\Program Files\Virtools Web Player 3.0\WebPlayer.ocx, Virtools SA>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[MSN Chat Control 4.5]
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} <C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx, Microsoft Corporation>
[Minesweeper Flags Class]
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MineSweeper.dll, Microsoft Corporation>
[Solitaire Showdown Class]
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} <C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll, Microsoft Corporation>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Macromedia, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll, BitComet>
[WebGameLoader Class]
{3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} <C:\WINDOWS\Downloaded Program Files\ReflexiveWebGameLoader.dll, >
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
{5C297360-90B6-4272-AA40-18A9F81A6101} <C:\WINDOWS\system32\gebyw.dll, N/A>
[ijjiPlugin2 Class]
{5F5F9FB8-878E-4455-95E0-F64B2314288A} <C:\WINDOWS\system32\ijjiPlugin2.dll, TODO: <Company name>>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[BMG3.LongTooth]
{8110581C-FEA4-47AC-ADBC-DE958DD0F354} <C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll, N/A>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
{BB134049-59AA-416B-9EA6-DFA29EB31DD6} <C:\WINDOWS\system32\gebyw.dll, N/A>
[]
{BD41F803-79B3-489A-A73F-EE769DDDFA26} <C:\WINDOWS\system32\gebyw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSDiscussionServers Class]
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[Virtools WebPlayer Class]
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} <C:\Program Files\Virtools Web Player 3.0\WebPlayer.ocx, Virtools SA>
[ijjiSetupCtrl1010 Class]
{C901354A-DFBC-4297-9BC2-22D499A916D5} <C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll, NHN USA>
[Java Plug-in 1.5.0_01]
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
{CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Contrôle de l'Assistant de connexion Windows Live]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[svchosts.cMapp_2F47968E9FBE]
{D3150260-5753-454D-9923-26CF37C6FECC} <C:\WINDOWS\system32\{D3150260-5753-454D-9923-26CF37C6FECC}.dll, N/A>
[&Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
[MSN Chat Control 4.5]
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} <C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx, Microsoft Corporation>
[MSN Chat Control 4.5 Settings]
{FA980E7E-9E44-4D2F-B3C2-9A5BE42525F8} <C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx, Microsoft Corporation>
[&D&ownload &with BitComet]
<res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&D&ownload all video with BitComet]
<res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&D&ownload all with BitComet]
<res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 656 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.5.0554.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1028 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1072 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1804 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1820 / User][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll] [Zone Labs, LLC, 7.0.337.000]
[C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll] [Zone Labs Inc., 5.3.017.000]
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing LP, 4.1 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Notepad++\nppcm.dll] [Burgaud.com, 1.2.1]
[C:\WINDOWS\system32\vstudiotm.dll] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03]
[C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03]
[C:\Program Files\OpenOffice.org 2.3\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
[C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1892 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 448 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\ZLhp1018.DLL] [Zenographics, Inc., 5, 53, 3726, 0]
[C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 592 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1]
[PID: 620 / SYSTEM][C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe] [N/A, ]
[PID: 680 / SYSTEM][C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe] [, 1, 0, 8, 4]
[C:\Program Files\Dynex Wireless G Enhanced Adapter\MFC42.DLL] [Microsoft Corporation, 6.00.9586.0]
[C:\Program Files\Dynex Wireless G Enhanced Adapter\ProcNICs.dll] [GemTek, 1, 0, 1, 0]
[C:\Program Files\Dynex Wireless G Enhanced Adapter\Broadcom.dll] [Gemtek Company, 1.1.5.67]
[C:\WINDOWS\system32\GTW32N50.DLL] [, 1.0.0.1]
[C:\Program Files\Dynex Wireless G Enhanced Adapter\GEMWEP.DLL] [, 1, 0, 0, 1]
[C:\Program Files\Dynex Wireless G Enhanced Adapter\Security.dll] [, 1, 0, 2, 8]
[C:\Program Files\Dynex Wireless G Enhanced Adapter\0008\AegisE5.dll] [Meetinghouse Data Communications, 3, 0, 2, 29]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 1204 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1424 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1740 / SYSTEM][C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe] [Pure Networks, Inc., 4.5.7274.0]
[C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll] [Pure Networks, Inc., 4.5.7324.0]
[C:\Program Files\Common Files\Pure Networks Shared\Platform\nmagnt.dll] [Pure Networks, Inc., 4.5.7324.0]
[C:\Program Files\Common Files\Pure Networks Shared\Platform\nmcore.dll] [Pure Networks, Inc., 4.5.7324.0]
[C:\Program Files\Common Files\Pure Networks Shared\Platform\nmrasv.dll] [Pure Networks, Inc., 4.5.7324.0]
[C:\WINDOWS\system32\dnssd.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\Program Files\Common Files\Pure Networks Shared\Platform\4.5.7324.0.nmcorePS.dll] [Pure Networks, Inc., 4.5.7324.0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[PID: 2120 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 2552 / User][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[PID: 2564 / User][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\WINMM.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
[C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 50, 0, 312]
[C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
[C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\devenum.dll] [, ]
[C:\WINDOWS\system32\quartz.dll] [, ]
[C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1]
[C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

1/

* Sélectionne le texte suivant :

