Énorme plantage suite à un erreur du système Résolu

Question

Bonjour,
   Mon ordinateur commence à connaître un certain problème dont il me cause beaucoup de problème, je vous explique le problème.
Environs tous les un quart d'heure, un message d'erreur apparaît :
***STOP: 0x000007B (0xF20184, 0x00000, 0xCC0034)***. Inaccessible handler or device. Click this balloon to fix the problem
Et lorsque je clique dessus, il me propose de telecharger un logiciel anti-virus de première vue tout en le payant -_- .  Et quand le message d'erreur apparaît mon ordi subit un énorme bug. 

Voici mon Hijackthis, si quelqu'n pourrait y voir quelque chose et y trouver une réponse, je lui en serait très reconnaissant. 

  Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:20 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform
msrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32	askmgr.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vhsugttdirwu.net/JEs/bwPpoESaFy_E9cxtDvyaurtsJjIDSEPR5hq/LV7y_xgylw0ao9eF2_Ui56Wb.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: (no name) - {0000DE80-AEC3-70C3-4176-CE509063E000} - (no file)
O2 - BHO: (no name) - {00534B55-3155-CA4F-B41D-0E922121D03C} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {10d5f100-b5d2-e53a-7c04-970c91cada76} - {67adac19-c079-40c7-a35e-2d5b001f5d01} - C:\WINDOWS\system32\vdmbyyxj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\odjjvpmz.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll                                                              .dbt
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IESet] IExplorer.dll                                                              .dbt
O4 - HKUS\S-1-5-18\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1
otepad.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\system32\WAUCLT~1.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Tiqs] C:\WINDOWS\system32\s?stem\?ttrib.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll                                                              .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1
otepad.exe" -vt ndrv (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\en8sl1l71.dll (file missing)
O20 - Winlogon Notify: odjjvpmz - C:\WINDOWS\SYSTEM32\odjjvpmz.dll
O20 - Winlogon Notify: wvurrrq - wvurrrq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform
msrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html

FillPCA · Answer

Salut,

Tu as même de la chance qu'il démarre.

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

2/     *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

3/ Edite les 2 rapports précédents et un rapport Hijackthis. Je regarde cela demain.