Driver::
MsaSvc

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorhandler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaSystem]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0513-1033-0519-031213200001}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amok film nurb meal]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\creative barb]
[-HKCR\CLSID\{9AC54695-69A4-46F1-BE10-10C74F9520D5}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvurrrq]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Seoe"=-
"Tiqs"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amok film nurb meal"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"creative barb"=-

File::
C:\WINDOWS\Tasks\A1DF315A9184B062.job
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\msasvc.exe
C:\xlnjaw3o.sys
C:\WINDOWS\S2E57DA41.tmp
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\odjjvpmz.dllbox
C:\WINDOWS\system32\whlb32f.dll
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\WINDOWS\system32\cd.exe

Folder::
C:\Program Files\pasystem
C:\Program Files\winupdates
C:\Program Files\Common Files\{A4A68187-0513-1033-0519-031213200001}
C:\Documents and Settings\All Users\Application Data\heart wave amok film
C:\Documents and Settings\LocalService\Application Data\exitglue
C:\Documents and Settings\User\Application Data\exitglue
C:\Program Files\Kjzxhr

Dirlook::
C:\WINDOWS
C:\WINDOWS\system32


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Il faudra l'éditer en plusieurs fois car il va être très long. Coupe-le en plusieurs morceaux pour l'éditer.

2/ * Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,

* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\WINDOWS\Internet Logs\*.tmp
EmptyTemp


* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Teste ce fichier sur virustotal : C:\WINDOWS\system32\Drivers\Vcs.sys
Edite ces 3 rapports (Combofix, OTMoveIt, virustotal) ainsi qu'un nouveau rapport Hijackthis.

Si tu ne parviens pas à éditer ces rapports, tu peux me les expédier ici : wekmdlpe@trashmail.net

FillPCA
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Bonjour,

Tu n'a pas testé le ficiher avec Virustotal. Il me faut ce rapport.

1/ Edite ce rapport Virustotal.
2/ * Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\WINDOWS\system32\*.VIR
C:\WINDOWS\Internet Logs\*.tmp
EmptyTemp


* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ * Sélectionne le texte suivant :

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Tiqs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{A4A68187-0513-1033-0519-031213200001}"=-

RenV::
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder .exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\LocalCooling\localcooling .exe
C:\Program Files\MessengerPlus! 3\MsgPlus .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
C:\Program Files\Pure Networks\Network Magic\nmapp .exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\rlvknlg .exe

Folder::
C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

4/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

5/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

6/ Désactive temporairement ton antivirus.

7/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Panda.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

8/ Ré-active ton antivirus.

9/ Edite ces rapports :
Virustotal, OtMOveIt, Combofix, AVGantispyware, Panda et un nouveau rapport Hijackthis.

FillPCA
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009

Alors voilà désolé, j'étais très occupé cette semaine, néanmoins :

Voici le résultat de virustotal :


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.14.10 2008.02.13 -
AntiVir 7.6.0.65 2008.02.13 -
Authentium 4.93.8 2008.02.13 -
Avast 4.7.1098.0 2008.02.13 -
AVG 7.5.0.516 2008.02.13 -
BitDefender 7.2 2008.02.13 -
CAT-QuickHeal None 2008.02.13 -
ClamAV 0.92 2008.02.14 -
DrWeb 4.44.0.09170 2008.02.13 -
eSafe 7.0.15.0 2008.02.13 -
eTrust-Vet 31.3.5533 2008.02.13 -
Ewido 4.0 2008.02.13 -
FileAdvisor 1 2008.02.14 -
Fortinet 3.14.0.0 2008.02.13 -
F-Prot 4.4.2.54 2008.02.13 -
F-Secure 6.70.13260.0 2008.02.13 -
Ikarus T3.1.1.20 2008.02.14 -
Kaspersky 7.0.0.125 2008.02.14 -
McAfee 5229 2008.02.13 -
Microsoft 1.3204 2008.02.13 -
NOD32v2 2873 2008.02.13 -
Norman 5.80.02 2008.02.13 -
Panda 9.0.0.4 2008.02.14 -
Prevx1 V2 2008.02.14 -
Rising 20.31.10.00 2008.02.13 -
Sophos 4.26.0 2008.02.13 -
Sunbelt 2.2.907.0 2008.02.13 -
Symantec 10 2008.02.14 -
TheHacker 6.2.9.219 2008.02.13 -
VBA32 3.12.6.1 2008.02.14 -
VirusBuster 4.3.26:9 2008.02.13 -
Webwasher-Gateway 6.6.2 2008.02.13 -


Le résultat pour OTMoveIt2
[Custom Input]
< C:\WINDOWS\system32\*.VIR >
C:\WINDOWS\system32\bpcxcbny.VIR moved successfully.
C:\WINDOWS\system32\wvurrrq.dll.VIR moved successfully.
< C:\WINDOWS\Internet Logs\*.tmp >
File/Folder C:\WINDOWS\Internet Logs\*.tmp not found.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT02d38.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT02d3b.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 v1.0.19 log created on 02132008_175231



Celui de ComboFix:

ComboFix 08-02.05.3 - User 2008-02-13 18:25:29.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.347 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet optimizer\
C:\Program Files\toolbar888\
C:\WINDOWS\system32\rlvknlg.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-12 18:57 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-02-10 18:23 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-10 19:34 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
2008-02-02 13:02 . 2008-02-02 13:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 22:52 . 2008-01-26 22:54 <DIR> d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll
2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini
2008-01-26 10:55 . 2008-01-26 10:55 <DIR> d-------- C:\Documents and Settings\User\RadiantSettings
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\GtkRadiant-1.4
2008-01-20 16:29 . 2008-01-22 20:32 <DIR> d----c--- C:\vdp
2008-01-20 11:15 . 2008-01-20 11:20 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\Data
2008-01-19 12:08 . 2008-01-19 12:08 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-19 10:22 . 2008-01-19 10:26 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-01-19 10:08 . 2008-01-19 10:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 09:11 . 2008-01-19 09:11 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 09:08 . 2008-01-19 09:08 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-01-13 16:26 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-13 16:26 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-13 16:26 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-13 16:26 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-13 14:01 . 2008-01-13 14:01 <DIR> d-------- C:\Program Files\RaGEZONE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-10 21:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 16:15 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-01-05 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2008-01-05 01:04 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire
2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com
2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks
2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX
2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio
2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation
2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA
2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com
2007-12-21 04:05 --------- d-----w C:\Documents and Settings\User\Application Data\DivX
2007-12-16 01:05 --------- d-----w C:\Program Files\DivX
2007-10-20 15:39 5,457,434 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2006-06-24 13:46 0 -c-ha-w C:\Program Files\Toolbar888
2006-06-24 13:46 0 -c-ha-w C:\Program Files\Internet Optimizer
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>/code


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"H005RPbFR"="ir4sock.exe" []
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"{A4A68187-0514-1033-0519-031213200001}"="C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}\Update.exe" [ ]
"{A4A68187-0515-1033-0519-031213200001}"="C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}\Update.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

*Newly Created Service* - AVGASCLN
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 18:36:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-02-13 18:45:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 23:44:53
ComboFix2.txt 2008-02-13 00:26:42
ComboFix3.txt 2008-02-11 00:21:30
.
2008-02-13 22:52:59 --- E O F ---

Pour le reste des rapports, y'a-t-il moyen que je te l'envoie par e-mail car le fichier est assez volumineux ?
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Ton programme Zone Alarm semble touché.
1/ Télécharge la dernière version de ce logiciel.
2/ * Sélectionne le texte suivant :

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H005RPbFR"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=-
"{A4A68187-0514-1033-0519-031213200001}"=-
"{A4A68187-0515-1033-0519-031213200001}"=-

Folder::
C:\Program Files\Toolbar888
C:\Program Files\Internet Optimizer
C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}
C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}

Renv::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

Dir::
C:\Program Files\m


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

3/ Coupe la connexion Internet, en débranchant le câble si nécessaire.
4/ Désinstalle Zone alarm, redémarre le pc puis ré-installe-le.
5/ Reconnecte-toi.
6/ Edite le rapport Combofix, un rapport Hijackthis, le rapport AVGantispyware et le rapport Panda.

Pour les rapports, tu peux me les envoyer à cette adresse si tu ne parviens pas à les poster : mlzrzblp@trashmail.net

FillPCA
Messages postés
10493
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
1 janvier 2021
599
Bonjour FillPCA
Pour les rapports, tu peux me les envoyer à cette adresse si tu ne parviens pas à les poster : mlzrzblp@trashmail.net

Dommage, je ne pourrai plus suivre ce topic instructif. ;)
Merci d'avance.
Al

Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

J'éditerai les rapports si tu veux Al

FillPCA
Messages postés
10493
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
1 janvier 2021
599
Re,
Oui, merci
Exclusivement les points à retenir est déjà suffisant (avec l'origine-outil).

;)
Al.
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009

Dommage, je ne pourrai plus suivre ce topic instructif. ;)
Merci d'avance.
Al


Je ne savais pas que mon topic l'était :O !
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Salut,

Je transmets les rapports :

ComboFix 08-02-20.2 - User 2008-02-19 18:19:32.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.339 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-18 19:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-18 19:14 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-18 20:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-18 19:14 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-02-10 18:23 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-16 20:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
2008-02-02 13:02 . 2008-02-02 13:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 22:52 . 2008-02-18 19:56 <DIR> d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll
2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini
2008-01-26 10:55 . 2008-01-26 10:55 <DIR> d-------- C:\Documents and Settings\User\RadiantSettings
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\GtkRadiant-1.4
2008-01-20 16:29 . 2008-01-22 20:32 <DIR> d----c--- C:\vdp
2008-01-20 11:15 . 2008-01-20 11:20 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\Data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 00:48 --------- d-----w C:\Program Files\Bonjour
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com
2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks
2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX
2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio
2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation
2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA
2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com
2007-12-21 04:05 --------- d-----w C:\Documents and Settings\User\Application Data\DivX
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-20 15:39 5,457,434 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 18:26:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 18:29:42
ComboFix-quarantined-files.txt 2008-02-20 23:29:16
ComboFix2.txt 2008-02-13 23:45:06
ComboFix3.txt 2008-02-13 00:26:42
ComboFix4.txt 2008-02-11 00:21:30
.
2008-02-18 23:06:54 --- E O F ---

Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:24 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 2:17:23 PM 2/16/2008

+ Résultat de l'analyse:



HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\Common Files\Companion Wizard\compwiz.exe.vir -> Adware.Companion : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\Common Files\services.exe.vir -> Adware.Maxifiles : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\DNS\cwebpage.dll.vir -> Adware.Maxifiles : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Aucune action entreprise.
C:\Program Files\Toolbar888 -> Adware.Softomate : Aucune action entreprise.
C:\temp\Remover.exe -> Adware.Winad : Aucune action entreprise.
C:\_OTMoveIt\MovedFiles\02132008_175231\WINDOWS\system32\wvurrrq.dll.VIR -> Downloader.Small.hlr : Aucune action entreprise.
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP509\A0904571.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP511\A0907308.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32\rk.bin.vir -> Not-A-Virus.Adware.RK : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32\rlvknlg.exe.vir -> Not-A-Virus.Adware.RK : Aucune action entreprise.
:mozilla.261:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.154:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.122:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.214:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.215:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.216:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.217:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.219:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.153:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.206:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.101:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.102:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.104:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.98:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.99:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.267:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.222:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
C:\Documents and Settings\User\Cookies\user@auto.search.msn[1].txt -> TrackingCookie.Msn : Aucune action entreprise.
:mozilla.270:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
:mozilla.221:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revenue : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.197:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.198:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.199:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.200:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.207:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.195:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.183:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.184:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.185:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.186:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Documents and Settings\User\Application Data\Grisoft\AVG Antispyware 7.5\quarantine\resD62E5640.dat/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.0.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.11.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.15.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.19.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.20.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.1.20.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0 by Mad Max.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0 by SND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.2.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0 by SnD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.1.0 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.7.0.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.7.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.8 READ NFO by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.8.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0 by Embrace.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0 by Mad Max.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0 by SND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0 READ NFO by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.0.0 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.0.0 by Mad Max.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.1 WORKING by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.1 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.01 Cracked by DVT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.2 Regged by PARANOiA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.2.0 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.4 Regged by PARANOiA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.6 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.8 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.9 WORKING READ NFO by ZWT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.15 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.2.0 WORKING by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.0 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.1 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.2 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.3 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.4 by ZWT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Copy v1.0.3 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Duplicator v1.0 READ NFO by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Duplicator v1.01 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Duplicator v1.02 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 2.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 2.10 Regged-XMA0D.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 2.10.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 3.00.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 3.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 3.02.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.0 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.02 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.1 REGGED by PARANOiA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.1 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v2.01 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v2.10 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v3.00 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v3.01 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v3.02 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo cd ripper 3.14 patch rock.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavoaudiocdburnerv 2.0.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavoaudiocdripperv 2.1.20.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Law Dictionary v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower 2 v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v1.6 Plus 2 Trainer by POD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v1.6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 0 Plus 2 PROPER Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 0 Plus 2 PROPER Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 2 Plus 2 Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 2 Plus 2 Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2.0 Plus 1 Trainer by POD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LawnMower v1.4 Serial.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LawnTrac v1.0 PalmOS Cracked by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawnmonkey 2001 Deluxe Updated.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawtrust 2.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawtrust v2.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LawyerReckoning Expert v2.31 Russian.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawyerreckoning expert 2.31 urist raschet expert ru by tsrh.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawyerreckoning expert 2.31 urist raschet expert ru.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LayerManager Professional (LayMan Pro) 4.0 R2K for AutoCAD 2000.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layerman v4.1g For AutoCad And LT 2k4 2k5 German by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layerman v4.1g For AutoCad And LT 2k4 2k5 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager for AutoCAD v4.1h German.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager for AutoCAD v4.1h.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager v4.1g 060505 for AutoCAD GERMAN by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager v4.1g 060505 for AutoCAD by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layo PCB1 v8.05.9.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Laytik Magazine v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Laytik Platezki v2.12 Russian.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lazarus Registration DLL v1.0 by DYNAMiTE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LazyCat 1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LazyCat v1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LazyMail V1.0-Lz0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lcfmeter.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Le Gerant 2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Le traducteur Français-Espagnol.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Le traducteur anglais-français Français anglais.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lead Poster v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeadTools Video MCMP MJPEG Codec v1003.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leading Edge Robodialer 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools Dicom Read DirectShow 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools Dicom Write DirectShow 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools LEAD Capture And Convert 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools LEAD Capture And Convert v1.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools LEAD Capture and Convert v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafBreaks 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafChat v1.71.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafChat v1.761.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums 2.33.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.02.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.25 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.25.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafFX 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafLoops 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leafdigital LeafChat 1.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\League Maker 2000 v1.3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\League Maker 2000 v1.3.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\League Puzzle v2.0-IND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.3 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.4 by PH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap 4.60 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap 4.60 by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap Office 2000.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap'n'Croak v1.6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap-n-Croak v1.6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.4.602.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.5.610.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.6.612.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.6.613.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.0.48.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.2.470.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.61.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0 Serial.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0 by Damn.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0 by RAC.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0.550 Patch.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1 by Damn.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1 by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.560 Keygen by Orion.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.560 Keygen by Pain.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.580 Keygen.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.580 Patch.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.580.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2 NEW.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2 by Laxity.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2 by Noesis.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Crack by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Keygen by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Serial by DBC.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Serial by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Serial by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 by Blizzard.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.4.602 French by NEMROD34.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.4.602 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610 by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.6.612 Keygen.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.x.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.74.602 by MP2K.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.75 build 610.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.x Generic.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.x.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapftp 2.7.5.610 by rev.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapftp v2.74.602.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapin Lizards 1.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapin' Lizards 1.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 V3.0 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 V3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v2.1 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v2.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v3.0 Cracked French by RESET.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Play Guitar v3.0 E-book.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian 2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.3 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.3.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Japanese v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Japanese v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Russian v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Russian v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Simplified Chinese v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Simplified Chinese v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v1.01 Keygen Only-UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v1.01 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v1.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v2.0 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.2 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.2 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.3.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnFlash 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.04 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.05 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.052 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnWords v1.4 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnWords v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learning Cards v1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learning XML Second Edition - eBook.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learnit v1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaseTool v3.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaugeGen v1.0.1 Cracked-F4CG.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leave Me In Stitches v1.1.24.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LecBar 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder 4.24.040908.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.0.40040129 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2 Regged by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2 build 42040419.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2.040408 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2.040419 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.24.040908 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.24.040908.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LedManager v1.0 PalmOS Cracked by TBEPDA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LedSoft Desk Charts v2.02 by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v2.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v2.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v2.1.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.0.5 by Orion.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.0.5 by SC.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.26.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeechGet 2003 v1.0 build 1500 Final.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeechGet 2003 v1.0 build 1500+ Final.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeechGet 2004.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leesoft Postman v2.0.0 Silent Update.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leesoft Postman v2.0.0 by Orion.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leesoft Postman v2.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeetchFTP Bookmarks Revealer v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leetspeak 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy 2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy Family Tree 6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy Of Kain Defiance PLUS 3 TRAINER by PiZZADOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy of Kain Defiance.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy of Kain Soul Reaver.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N MDaemon Pro 8.0.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N MDaemon Pro 8.1.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N+ v2 CD-Crack.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Ball V 2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-E-Learning Driving Theory Test 2002-2003 UK Edition v2.1.4G.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Gen Silver's Crackme 1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio 4.0.5 Build 1845 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio 4.0.5 Build 1846 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.02 - 2.14 Plugins.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.2.879.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v3.0.1 build 1211.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v4.0.4 Build 1781 REGGED by CRD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-rec 1.5 stable tool by tsrh.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-rec 1.6 tool by tsrh.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N1 DVD Ripper Version 1.3.47.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N1 Sound Recorder v3.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAPOLEONS WAGRAM PLUS 2 TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAS Simulator v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASCAR 2003.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASCAR Heat.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASCAR v2.1 PalmOS Cracked by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA CRITIC v5.0.01.2005 LINUX by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA CRITIC v5.0.01.2005 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HANEX v5.0.01.2005 LINUX by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HANEX v5.0.01.2005 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HSIM v1.3.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HSIM v5.0.01.2005 LINUX by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HSIM v5.0.01.2005 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1062.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1066 Incl KeyGen-DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1068 Incl KeyGen-DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1068 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1010 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1010.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1012 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1012.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 build 4064.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.2 build 2072.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.4 build 4062 10-Apr-2002.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.4 build 4069.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v6.4.5 build 1096.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v6.4.5 build 1128.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v6.4.5 build 1130.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ build 4064.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.2 build 2072.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.4 build 4062 (10-Apr-2002).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.4 build 4069.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32e v1.7 build 1056.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATATA eBook Compiler Gold v2.2.1 Retail by TSRH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS IMAQ VISION V7.1 by RiSE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS IMAQ VISION V7.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS SIGNALEXPRESS V1.0 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS SIGNALEXPRESS V1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL LAMPOONS UNIVERSITY TYCOON PLUS 3 TRAINER by aSxDOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL LAMPOONS UNIVERSITY TYCOON PLUS 3 TRAINER.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATULA v3.0 Bilingual by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATULA v3.0 Bilingual.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATURA Sound Therapy v1.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAV Virus Definition Reviver 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVAL CAMPAIGNS GUADALCANAL TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVAL CAMPAIGNS GUADALCANAL V1.01 TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVISWORKS V3.6 by LND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVTEX Decoder v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA 2005.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA 2006.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA LIVE 2004 PLUS 10 TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA LIVE 2005 EA SPORTS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA LIVE 2006 CD-KEY.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2001.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 Cheats by FLTDOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 Cheats-FLTDOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 Trainer by DARKNeZZ.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 by Air Perical.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 Current Rosters v1.11.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 Plus 10 Trainer by MYTH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 V1.0.0.4 Plus 10 Trainer by MYTH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 by Myth.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 (6).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 Keygen.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 Plus 12 Trainer by HOODLUM.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 Plus 12 Trainer-HOODLUM.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 b.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 by Reloaded.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 c.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 d.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005(2).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005(3).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.