FillPCA

Foud35 · Answer

Merci beaucoup de ta réponse, les 2 rapports ont été fait les voici : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:29:59 PM, on 2/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\User\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Tiqs] C:\WINDOWS\system32\s?stem\?ttrib.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Seoe] "C:\WINDOWS\PPATCH~1\notepad.exe" -vt ndrv (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/ O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: wvurrrq - wvurrrq.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html - End of file - 7436 bytes SDFix: Version 1.140 Run by Administrator on Sun 02/10/2008 at 05:33 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: COM+ Messages Path: "C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001634 COM+ Messages - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing SharedAccess Service Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\FDECAREW.DLL - Deleted C:\WINDOWS\SYSTEM32\QDVIEWFE.DLL - Deleted C:\WINDOWS\SYSTEM32\RASWENRT.DLL - Deleted C:\WINDOWS\system32\tmpmpt1.tmp - Deleted C:\WINDOWS\system32\cmd.com - Deleted C:\WINDOWS\system32\cmnocfg.xml - Deleted C:\WINDOWS\system32\drivers\etc\hosts.tim - Deleted C:\WINDOWS\system32\explorer.exe - Deleted C:\WINDOWS\system32\ping.com - Deleted C:\WINDOWS\system32\regedit.com - Deleted C:\WINDOWS\system32\tasklist.com - Deleted C:\WINDOWS\system32\tracert.com - Deleted C:\WINDOWS\system32\unsvchosts.lzma - Deleted C:\WINDOWS\system32\zxdnt3d.cfg - Deleted C:\WINDOWS\Fonts\*.zip - 1 File(s) 637,944 bytes - Deleted C:\WINDOWS\Fonts\'\*.zip - 1 File(s) 637,945 bytes - Deleted Folder C:\Program Files\Ipwindows - Removed Folder C:\WINDOWS\Fonts\' - Removed Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 17:52:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 17 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\gymjlfga.exe"="C:\WINDOWS\system32\gym" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Fri 29 Dec 2006 1,056 A.SH. --- "C:\xlnjaw3o.sys" Sat 12 Jan 2008 24 ..SH. --- "C:\WINDOWS\S2E57DA41.tmp" Thu 26 Jan 2006 40,960 ..SH. --- "C:\Program Files\Common Files\services.exe" Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll" Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Sat 16 Aug 2003 579,584 A.SHR --- "C:\WINDOWS\system32\cd.exe" Sun 10 Feb 2008 20,612 ..SH. --- "C:\WINDOWS\system32\odjjvpmz.dllbox" Mon 27 Jun 2005 2,045 A..H. --- "C:\WINDOWS\system32\whlb32f.dll" Tue 8 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 25 Jun 2007 61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll" Tue 3 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe" Wed 11 Aug 2004 73,728 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe" Sun 21 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe" Fri 19 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe" Fri 19 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe" Tue 20 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe" Tue 23 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe" Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe" Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe" Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe" Mon 2 Dec 2002 431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe" Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe" Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Finished! ComboFix 08-02.05.3 - User 2008-02-10 18:43:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.421 [GMT -5:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\odjjvpmz.dll C:\Documents and Settings\All Users\Application Data\storageprotector C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user C:\Documents and Settings\User\Application Data\ASKS~1 C:\Documents and Settings\User\Application Data\CROSOF~1 C:\Documents and Settings\User\Application Data\FNTS~1 C:\Documents and Settings\User\Application Data\FNTS~2 C:\Documents and Settings\User\Application Data\ICROSO~1 C:\Documents and Settings\User\Application Data\MBOLS~1 C:\Documents and Settings\User\Application Data\PPATCH~1 C:\Documents and Settings\User\Application Data\RACLE~1 C:\Documents and Settings\User\Application Data\SKS~1 C:\Documents and Settings\User\Application Data\SKS~2 C:\Documents and Settings\User\Application Data\storageprotector C:\Documents and Settings\User\Application Data\storageprotector\Logs\update.log C:\Documents and Settings\User\Application Data\TSKS~1 C:\Documents and Settings\User\Application Data\WNSXS~1 C:\Documents and Settings\User\Application Data\YSTEM3~1 C:\Documents and Settings\User\My Documents\MBOLS~1 C:\Documents and Settings\User\My Documents\SSTEM3~1 C:\Documents and Settings\User\My Documents\STEM32~1 C:\Documents and Settings\User\Start Menu\Programs\Uninstall.lnk C:\Program Files\asks~1 C:\Program Files\Common Files\{34A68~1 C:\Program Files\Common Files\{34A68~1\toolbardll.lzma C:\Program Files\Common Files\{34A68~2 C:\Program Files\Common Files\{A4A68~1 C:\Program Files\Common Files\{A4A68~2 C:\Program Files\Common Files\{A4A68~3 C:\Program Files\Common Files\asembl~1 C:\Program Files\Common Files\asks~1 C:\Program Files\Common Files\companion wizard C:\Program Files\Common Files\companion wizard\compwiz.exe C:\Program Files\Common Files\ecurit~1 C:\Program Files\Common Files\icroso~1 C:\Program Files\Common Files\icroso~1.net C:\Program Files\Common Files\inetget C:\Program Files\Common Files\inetget\ C:\Program Files\Common Files\mbols~1 C:\Program Files\Common Files\mcroso~1 C:\Program Files\Common Files\mcroso~1.net C:\Program Files\Common Files\ppatch~1 C:\Program Files\Common Files\pppatc~1 C:\Program Files\Common Files\services.exe C:\Program Files\Common Files\smbols~1 C:\Program Files\Common Files\uninstall information C:\Program Files\Common Files\vcclient C:\Program Files\Common Files\vcclient\ClientUpdater.bat C:\Program Files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll C:\Program Files\Common Files\vcclient\temp.txt C:\Program Files\Common Files\vcclient\VCClient.exe.config C:\Program Files\Common Files\vcclient\VCUpdate.exe C:\Program Files\Common Files\vcclient\VCUpdate.exe.config C:\Program Files\Common Files\vcclient\Version.txt C:\Program Files\Common Files\wnsxs~1 C:\Program Files\crosof~1.net C:\Program Files\dns C:\Program Files\dns\affid.dat C:\Program Files\dns\cwebpage.dll C:\Program Files\dns\uid.dat C:\Program Files\dns\urls.dat C:\Program Files\dns\version.txt C:\Program Files\dns\x.bmp C:\Program Files\fnts~1 C:\Program Files\internet optimizer\ C:\Program Files\msupdate C:\Program Files\pasystem C:\Program Files\pasystem\support.dat C:\Program Files\pasystem\Uninstall.exe C:\Program Files\pscastor C:\Program Files\racle~1 C:\Program Files\screensavers.com C:\Program Files\sembly~1 C:\Program Files\sks~1 C:\Program Files\smbols~1 C:\Program Files\ssembl~1 C:\Program Files\stem~1 C:\Program Files\toolbar888\ C:\Program Files\windows C:\Program Files\winupdate C:\Program Files\winupdates C:\Program Files\wmplayer C:\Program Files\wnsxs~1 C:\Program Files\ymante~1 C:\Program Files\ystem~1 C:\WINDOWS\drsmartload.dat C:\WINDOWS\fnts~1 C:\WINDOWS\gimmygames.dat C:\WINDOWS\gimmygames101.dat C:\WINDOWS\gimmygames91.dat C:\WINDOWS\icroso~1 C:\WINDOWS\icroso~2 C:\WINDOWS\keyboard1.dat C:\WINDOWS\keyboard101.dat C:\WINDOWS\keyboard11.dat C:\WINDOWS\keyboard111.dat C:\WINDOWS\keyboard121.dat C:\WINDOWS\keyboard131.dat C:\WINDOWS\keyboard141.dat C:\WINDOWS\keyboard151.dat C:\WINDOWS\keyboard161.dat C:\WINDOWS\keyboard171.dat C:\WINDOWS\keyboard181.dat C:\WINDOWS\keyboard191.dat C:\WINDOWS\keyboard201.dat C:\WINDOWS\keyboard21.dat C:\WINDOWS\keyboard211.dat C:\WINDOWS\keyboard221.dat C:\WINDOWS\keyboard231.dat C:\WINDOWS\keyboard31.dat C:\WINDOWS\keyboard41.dat C:\WINDOWS\keyboard51.dat C:\WINDOWS\keyboard61.dat C:\WINDOWS\keyboard71.dat C:\WINDOWS\keyboard81.dat C:\WINDOWS\keyboard91.dat C:\WINDOWS\mbols~1 C:\WINDOWS\mcroso~1 C:\WINDOWS\ppatch~1 C:\WINDOWS\ppatch~1\??pPatch\ C:\WINDOWS\racle~1 C:\WINDOWS\racle~2 C:\WINDOWS\rising28.exe C:\WINDOWS\rising640.exe C:\WINDOWS\rising845.exe C:\WINDOWS\rising991.exe C:\WINDOWS\ssembl~1 C:\WINDOWS\system32\asks~1 C:\WINDOWS\system32\battyrun.dll C:\WINDOWS\system32\cplvaibu.ini C:\WINDOWS\system32\crosof~1.net C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\dobe~1 C:\WINDOWS\system32\dobe~2 C:\WINDOWS\system32\ecurit~1 C:\WINDOWS\system32\fnts~1 C:\WINDOWS\system32\gebyw.dll C:\WINDOWS\system32\gjvtckbi.dll C:\WINDOWS\system32\iexplorer.dll .dbt C:\WINDOWS\system32\mcroso~1.net C:\WINDOWS\system32\odjjvpmz.dll C:\WINDOWS\system32\odjjvpmz.dllbox C:\WINDOWS\system32\ppatch~1 C:\WINDOWS\system32\racle~1 C:\WINDOWS\system32\RCX3A.tmp C:\WINDOWS\system32\rk.bin C:\WINDOWS\system32\rlvknlg.exe C:\WINDOWS\system32\sfvqdhhn.ini C:\WINDOWS\system32\smante~1 C:\WINDOWS\system32\sstem~1 C:\WINDOWS\system32\stem32~1 C:\WINDOWS\system32\stera.log C:\WINDOWS\system32\ubiavlpc.dll C:\WINDOWS\system32\vdmbyyxj.dll C:\WINDOWS\system32\windows C:\WINDOWS\system32\winpfz32.sys C:\WINDOWS\system32\wnsxs~1 C:\WINDOWS\system32\wybeg.ini C:\WINDOWS\system32\wybeg.ini2 C:\WINDOWS\winsysupd1.dat C:\WINDOWS\winsysupd101.dat C:\WINDOWS\winsysupd111.dat C:\WINDOWS\winsysupd121.dat C:\WINDOWS\winsysupd21.dat C:\WINDOWS\winsysupd31.dat C:\WINDOWS\winsysupd41.dat C:\WINDOWS\winsysupd51.dat C:\WINDOWS\winsysupd61.dat C:\WINDOWS\winsysupd71.dat C:\WINDOWS\ystem~1 C:\WINDOWS\ystem3~1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_FOPN -------\LEGACY_NPF -------\LEGACY_VSPF -------\LEGACY_VSPF_HK ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) . 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-02-10 18:23 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-10 17:09 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 2008-02-02 13:02 . 2008-02-02 13:03 d-------- C:\Program Files\CCleaner 2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 22:52 . 2008-01-26 22:54 d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll 2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD 2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini 2008-01-26 10:55 . 2008-01-26 10:55 d-------- C:\Documents and Settings\User\RadiantSettings 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\Wolfenstein - Enemy Territory 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\GtkRadiant-1.4 2008-01-20 16:29 . 2008-01-22 20:32 d----c--- C:\vdp 2008-01-20 11:15 . 2008-01-20 11:20 dr------- C:\Documents and Settings\All Users\Application Data\Data 2008-01-19 12:08 . 2008-01-19 12:08 d---s---- C:\Documents and Settings\Administrator\UserData 2008-01-19 10:22 . 2008-01-19 10:26 d-------- C:\Documents and Settings\Administrator\Contacts 2008-01-19 10:08 . 2008-01-19 10:08 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 09:11 . 2008-01-19 09:11 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2008-01-19 09:08 . 2008-01-19 09:08 d-------- C:\Program Files\SystemRequirementsLab 2008-01-13 16:26 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-13 16:26 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-13 16:26 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-13 16:26 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-13 14:01 . 2008-01-13 14:01 d-------- C:\Program Files\RaGEZONE 2008-01-12 15:56 . 2008-01-12 15:56 20,480 --a------ C:\WINDOWS\quit.exe 2008-01-12 12:56 . 2008-01-12 18:39 24 ---hs---- C:\WINDOWS\S2E57DA41.tmp 2008-01-12 12:48 . 2008-01-12 12:48 d-------- C:\Program Files\SlySoft 2008-01-11 19:54 . 2008-01-19 08:57 d-------- C:\Documents and Settings\User\Application Data\SystemRequirementsLab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-10 21:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-09 04:18 103,936 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-07 00:43 800,768 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp 2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-27 03:00 1,920,512 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:52 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-20 02:26 --------- d-----w C:\Documents and Settings\User\Application Data\exitglue 2008-01-20 02:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\heart wave amok film 2008-01-19 14:07 --------- d-----w C:\Program Files\LocalCooling 2008-01-19 12:58 133,120 ----a-w C:\WINDOWS\Internet Logs\xDB43D.tmp 2008-01-19 12:58 1,861,632 ----a-w C:\WINDOWS\Internet Logs\xDB43E.tmp 2008-01-18 01:33 1,854,976 ----a-w C:\WINDOWS\Internet Logs\xDB3053.tmp 2008-01-18 01:33 1,336,320 ----a-w C:\WINDOWS\Internet Logs\xDB2E60.tmp 2008-01-18 00:42 1,849,344 ----a-w C:\WINDOWS\Internet Logs\xDB2E59.tmp 2008-01-17 01:22 508,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe 2008-01-16 22:13 508,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp 2008-01-14 01:07 1,831,936 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp 2008-01-13 23:39 1,830,400 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp 2008-01-13 20:07 1,834,496 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp 2008-01-13 15:59 50,176 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp 2008-01-13 15:24 1,806,336 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp 2008-01-12 23:51 378,880 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp 2008-01-12 23:05 728,576 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp 2008-01-12 22:40 2,988,032 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp 2008-01-12 22:40 1,795,584 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 16:15 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-01-05 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer 2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-05 04:18 2,905,600 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp 2008-01-05 03:57 --------- d-----w C:\Program Files\MSN Messenger 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2008-01-05 01:04 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire 2008-01-02 19:44 369,664 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp 2008-01-02 19:44 1,688,576 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp 2007-12-31 23:48 1,644,032 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp 2007-12-31 23:48 1,092,096 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp 2007-12-31 18:29 1,624,576 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp 2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com 2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks 2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX 2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared 2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks 2007-12-29 03:12 77,824 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp 2007-12-29 01:56 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp 2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio 2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire 2007-12-28 05:08 1,584,640 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp 2007-12-28 05:08 1,020,416 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp 2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation 2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA 2007-12-27 05:21 1,548,800 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp 2007-12-27 05:21 1,158,144 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp 2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com 2007-12-26 19:25 1,528,832 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp 2007-12-26 19:25 1,222,656 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp 2007-12-24 23:09 2,085,888 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp 2007-12-24 23:09 1,519,616 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp 2007-12-24 05:18 1,522,688 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp 2007-12-23 23:39 230,400 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp 2007-12-23 23:39 1,516,032 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp 2007-12-23 04:50 403,456 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp 2007-12-22 20:54 137,728 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp 2007-12-22 06:03 2,945,024 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp 2007-12-21 04:05 --------- d-----w C:\Documents and Settings\User\Application Data\DivX 2007-12-16 01:05 --------- d-----w C:\Program Files\DivX 2007-12-14 00:42 1,482,240 -c--a-w C:\WINDOWS\Internet Logs\xDB70.tmp 2007-12-12 02:16 2,757,632 -c--a-w C:\WINDOWS\Internet Logs\xDB6F.tmp 2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-12-09 15:39 862,208 -c--a-w C:\WINDOWS\Internet Logs\xDB6D.tmp 2007-12-09 15:39 1,467,392 -c--a-w C:\WINDOWS\Internet Logs\xDB6E.tmp 2007-12-08 03:37 3,501,056 -c--a-w C:\WINDOWS\Internet Logs\xDB6B.tmp 2007-12-08 03:37 1,449,472 -c--a-w C:\WINDOWS\Internet Logs\xDB6C.tmp 2007-11-19 01:55 1,346,560 -c--a-w C:\WINDOWS\Internet Logs\xDB6A.tmp 2007-11-17 04:29 509,440 -c--a-w C:\WINDOWS\Internet Logs\xDB69.tmp 2007-11-16 01:01 52,736 -c--a-w C:\WINDOWS\Internet Logs\xDB67.tmp 2007-11-16 01:01 1,278,464 -c--a-w C:\WINDOWS\Internet Logs\xDB68.tmp 2007-11-15 02:39 427,008 -c--a-w C:\WINDOWS\Internet Logs\xDB66.tmp 2007-11-11 05:55 722,944 -c--a-w C:\WINDOWS\Internet Logs\xDB63.tmp 2007-11-11 05:55 2,227,712 -c--a-w C:\WINDOWS\Internet Logs\xDB64.tmp 2007-11-11 05:54 2,227,712 -c--a-w C:\WINDOWS\Internet Logs\xDB65.tmp 2007-11-10 04:37 2,226,688 -c--a-w C:\WINDOWS\Internet Logs\xDB62.tmp 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe 2003-08-16 18:56 579,584 --sha-r C:\WINDOWS\system32\cd.exe . [code]

----a-w           307,200 2008-01-09 22:30:10  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            79,224 2008-01-14 02:48:09  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w           451,896 2008-01-09 22:29:57  C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth .exe
----a-w            98,304 2008-01-09 22:29:57  C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder .exe
----a-w            36,975 2008-01-09 22:29:39  C:\Program Files\Java\jre1.5.0_01\bin\jusched .exe
----a-w            36,975 2008-01-09 01:12:07  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w         2,056,875 2008-01-13 17:28:16  C:\Program Files\LocalCooling\localcooling .exe
----a-w           190,024 2008-01-20 16:13:32  C:\Program Files\MessengerPlus! 3\MsgPlus .exe
----a-w         5,674,352 2008-01-05 01:05:02  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w           536,576 2008-01-09 22:30:11  C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
----a-w           451,896 2008-01-09 22:29:59  C:\Program Files\Pure Networks\Network Magic\nmapp .exe
----a-w            57,344 2008-01-13 16:04:07  C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe
----a-w         5,724,184 2008-01-20 02:12:44  C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w           919,280 2008-01-20 16:21:59  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w           508,928 2008-01-17 01:22:45  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w            15,360 2008-01-20 16:12:31  C:\WINDOWS\system32\ctfmon .exe
----a-w         1,622,016 2008-01-13 16:04:02  C:\WINDOWS\system32\rlvknlg .exe