etc...
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

C'est mieux, mais AVGantispyware a été mal employé. Il est indiqué "aucune action entreprise".

1/
* Sélectionne le texte suivant :

RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe

Folder::
C:\Uploads

DirLook::
C:\Program Files\m


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Applique très exactement AVGantispyware ainsi :
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

Dans le rapport que tu sauvegadre, la mise en quarantaine doit apparaître.

3/ Edite le rapport Combofix, le rapport AVGantispyware et un nouveau rapport Hijackthis.

4/ Dis-moi comment le pc se porte.

FillPCA
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009

Salut !


ComboFix 08-02-20.2 - User 2008-02-22 18:33:37.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.267 [GMT -5:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Uploads
C:\Uploads\La Fabrica de Botones de Trellian 2.00.003.zip
C:\Uploads\La Farandole des Mots NEW.zip
C:\Uploads\La Farandole des Mots.zip
C:\Uploads\La Femme Plus v1.0 ARM PPC2002 Regged by COREPDA.zip
C:\Uploads\LawnMower v1.4 Keygen.zip
C:\Uploads\LB Workshop 4.4.5.zip
C:\Uploads\LB Workshop 4.5.0.zip
C:\Uploads\LB Workshop 4.6.zip
C:\Uploads\LB Workshop v4.0 by AvAtAr.zip
C:\Uploads\LB Workshop v4.0 by FFF.zip
C:\Uploads\LB Workshop v4.3.0 by iND.zip
C:\Uploads\LB Workshop v4.4.5 by iND.zip
C:\Uploads\LB Workshop v4.4.5 Regged by HERETiC.zip
C:\Uploads\LBC-Faktura Professional Edition 1.10.zip
C:\Uploads\LBM CustumPack 1.10.zip
C:\Uploads\LbMail v1.0 by LasH.zip
C:\Uploads\LbMail v1.0 by TNT.zip
C:\Uploads\LBZipper v1.0.25.zip
C:\Uploads\LBZipper v1.0.65.zip
C:\Uploads\LC3 - L0phtCrack 3 by FHCF.zip
C:\Uploads\LC3 (L0phtCrack) v3.02.zip
C:\Uploads\LC3 L0phtCrack 3.0.zip
C:\Uploads\LC3 L0phtCrack v3.02.zip
C:\Uploads\LC3 Password Auditing and Recovery v3.02.zip
C:\Uploads\LC4 4-00.zip
C:\Uploads\LC4 Password Auditing and Recovery v4.0.zip
C:\Uploads\LC4 v4.00 by N-GeN.zip
C:\Uploads\LC4 v4.00.zip
C:\Uploads\LC4.zip
C:\Uploads\LC5 L0phtCrack v5.00.zip
C:\Uploads\LC5 L0phtCrack v5.02 by Blizzard.zip
C:\Uploads\LC5 L0phtCrack v5.02 by FHCF.zip
C:\Uploads\LC5 L0phtCrack v5.04 by FSS.zip
C:\Uploads\LC5 L0phtCrack v5.04.zip
C:\Uploads\LCARS MediaPlayer 2.01.112.zip
C:\Uploads\LCARS MediaPlayer 2.01.119.zip
C:\Uploads\LCARS MediaPlayer 2.01.123.zip
C:\Uploads\LCARS MediaPlayer 2.01.124.zip
C:\Uploads\LCARS MediaPlayer 2.01.125.zip
C:\Uploads\TamoSoft CommView Remote Agent v1.1.43.zip
C:\Uploads\TamoSoft Essential NetTools v3.2.133.zip
C:\Uploads\Tangentbordstr ning v1.00.zip
C:\Uploads\Tangentbordstr300ning v1.00.zip
C:\Uploads\Tangentbordstraning 2.21.zip
C:\Uploads\Tangerine Connect v2.0.zip
C:\Uploads\Tangle v1.02 PalmOS Cracked by BLZPDA.zip
C:\Uploads\Tango 1.0.zip
C:\Uploads\Tango v1.0 by UnderPl.zip
C:\Uploads\Tangosol Coherence v2.4 by SHOCK.zip
C:\Uploads\Tangosol Coherence v2.4.zip
C:\Uploads\Tangosol Coherence v2.5.1 by SHOCK.zip
C:\Uploads\Tangram 2000 v1.0.zip
C:\Uploads\Tangram v1.0 PalmOS CRACKED by LCDPDA.zip
C:\Uploads\Tangram v3.0 PalmOS Cracked by BLZPDA.zip
C:\Uploads\Tangrams v2.01 for Pocket PC.zip
C:\Uploads\TAnimationFX v5.0 OCX.zip
C:\Uploads\Xilisoft MOV Converter 2.1.52.831b.zip
C:\Uploads\Xilisoft MOV Converter 2.1.55.1008b.zip
C:\Uploads\Xilisoft MOV Converter 2.1.55.1025b.zip
C:\Uploads\Xilisoft MOV Converter 2.1.55.1107b.zip
C:\Uploads\Xilisoft MOV Converter 2.1.55.1205b.zip
C:\Uploads\Xilisoft MOV Converter 2.1.59.0118b.zip
C:\Uploads\Xilisoft MOV Converter 2.1.59.0217b.zip
C:\Uploads\Xilisoft MOV Converter v2.1.59.0316b.zip
C:\Uploads\Xilisoft MP3 WAV Converter 1.0.10.920.zip
C:\Uploads\Xilisoft MP3 WAV Converter 1.0.15.1129.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.16.1212.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.21.201.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.22.228.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.32.310.zip
C:\Uploads\Xilisoft MP3 Wav Converter 2.0.32.329.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.34.406.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.35.415.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.35.511.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.0.36.727.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.1.41.922.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.1.42.1208.zip
C:\Uploads\Xilisoft MP3 WAV Converter 2.1.44.0111.zip
C:\Uploads\Xilisoft MP3 WAV Converter v2.1.46.0322b.zip
C:\Uploads\Xilisoft MP4 Converter 2.1.56.1213b.zip
C:\Uploads\Xilisoft MP4 Converter 2.1.57.1228b.zip
C:\Uploads\Xilisoft MP4 Converter 2.1.59.0206b.zip
C:\Uploads\Xilisoft MP4 Converter v2.1.59.0316b.zip
C:\Uploads\XiliSoft MPEG to DVD Converter 2.0.05.0221.zip
C:\Uploads\Xilisoft MPEG to DVD Converter v2.0.07.0317.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.45.519b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.46.609b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.50.714b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.50.728b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.52.831b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.54.915b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.54.922b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.55.1107b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.55.1220b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.59.0118b.zip
C:\Uploads\Xilisoft PSP Video Converter 2.1.59.0217b.zip
C:\Uploads\Xilisoft PSP Video Converter v2.1.59.0303b.zip
C:\Uploads\Xilisoft PSP Video Converter v2.1.59.0316b.zip
C:\Uploads\Xilisoft RM Converter 2.1.54.916b.zip
C:\Uploads\Xilisoft RM Converter 2.1.55.1008b.zip
C:\Uploads\Xilisoft RM Converter 2.1.55.1025b.zip
C:\Uploads\Xilisoft RM Converter 2.1.55.1107b.zip
C:\Uploads\Xilisoft RM Converter 2.1.55.1220b.zip
C:\Uploads\Xilisoft RM Converter 2.1.59.0118b.zip
C:\Uploads\Xilisoft RM Converter 2.1.59.0217b.zip
C:\Uploads\Xilisoft RM Converter v2.1.59.0316b.zip