/code ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe" [2008-01-20 11:21 919280] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Seoe"="C:\WINDOWS\PPATCH~1\notepad.exe" [ ] "Tiqs"="C:\WINDOWS\system32\s?stem\?ttrib.exe" [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvurrrq] wvurrrq.dll [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amok film nurb meal] C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] --a--c--- 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlockChecker] C:\Program Files\Block Checker\block-checker.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\creative barb] C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorhandler] C:\WINDOWS\errorhandler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H005RPbFR] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IESet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling] C:\Program Files\LocalCooling\localcooling.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaSystem] C:\Program Files\pasystem\pasystem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QMusic2] C:\Program Files\BenQ\QMusic2\QMAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageProtector] C:\Program Files\StorageProtector\SysRep.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe] C:\Program Files\TClock\tclock_install.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates] C:\Program Files\winupdates\winupdates.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0513-1033-0519-031213200001}] C:\Program Files\Common Files\{A4A68187-0513-1033-0519-031213200001}\Update.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0514-1033-0519-031213200001}] C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}\Update.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0515-1033-0519-031213200001}] C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}\Update.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S2 MsaSvc;Microsoft authenticate service;C:\WINDOWS\system32\msasvc.exe [] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] . Contents of the 'Scheduled Tasks' folder "2008-02-11 00:00:01 C:\WINDOWS\Tasks\A1DF315A9184B062.job" - c:\docume~1\user\applic~1\exitglue\bleh file eq.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 19:12:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\Program Files\WinRAR\rarext.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Completion time: 2008-02-10 19:21:30 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-11 00:21:22 . 2008-02-10 19:30:19 --- E O F --- J'espère que toutes les procédures ont été bien fait, merci d'avance de ton aide.

FillPCA · Answer

Salut,

Il faut toujours faire Hijackthis en dernier, ce qui permet de faire l'état des lieux suite au passage des outils de nettoyage. Il en reste encore énormément.

1/     *  Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
          o afficher les fichiers et dossiers cachés,
          o décocher "masquer les extensions des fichiers dont le type est connu",
          o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

2/     *  Peux-tu tester ceci : C:\Program Files\MSN Messenger\winmm.dll
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

Fais la même chose avec ces fichiers :
C:\Program Files\Windows Live\Messenger\winmm.dll

et

C:\WINDOWS\system32\cd.exe

2/ Merci à Lazzzy

    * Télécharger lopxpMH : http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
    * Dézippe-le au moyen d'un clic droit et extrais-le sur le bureau.
    * Edite le rapport généré.

3/ # Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

4/ Edite ces 5 rapports (rapports virustotal, LopXPMH2, SREng) et un nouveau rapport Hijackthis.

FillPCA

Foud35 · Answer

Salut, je te remercie de ta réponse et du temps accorder Voila les rapports : Celui de virustotal : C:\Program Files\MSN Messenger\winmm.dll Rapport : Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.2.12.10 2008.02.11 - AntiVir 7.6.0.62 2008.02.11 - Authentium 4.93.8 2008.02.11 - Avast 4.7.1098.0 2008.02.11 - AVG 7.5.0.516 2008.02.11 - BitDefender 7.2 2008.02.12 - CAT-QuickHeal None 2008.02.11 - ClamAV 0.92 2008.02.11 - DrWeb 4.44.0.09170 2008.02.11 - eSafe 7.0.15.0 2008.02.11 - eTrust-Vet 31.3.5529 2008.02.11 - Ewido 4.0 2008.02.11 - FileAdvisor 1 2008.02.12 - Fortinet 3.14.0.0 2008.02.11 - F-Prot 4.4.2.54 2008.02.11 - F-Secure 6.70.13260.0 2008.02.11 - Ikarus T3.1.1.20 2008.02.11 - Kaspersky 7.0.0.125 2008.02.12 - McAfee 5227 2008.02.11 - Microsoft 1.3204 2008.02.11 - NOD32v2 2866 2008.02.11 - Norman 5.80.02 2008.02.11 - Panda 9.0.0.4 2008.02.11 - Prevx1 V2 2008.02.12 - Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.11 - Sunbelt 2.2.907.0 2008.02.09 - Symantec 10 2008.02.11 - TheHacker 6.2.9.217 2008.02.11 - VBA32 3.12.6.0 2008.02.11 - VirusBuster 4.3.26:9 2008.02.11 - Webwasher-Gateway 6.6.2 2008.02.11 - Pour C:\Program Files\Windows Live\Messenger\winmm.dll AhnLab-V3 2008.2.12.10 2008.02.11 - AntiVir 7.6.0.62 2008.02.11 - Authentium 4.93.8 2008.02.11 - Avast 4.7.1098.0 2008.02.11 - AVG 7.5.0.516 2008.02.11 - BitDefender 7.2 2008.02.12 - CAT-QuickHeal None 2008.02.11 - ClamAV 0.92 2008.02.11 - DrWeb 4.44.0.09170 2008.02.11 - eSafe 7.0.15.0 2008.02.11 - eTrust-Vet 31.3.5529 2008.02.11 - Ewido 4.0 2008.02.11 - FileAdvisor 1 2008.02.12 - Fortinet 3.14.0.0 2008.02.11 - F-Prot 4.4.2.54 2008.02.11 - F-Secure 6.70.13260.0 2008.02.11 - Ikarus T3.1.1.20 2008.02.11 - Kaspersky 7.0.0.125 2008.02.12 - McAfee 5227 2008.02.11 - Microsoft 1.3204 2008.02.11 - NOD32v2 2866 2008.02.11 - Norman 5.80.02 2008.02.11 - Panda 9.0.0.4 2008.02.11 - Prevx1 V2 2008.02.12 - Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.11 - Sunbelt 2.2.907.0 2008.02.09 - Symantec 10 2008.02.11 - TheHacker 6.2.9.217 2008.02.11 - VBA32 3.12.6.0 2008.02.11 - VirusBuster 4.3.26:9 2008.02.11 - Webwasher-Gateway 6.6.2 2008.02.11 - Et pour C:\WINDOWS\system32\cd.exe Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.2.12.10 2008.02.11 - AntiVir 7.6.0.62 2008.02.11 - Authentium 4.93.8 2008.02.11 - Avast 4.7.1098.0 2008.02.11 - AVG 7.5.0.516 2008.02.11 - BitDefender 7.2 2008.02.12 - CAT-QuickHeal None 2008.02.11 - ClamAV 0.92 2008.02.11 - DrWeb 4.44.0.09170 2008.02.11 - eSafe 7.0.15.0 2008.02.11 - eTrust-Vet 31.3.5529 2008.02.11 - Ewido 4.0 2008.02.11 - FileAdvisor 1 2008.02.12 - Fortinet 3.14.0.0 2008.02.11 - F-Prot 4.4.2.54 2008.02.11 - F-Secure 6.70.13260.0 2008.02.11 - Ikarus T3.1.1.20 2008.02.11 - Kaspersky 7.0.0.125 2008.02.12 - McAfee 5227 2008.02.11 - Microsoft 1.3204 2008.02.11 - NOD32v2 2866 2008.02.11 - Norman 5.80.02 2008.02.11 - Panda 9.0.0.4 2008.02.11 - Prevx1 V2 2008.02.12 Generic.Malware Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.11 - Sunbelt 2.2.907.0 2008.02.09 - Symantec 10 2008.02.11 - TheHacker 6.2.9.217 2008.02.11 - VBA32 3.12.6.0 2008.02.11 suspected of Backdoor.XiaoBird.31 VirusBuster 4.3.26:9 2008.02.11 - Webwasher-Gateway 6.6.2 2008.02.11 Win32.Malware.gen!88 (suspicious) Rapport lopxpMH2 version 2.0 fait à 18:54:56.37 le Mon 02/11/2008 C:\Documents and Settings\User\Desktop\lopxpMH2 ****************************************** ## Répertoires Application Data Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\Administrator\Application Data 01/13/2008 03:10 PM . 01/13/2008 03:10 PM .. 01/19/2008 12:08 PM Macromedia 01/13/2008 03:10 PM Microsoft 01/19/2008 10:07 AM Mozilla 01/19/2008 10:08 AM Talkback 01/13/2008 03:10 PM 62 desktop.ini 1 File(s) 62 bytes 6 Dir(s) 17,650,475,008 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\Administrator\Local Settings\Application Data 01/13/2008 03:10 PM . 01/13/2008 03:10 PM .. 01/13/2008 03:10 PM Microsoft 01/19/2008 10:07 AM Mozilla 01/19/2008 10:09 AM 42,288 GDIPFONTCACHEV1.DAT 01/13/2008 03:26 PM 3,712,656 IconCache.db 2 File(s) 3,754,944 bytes 4 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\All Users\Application Data 07/11/2005 11:28 AM . 07/11/2005 11:28 AM .. 05/27/2006 11:01 AM Adobe 03/04/2006 11:51 PM Apple Computer 01/20/2008 11:15 AM Data 07/26/2007 11:42 AM ENJOY Plus! 07/25/2007 05:28 PM FLEXnet 09/12/2006 06:07 PM Google 08/29/2005 02:15 PM heart wave amok film 08/28/2005 05:39 PM Messenger Plus! 07/11/2005 11:28 AM Microsoft 03/25/2006 05:21 PM muvee Technologies 08/05/2005 07:58 AM Newsoft 12/28/2007 09:32 PM Pure Networks 01/19/2008 09:11 AM SalesMon 01/05/2008 11:09 AM Someplayer 12/02/2006 11:18 PM Spybot - Search & Destroy 08/14/2005 01:07 PM Symantec 12/31/2007 06:25 PM TEMP 08/14/2005 02:28 PM Ulead Systems 07/23/2005 08:49 PM vidctrl 07/12/2006 10:30 AM Windows Genuine Advantage 01/04/2008 10:20 PM WLInstaller 01/12/2008 06:38 PM 41 .zreglib 05/27/2006 03:19 PM 305 addr_file.html 07/11/2005 11:29 AM 62 desktop.ini 03/05/2006 11:58 AM 1,377 QTSBandwidthCache 4 File(s) 1,785 bytes 23 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\Default User\Application Data 07/11/2005 11:28 AM . 07/11/2005 11:28 AM .. 07/11/2005 11:28 AM Microsoft 07/11/2005 11:29 AM 62 desktop.ini 1 File(s) 62 bytes 3 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\Default User\Local Settings\Application Data 07/11/2005 11:29 AM . 07/11/2005 11:29 AM .. 07/11/2005 04:00 PM Microsoft 0 File(s) 0 bytes 3 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\LocalService\Application Data 07/11/2005 04:09 PM . 07/11/2005 04:09 PM .. 09/15/2005 05:51 PM exitglue 09/15/2005 06:02 PM Macromedia 07/11/2005 04:09 PM Microsoft 12/28/2007 04:28 PM Xfire 0 File(s) 0 bytes 6 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\LocalService\Local Settings\Application Data 07/11/2005 04:09 PM . 07/11/2005 04:09 PM .. 07/11/2005 04:09 PM Microsoft 0 File(s) 0 bytes 3 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\NetworkService\Application Data 07/11/2005 04:07 PM . 07/11/2005 04:07 PM .. 07/11/2005 04:07 PM Microsoft 0 File(s) 0 bytes 3 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\NetworkService\Local Settings\Application Data 07/11/2005 04:07 PM . 07/11/2005 04:07 PM .. 07/11/2005 04:07 PM Microsoft 0 File(s) 0 bytes 3 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\User\Application Data 07/11/2005 04:10 PM . 07/11/2005 04:10 PM .. 04/13/2006 12:12 PM Adobe 05/27/2006 11:27 AM AdobeUM 03/04/2006 11:57 PM Apple Computer 09/29/2007 11:59 AM ArcSoft 09/16/2005 05:11 PM Block Checker 09/18/2005 05:10 PM Canon 04/17/2006 02:33 PM Dev-Cpp 12/15/2007 08:06 PM DivX 07/26/2007 11:42 AM ENJOY Plus! 09/16/2005 05:16 PM exitglue 01/12/2006 08:05 PM Google 03/25/2007 10:57 AM GreatMemo 10/01/2005 05:26 PM Help 07/04/2007 09:34 PM ijjigame 04/17/2006 08:24 PM Jasc 09/03/2006 08:12 PM Lavasoft 09/17/2006 07:26 PM Leadertech 07/27/2007 05:09 PM ma-config.com 09/16/2005 05:11 PM Macromedia 04/10/2007 05:48 PM MailFrontier 07/11/2005 04:10 PM Microsoft 03/18/2006 10:04 PM Mozilla 07/12/2005 05:57 PM MSNInstaller 12/27/2007 06:45 PM NHN Corporation 03/18/2006 09:53 PM Notepad++ 01/27/2007 09:44 AM Nvu 02/07/2008 07:36 PM OpenOffice.org2 02/03/2008 09:13 PM RadiantSettings 10/16/2006 03:11 PM Real 01/22/2006 10:00 AM Registry Cleaner 11/16/2007 11:04 PM Screaming Bee 03/08/2007 01:45 PM Screenshot Sender 05/20/2006 11:49 AM Sixthviewblue 01/05/2008 11:15 AM Someplayer 07/19/2005 11:11 AM Sun 08/14/2005 01:08 PM Symantec 10/05/2006 05:45 PM System Requirements Lab 01/11/2008 07:54 PM SystemRequirementsLab 05/23/2006 07:24 PM Talkback 04/09/2006 05:42 PM teamspeak2 04/20/2007 07:39 PM Thunderbird 08/14/2005 02:30 PM Ulead Systems 06/30/2006 02:04 PM Visicom Media 05/27/2006 10:53 AM 875 AdobeDLM.log 07/11/2005 04:10 PM 62 desktop.ini 05/27/2006 10:53 AM 0 dm.ini 3 File(s) 937 bytes 45 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Documents and Settings\User\Local Settings\Application Data 07/11/2005 04:10 PM . 07/11/2005 04:10 PM .. 07/16/2005 06:18 PM Adobe 03/04/2006 11:57 PM Apple Computer 01/15/2006 04:47 PM Google 08/23/2005 07:18 PM Help 07/17/2005 07:50 PM Identities 08/14/2007 09:35 PM Logitech-LS 07/11/2005 04:10 PM Microsoft 03/18/2006 10:05 PM Mozilla 08/05/2005 08:12 AM NewSoft 04/01/2006 05:43 PM RcIncidents 07/16/2005 01:23 PM Skype 11/15/2006 07:10 PM Stardock 04/20/2007 07:39 PM Thunderbird 03/25/2006 07:08 PM WMTools Downloaded Files 07/11/2005 04:26 PM 74,240 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 07/13/2005 07:18 AM 43,104 GDIPFONTCACHEV1.DAT 12/02/2006 12:45 AM 5,863,276 IconCache.db 3 File(s) 5,980,620 bytes 16 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\WINDOWS\system32\config\systemprofile\Application Data 07/11/2005 04:05 PM . 