.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-20 18:58 . 2008-02-22 18:53 1,034,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 18:58 . 2008-02-21 21:39 12,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 18:49 . 2008-02-20 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-20 18:45 . 2008-02-20 18:48 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-20 18:45 . 2008-02-20 18:45 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-20 18:45 . 2008-02-22 18:10 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-16 15:00 . 2008-02-16 15:00 <DIR> d-------- C:\Program Files\Jmgr.info
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-15 23:01 . 2008-02-15 23:01 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-15 22:56 . 2008-02-15 22:56 <DIR> d-------- C:\Program Files\RzGunz.com
2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp
2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-13 19:44 . 2008-02-20 19:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-02-13 18:16 . 2008-02-13 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-12 19:31 . 2008-02-12 20:46 <DIR> d----c--- C:\_OTMoveIt
2008-02-10 17:30 . 2008-02-10 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 17:28 . 2008-02-10 18:23 <DIR> d----c--- C:\SDFix
2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-07 19:36 . 2008-02-16 20:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2008-02-07 19:29 . 2008-02-07 19:30 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-04 10:22 . 2008-02-04 10:22 <DIR> d-------- C:\Program Files\SnIco Edit
2008-02-03 21:13 . 2008-02-03 21:13 <DIR> d-------- C:\Documents and Settings\User\Application Data\RadiantSettings
2008-02-03 21:08 . 2008-02-03 21:14 <DIR> d----c--- C:\gunzmap
2008-02-03 20:58 . 2008-02-03 21:11 <DIR> d-------- C:\Program Files\GtkRadiant 1.5.0
2008-02-02 13:02 . 2008-02-02 13:03 <DIR> d-------- C:\Program Files\CCleaner
2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-26 22:52 . 2008-02-18 19:56 <DIR> d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter
2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll
2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini
2008-01-26 10:55 . 2008-01-26 10:55 <DIR> d-------- C:\Documents and Settings\User\RadiantSettings
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-01-25 23:20 . 2008-01-26 11:35 <DIR> d-------- C:\Program Files\GtkRadiant-1.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour
2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++
2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer
2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer
2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger
2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling
2008-02-13 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 00:27 --------- d-----w C:\Program Files\Java
2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon
2008-02-03 14:43 --------- d-----w C:\Program Files\Google
2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8
2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701
2008-01-20 16:20 --------- d-----r C:\Documents and Settings\All Users\Application Data\Data
2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-20 04:20 --------- d-----w C:\Program Files\themexp
2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver
2008-01-20 04:11 --------- d--h--w C:\Program Files\m
2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon
2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab
2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE
2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe
2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft
2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7
2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle
2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame
2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live
2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire
2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com
2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks
2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX
2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio
2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX
2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation
2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA
2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com
2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe
2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe
.
[code]<pre>
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
</pre>[/code]

[color=red]Files Infected - Win32.Agent.zb[/color]
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\m ----

2006-01-21 08:53 3 --a--c--- C:\Program Files\m\AI_21-01-2006.log
2006-01-20 11:47 3 --a--c--- C:\Program Files\m\AI_20-01-2006.log
2006-01-19 08:28 3 --a--c--- C:\Program Files\m\AI_19-01-2006.log
2006-01-18 11:50 3 --a--c--- C:\Program Files\m\AI_18-01-2006.log
2006-01-17 10:36 3 --a--c--- C:\Program Files\m\AI_17-01-2006.log
2006-01-16 19:06 3 --a------ C:\Program Files\m\AI_16-01-2006.log
2006-01-15 10:02 3 --a------ C:\Program Files\m\AI_15-01-2006.log
2005-07-23 20:45 116882 --a--c--- C:\Program Files\m\data.bin