07/11/2005 04:05 PM .. 07/11/2005 04:05 PM Microsoft 07/11/2005 04:05 PM 62 desktop.ini 1 File(s) 62 bytes 3 Dir(s) 17,650,409,472 bytes free Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 07/11/2005 04:05 PM . 07/11/2005 04:05 PM .. 07/11/2005 04:05 PM Microsoft 0 File(s) 0 bytes 3 Dir(s) 17,650,409,472 bytes free ****************************************** Recherche des taches planifiées dans C:\WINDOWS asks C:\WINDOWS\Tasks\A1DF315A9184B062.job k5$ŸôÔFŽîŽdÃi¬F Î < > 4 c : \ d o c u m e ~ 1 \ u s e r \ a p p l i c ~ 1 \ e x i t g l u e \ b l e h f i l e e q . e x e U s e r H€ 0 Ë < ****************************************** ## Répertoires de C:\Program Files Volume in drive C has no label. Volume Serial Number is A4A6-8187 Directory of C:\Program Files 02/10/2008 06:46 PM . 02/10/2008 06:46 PM .. 07/19/2007 03:42 PM Adobe 02/05/2006 07:18 PM Alwil Software 12/16/2006 08:43 PM Audacity 05/04/2006 07:37 PM AVPersonal 08/24/2007 10:14 AM BitComet 07/19/2007 03:10 PM Bonjour 09/23/2006 01:58 PM CamStudio 09/04/2005 11:52 AM Canon 02/02/2008 01:03 PM CCleaner 02/10/2008 07:07 PM Common Files 12/28/2007 10:23 PM DIFX 12/15/2007 08:05 PM DivX 01/26/2008 10:54 PM Dynex Wireless G Enhanced Adapter 01/20/2008 12:29 PM e-anim701 01/20/2008 12:39 PM EasyPHP1-8 01/19/2008 11:07 PM Exolon 03/07/2007 04:04 PM FileZilla 11/19/2005 08:16 PM Freeze.com 02/03/2008 09:43 AM Google 02/03/2008 09:11 PM GtkRadiant 1.5.0 01/26/2008 11:35 AM GtkRadiant-1.4 07/27/2007 05:10 PM HardwareDetection 08/18/2007 12:17 PM Hewlett-Packard 03/08/2006 06:25 PM INAC 12/14/2007 06:38 PM Internet Explorer 04/17/2006 08:22 PM Jasc Software Inc 02/07/2008 07:27 PM Java 06/16/2006 06:08 PM JCalc 12/19/2005 05:51 PM Kjzxhr 09/03/2006 08:12 PM Lavasoft 02/18/2007 07:07 PM LEGO Media 01/02/2008 04:14 PM LimeWire 01/19/2008 09:07 AM LocalCooling 08/18/2007 08:55 AM Logitech 12/26/2007 11:16 PM ma-config.com 08/17/2007 09:42 PM ManyCam 2.1 09/03/2006 08:29 PM Messenger 01/04/2008 08:04 PM Messenger Plus! Live 01/20/2008 11:52 AM MessengerPlus! 3 07/11/2005 04:28 PM microsoft frontpage 07/11/2005 04:51 PM Microsoft Office 06/11/2006 03:48 PM Movie Maker 02/11/2008 06:23 PM Mozilla Firefox 07/16/2007 10:25 AM Mozilla Thunderbird 07/12/2005 05:56 PM MSN 09/17/2006 07:29 PM MSN Games 07/11/2005 03:55 PM MSN Gaming Zone 01/04/2008 10:57 PM MSN Messenger 07/23/2005 07:58 PM MsnMusic 06/18/2006 07:54 PM NetMeeting 12/09/2007 11:31 AM NewSoft 12/27/2007 06:35 PM NHN USA 09/25/2005 07:44 PM Norton AntiVirus 03/03/2007 12:50 PM Notepad++ 08/17/2007 04:51 PM Nvu 11/05/2006 09:44 PM Octatec 05/28/2006 09:16 AM Online Services 07/01/2006 09:26 AM OpenLibraries 02/07/2008 07:30 PM OpenOffice.org 2.3 06/14/2007 11:50 AM Outlook Express 01/28/2006 08:16 PM Panicware 05/23/2006 06:07 PM PhotoFiltre 01/02/2007 07:46 PM Project64 v1.5 01/19/2008 11:17 PM psdriver 12/28/2007 10:24 PM Pure Networks 05/21/2006 05:21 PM QuickTime 01/13/2008 02:01 PM RaGEZONE 01/10/2008 07:17 PM RaGEZONE GunZ C4.7 09/29/2007 06:45 PM Ref Hotkey 09/29/2007 11:50 AM SanDisk 01/12/2008 12:48 PM SlySoft 02/04/2008 10:22 AM SnIco Edit 02/10/2008 04:03 PM Spybot - Search & Destroy 05/22/2006 08:50 AM Spyware Nuker 2004 09/25/2005 07:47 PM Symantec 01/19/2008 09:08 AM SystemRequirementsLab 06/24/2006 11:17 AM TClock 11/20/2005 10:17 AM The Weather Channel FW 01/19/2008 11:20 PM themexp 01/07/2008 12:33 PM TheTurtle 08/21/2007 03:20 PM TRELLIAN 07/16/2007 10:25 AM Tremulous 06/19/2006 01:58 PM Virtools Web Player 3.0 09/03/2006 04:55 PM Visicom Media 12/28/2007 04:35 PM Voice Studio 07/24/2006 02:47 PM Web Media Player 07/24/2006 02:45 PM WebcamFirst Mail 07/24/2006 02:46 PM WhoIs 01/04/2008 10:20 PM Windows Live 09/29/2007 12:00 PM Windows Media Player 04/09/2006 07:36 PM Windows NT 03/24/2007 09:55 AM WinRAR 12/17/2006 12:41 PM WinZip 01/26/2008 11:35 AM Wolfenstein - Enemy Territory 07/11/2005 04:01 PM xerox 01/02/2007 10:00 PM Zone Labs 0 File(s) 0 bytes 98 Dir(s) 17,650,470,912 bytes free ****************************************** ## Popups autorisées * Internet Explorer ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow www.musiqueplus.com REG_BINARY PopupMgr REG_SZ yes * Mozilla Firefox (1 autorisé 2 interdit) ---------- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IPXX929Z.DEFAULT\HOSTPERM.1 host popup 1 codesauxcliques.com host popup 1 www.masseurox.com host popup 1 foud.piczo.com host popup 1 www.jippii.fr host popup 1 www.msntrucastuce.fr host popup 1 darhan.be.cx host popup 1 www.alalettre.com host popup 1 www.maxicodes.com host popup 1 www.gameplaymaniak.piczo.com host popup 1 maxicodes.com host popup 1 www.trafic-booster.com ****************************************** ## Registre * [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Amok film nurb meal REG_SZ ; C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe * [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] creative barb REG_SZ ; C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe ****************************************** ## Zones de sécurité * HKCU Domains (4) * P3P History (5) ****************************************** ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif" *************** Fin du rapport **************** Celui de SREng [CODE] 2008-02-11,18:49:22 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"> [(Verified)Check Point Software Technologies Ltd.] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvurrrq] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}] <%SystemRoot%\System32 undll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Documents and Settings\All Users\Application Data\heart wave amok film\openace.exe> [N/A] <; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software] <; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min> [N/A] <; C:\Program Files\Block Checker\block-checker.exe> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\DOCUME~1\User\APPLIC~1\exitglue\Upload Five Dale.exe> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\WINDOWS\errorhandler.exe> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; ir4sock.exe> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; IExplorer.dll .dbt> [N/A] <; "C:\Program Files\LocalCooling\localcooling.exe" -s> [N/A] <; "C:\Program Files\Pure Networks\Network Magic mapp.exe" -autorun -nosplash> [N/A] <; "C:\Program Files\Common Files\Pure Networks Shared\Platform mctxth.exe"> [N/A] <; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\pasystem\pasystem.exe"> [N/A] <; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"> [N/A] <; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\StorageProtector\SysRep.exe> [N/A] <; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe> [N/A] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe> [N/A] <; C:\Program Files\TClock clock_install.exe> [N/A] <; C:\Program Files\TheTurtle\TheTurtle.exe> [N/A] <; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\winupdates\winupdates.exe /auto> [N/A] <{A4A68187-0513-1033-0519-031213200001}><; "C:\Program Files\Common Files\{A4A68187-0513-1033-0519-031213200001}\Update.exe" mc-110-12-0001634> [N/A] <{A4A68187-0514-1033-0519-031213200001}><; "C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}\Update.exe" mc-110-12-0001634> [N/A] <{A4A68187-0515-1033-0519-031213200001}><; "C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}\Update.exe" mc-110-12-0001634> [N/A] ================================== Startup Folders [Lancement rapide d'Adobe Reader] C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]> ================================== Services [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> / Bonjour Service[Running/Auto Start] <"C:\Program Files\Bonjour\mDNSResponder.exe"> [Dynex Wireless G Enhanced Adapter Service / Dynex DX-WGPUSB WLService][Running/Auto Start] [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [Microsoft authenticate service / MsaSvc][Stopped/Auto Start] [Pure Networks Platform Service / nmservice][Running/Auto Start] <"C:\Program Files\Common Files\Pure Networks Shared\Platform msrvc.exe"> [TrueVector Internet Monitor / vsmon][Running/Auto Start] [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> ================================== Drivers [Achernar - SCSI Command Filters / Achernar][Running/Boot Start] <\SystemRoot\System32\Drivers\Achernar.sys> [AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start] [Aldebaran - SCSI Command Filters / Aldebaran][Running/Manual Start] <\SystemRoot\System32\Drivers\Aldebaran.sys> [catchme / catchme][Stopped/Manual Start] <\??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys> [C-Media WDM Audio Interface / cmuda][Running/Manual Start]

[driverhardwarev2 / driverhardwarev2][Stopped/Manual Start] <\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys> [ManyCam Virtual Webcam, WDM Video Capture Driver / ManyCam][Running/Manual Start] <> [Eye Toy / ovt519][Stopped/Manual Start] [Pure Networks Device Discovery Driver / pnarp][Running/Auto Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [Pure Networks Wireless Driver / purendis][Running/Auto Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Screaming Bee Audio / SCREAMINGBDRIVER][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start] <\SystemRoot\System32\drivers\sfdrv01.sys> [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp02.sys> [StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start] <\SystemRoot\System32\drivers\sfvfs02.sys> [SiS315 / SiS315][Running/Manual Start] [SIS AGP Bus Filter / sisagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sisagp.sys> [SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start] [PC Camera (6029 CIF) / SNPP106][Running/Manual Start] <> [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [Scientific Atlanta USB Cable Modem Driver / USBCM][Stopped/Manual Start] <> [Vcs support / Vcs][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\Vcs.sys> [vsdatant / vsdatant][Running/System Start] [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] [GTNDIS5 NDIS Protocol Driver / GTNDIS5][Running/Manual Start] <\??\C:\WINDOWS\system32\GTNDIS5.SYS> ================================== Browser Add-ons [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [] {53707962-6F74-2D53-2644-206D7942484F} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Programme d'aide de l'Assistant de connexion Windows Live] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [MessengerStatsClient Class] {14B87622-7E19-4EA8-93B3-97215F77A6BC} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [Minesweeper Flags Class] {2917297F-F02B-4B9D-81DF-494B6333150B} [WebGameLoader Class] {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [UnoCtrl Class] {5D6F45B3-9043-443D-A792-115447494D24} [ijjiPlugin2 Class] {5F5F9FB8-878E-4455-95E0-F64B2314288A} > [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [MessengerStatsClient Class] {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [MsnMessengerSetupDownloadControl Class] {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [ZoneIntro Class] {B8BE5E93-A60C-4D26-A2DC-220313175592} [MessengerStatsClient Class] {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [Virtools WebPlayer Class] {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [MSN Chat Control 4.5] {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [Minesweeper Flags Class] {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [Solitaire Showdown Class] {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A> [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Shockwave ActiveX Control] {233C1507-6A77-46A4-9443-F871F945D258} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [WebGameLoader Class] {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A> [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [] {53707962-6F74-2D53-2644-206D7942484F} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [] {5C297360-90B6-4272-AA40-18A9F81A6101} [ijjiPlugin2 Class] {5F5F9FB8-878E-4455-95E0-F64B2314288A} > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [BMG3.LongTooth] {8110581C-FEA4-47AC-ADBC-DE958DD0F354} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Programme d'aide de l'Assistant de connexion Windows Live] {9030D464-4C02-4ABF-8ECC-5164760863C6} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [MsnMessengerSetupDownloadControl Class] {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [] {BB134049-59AA-416B-9EA6-DFA29EB31DD6} [] {BD41F803-79B3-489A-A73F-EE769DDDFA26} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [OWSClientMiscApis Class] {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [OWSBrowserUI Class] {BDEADE43-C265-11D0-BCED-00A0C90AB50F} [OWSDiscussionServers Class] {BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [Virtools WebPlayer Class] {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} [ijjiSetupCtrl1010 Class] {C901354A-DFBC-4297-9BC2-22D499A916D5} [Java Plug-in 1.5.0_01] {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__AVI Moniker Class] {CD3AFA88-B84F-48F0-9393-7EDC34128127} [VIDEO__MPEG Moniker Class] {CD3AFA89-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [Contrôle de l'Assistant de connexion Windows Live] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [svchosts.cMapp_2F47968E9FBE] {D3150260-5753-454D-9923-26CF37C6FECC} [&Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A> [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8}