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184]
"PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ]
"LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\system32\ad.html
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"AntiVirService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17]
R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 18:53:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 19:08:07
ComboFix-quarantined-files.txt 2008-02-23 00:07:50
ComboFix2.txt 2008-02-20 23:29:44
ComboFix3.txt 2008-02-13 23:45:06
ComboFix4.txt 2008-02-13 00:26:42
ComboFix5.txt 2008-02-11 00:21:30
.
2008-02-22 23:23:20 --- E O F ---



À mon avis le test a bien marché puisqu'il ne l'est pas re-détecté puis les fichiers sont bien plaçés en quarantine :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 5:48:26 PM 2/17/2008

+ Résultat de l'analyse:



:mozilla.331:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.332:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.334:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.335:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.336:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.337:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.115:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.252:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.92:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.93:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.94:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.95:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.96:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.97:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.388:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.389:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.390:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.202:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.203:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.204:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.206:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.207:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.99:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.438:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.246:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.236:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.237:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.238:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.239:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.240:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.241:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.242:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.243:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.244:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.217:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.219:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.220:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.259:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.106:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.107:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.108:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.255:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.297:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.377:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.483:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.69:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.70:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.71:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.116:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.117:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.445:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
:mozilla.301:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.486:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.34:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.444:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.348:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.349:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.350:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.351:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé.
:mozilla.80:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.82:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.83:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.73:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.74:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.157:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.199:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.200:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.423:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.424:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.425:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.426:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:21 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Bonjour,

Une infection résiste.

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

2/
* Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

Edite ce rapport.

FillPCA
Messages postés
21
Date d'inscription
dimanche 10 février 2008
Statut
Membre
Dernière intervention
29 juin 2009

Salut voilà les rapports

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 01, 2008 4:03:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/03/2008
Kaspersky Anti-Virus database records: 592131
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 92782
Number of viruses found: 5
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 04:40:47

Infected Object Name / Virus Name / Last Action
C:\4b3a8ae29d4df862afbdaeb1\Forum\fond.jpg Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\fond.png Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_activate.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_send_email.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_welcome_activated.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_welcome_inactive.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\coppa_welcome_inactive.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_added.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_approved.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_request.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_aim.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_edit.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_email.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_icq_add.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_ip.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_msnm.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_pm.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_profile.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_quote.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_search.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_www.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_yim.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\index.htm Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\install.txt Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_admin.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_bbcode.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_faq.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_main.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\msg_newpost.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\post.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\privmsg_notify.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\profile_send_email.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\reply-locked.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\reply.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\search_stopwords.txt Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\search_synonyms.txt Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\topic_notify.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_activate.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_activate_passwd.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_welcome.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_welcome_inactive.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\ban.png Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\corps.png Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\footer.png Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\menu.png Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\placepub.png Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_activate.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_send_email.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_welcome_activated.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_welcome_inactive.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\coppa_welcome_inactive.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_added.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_approved.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_request.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_aim.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_edit.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_email.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_icq_add.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_ip.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_msnm.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_pm.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_profile.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_quote.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_search.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_www.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_yim.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\index.htm Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\install.txt Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_admin.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_bbcode.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_faq.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_main.php Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\msg_newpost.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\post.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\privmsg_notify.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\profile_send_email.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\reply-locked.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\reply.gif Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\search_stopwords.txt Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\search_synonyms.txt Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\topic_notify.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_activate.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_activate_passwd.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_welcome.tpl Object is locked skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_welcome_inactive.tpl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Desktop\backups\backup-20080209-222048-283.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT.LOG Object is locked skipped
C:\mti-hits.exe/data0004 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\mti-hits.exe NSIS: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gjvtckbi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ubiavlpc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vdmbyyxj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\catchme2008-02-10_191208.64.zip/odjjvpmz.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-10_191208.64.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP25\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\GHASSAN.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0816D07A-0344-4E5E-A277-84E1D843A59F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\BMG5.exe/{D3150260-5753-454D-9923-26CF37C6FECC}.dll Infected: Trojan.Win32.VB.aft skipped
C:\WINDOWS\system32\BMG5.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\BMG5.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\umrhco8d.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_98.dat Object is locked skipped
C:\WINDOWS\TEMP\ZLT07a01.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT07a04.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\02132008_175231\WINDOWS\system32\bpcxcbny.VIR Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

Scan process completed.




SDFix: Version 1.140

Run by Administrator on Sun 03/02/2008 at 11:34 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 11:54:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 17


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe"="C:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 8 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 22 Jan 2008 915,968 ...H. --- "C:\Program Files\RzGunz.com\Client 5\game.exe"
Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe"
Wed 11 Aug 2004 73,728 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!



Et un Hijackthis ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:07 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Si tu as un peu de temps ce soir, ce serait bien qu'on finisse car le nettoyage a commencé il y a longtemps et ce n'est jamais bon de nettoyer sur une longue période.

1/ Supprime ta version de combofix et télécharge celle-ci : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2/ * Sélectionne le texte suivant :

FILE::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini

RENV::
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

3/ Edite le rapport Combofix et dis-moi comment le pc se porte.

FillPCA