FillPCA · Answer

Re,

1/ 

    *  Sélectionne le texte suivant :

Driver::
MsaSvc

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\errorhandler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaSystem]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{A4A68187-0513-1033-0519-031213200001}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amok film nurb meal]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\creative barb]
[-HKCR\CLSID\{9AC54695-69A4-46F1-BE10-10C74F9520D5}]
[-HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9AC54695-69A4-46F1-BE10-10C74F9520D5}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvurrrq]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Seoe"=-
"Tiqs"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amok film nurb meal"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"creative barb"=-

File::
C:\WINDOWS\Tasks\A1DF315A9184B062.job
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\msasvc.exe
C:\xlnjaw3o.sys
C:\WINDOWS\S2E57DA41.tmp
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\odjjvpmz.dllbox
C:\WINDOWS\system32\whlb32f.dll
C:\WINDOWS\system32\Tools\All.exe
C:\WINDOWS\system32\Tools\Change.exe
C:\WINDOWS\system32\Tools\CheckPath.exe
C:\WINDOWS\system32\Tools\Counter.exe
C:\WINDOWS\system32\Tools\DelFolders.exe
C:\WINDOWS\system32\Tools\DirectSetup.exe
C:\WINDOWS\system32\Tools\RegClean.exe
C:\WINDOWS\system32\Tools\Regexe.exe
C:\WINDOWS\system32\Tools\Restart.exe
C:\WINDOWS\system32\Tools\RunRegexe.exe
C:\WINDOWS\system32\cd.exe

Folder::
C:\Program Files\pasystem
C:\Program Files\winupdates
C:\Program Files\Common Files\{A4A68187-0513-1033-0519-031213200001}
C:\Documents and Settings\All Users\Application Data\heart wave amok film
C:\Documents and Settings\LocalService\Application Data\exitglue
C:\Documents and Settings\User\Application Data\exitglue
C:\Program Files\Kjzxhr

Dirlook::
C:\WINDOWS
C:\WINDOWS\system32

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe 
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Il faudra l'éditer en plusieurs fois car il va être très long. Coupe-le en plusieurs morceaux pour l'éditer.

2/     *  Télécharge OTMoveIt2  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,

    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\WINDOWS\Internet Logs\*.tmp
EmptyTemp

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Teste ce fichier sur virustotal : C:\WINDOWS\system32\Drivers\Vcs.sys
Edite ces 3 rapports (Combofix, OTMoveIt, virustotal) ainsi qu'un nouveau rapport Hijackthis.

Si tu ne parviens pas à éditer ces rapports, tu peux me les expédier ici : wekmdlpe@trashmail.net

FillPCA

FillPCA · Answer

Bonjour,

Tu n'a pas testé le ficiher avec Virustotal. Il me faut ce rapport.

1/ Edite ce rapport Virustotal.
2/     *  Télécharge OTMoveIt2  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

C:\WINDOWS\system32\*.VIR
C:\WINDOWS\Internet Logs\*.tmp
EmptyTemp

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/     *  Sélectionne le texte suivant :

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Tiqs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{A4A68187-0513-1033-0519-031213200001}"=-

RenV::
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Common Files\Pure Networks Shared\Platform
mctxth .exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder .exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\LocalCooling\localcooling .exe
C:\Program Files\MessengerPlus! 3\MsgPlus .exe
C:\Program Files\MSN Messenger\msnmsgr .exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree .exe
C:\Program Files\Pure Networks\Network Magic
mapp .exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
C:\Program Files\Windows Live\Messenger\msnmsgr      .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32lvknlg .exe

Folder::
C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

4/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

5/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

6/ Désactive temporairement ton antivirus.

7/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Panda.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

8/ Ré-active ton antivirus.

9/ Edite ces rapports :
Virustotal, OtMOveIt, Combofix, AVGantispyware, Panda et un nouveau rapport Hijackthis.

FillPCA

Foud35 · Answer

Alors voilà désolé, j'étais très occupé cette semaine, néanmoins : Voici le résultat de virustotal : Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.2.14.10 2008.02.13 - AntiVir 7.6.0.65 2008.02.13 - Authentium 4.93.8 2008.02.13 - Avast 4.7.1098.0 2008.02.13 - AVG 7.5.0.516 2008.02.13 - BitDefender 7.2 2008.02.13 - CAT-QuickHeal None 2008.02.13 - ClamAV 0.92 2008.02.14 - DrWeb 4.44.0.09170 2008.02.13 - eSafe 7.0.15.0 2008.02.13 - eTrust-Vet 31.3.5533 2008.02.13 - Ewido 4.0 2008.02.13 - FileAdvisor 1 2008.02.14 - Fortinet 3.14.0.0 2008.02.13 - F-Prot 4.4.2.54 2008.02.13 - F-Secure 6.70.13260.0 2008.02.13 - Ikarus T3.1.1.20 2008.02.14 - Kaspersky 7.0.0.125 2008.02.14 - McAfee 5229 2008.02.13 - Microsoft 1.3204 2008.02.13 - NOD32v2 2873 2008.02.13 - Norman 5.80.02 2008.02.13 - Panda 9.0.0.4 2008.02.14 - Prevx1 V2 2008.02.14 - Rising 20.31.10.00 2008.02.13 - Sophos 4.26.0 2008.02.13 - Sunbelt 2.2.907.0 2008.02.13 - Symantec 10 2008.02.14 - TheHacker 6.2.9.219 2008.02.13 - VBA32 3.12.6.1 2008.02.14 - VirusBuster 4.3.26:9 2008.02.13 - Webwasher-Gateway 6.6.2 2008.02.13 - Le résultat pour OTMoveIt2 [Custom Input] < C:\WINDOWS\system32\*.VIR > C:\WINDOWS\system32\bpcxcbny.VIR moved successfully. C:\WINDOWS\system32\wvurrrq.dll.VIR moved successfully. < C:\WINDOWS\Internet Logs\*.tmp > File/Folder C:\WINDOWS\Internet Logs\*.tmp not found. < EmptyTemp > File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT02d38.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT02d3b.TMP scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 v1.0.19 log created on 02132008_175231 Celui de ComboFix: ComboFix 08-02.05.3 - User 2008-02-13 18:25:29.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.347 [GMT -5:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\internet optimizer\ C:\Program Files\toolbar888\ C:\WINDOWS\system32\rlvknlg.exe . ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))) . 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-12 19:31 . 2008-02-12 20:46 d----c--- C:\_OTMoveIt 2008-02-12 18:57 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-02-10 18:23 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-10 19:34 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 2008-02-02 13:02 . 2008-02-02 13:03 d-------- C:\Program Files\CCleaner 2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 22:52 . 2008-01-26 22:54 d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll 2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD 2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini 2008-01-26 10:55 . 2008-01-26 10:55 d-------- C:\Documents and Settings\User\RadiantSettings 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\Wolfenstein - Enemy Territory 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\GtkRadiant-1.4 2008-01-20 16:29 . 2008-01-22 20:32 d----c--- C:\vdp 2008-01-20 11:15 . 2008-01-20 11:20 dr------- C:\Documents and Settings\All Users\Application Data\Data 2008-01-19 12:08 . 2008-01-19 12:08 d---s---- C:\Documents and Settings\Administrator\UserData 2008-01-19 10:22 . 2008-01-19 10:26 d-------- C:\Documents and Settings\Administrator\Contacts 2008-01-19 10:08 . 2008-01-19 10:08 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 09:11 . 2008-01-19 09:11 dr------- C:\Documents and Settings\All Users\Application Data\SalesMon 2008-01-19 09:08 . 2008-01-19 09:08 d-------- C:\Program Files\SystemRequirementsLab 2008-01-13 16:26 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-13 16:26 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-13 16:26 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-13 16:26 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-13 14:01 . 2008-01-13 14:01 d-------- C:\Program Files\RaGEZONE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-13 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-10 21:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 16:15 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-01-05 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer 2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2008-01-05 01:04 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire 2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com 2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks 2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX 2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared 2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks 2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio 2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire 2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation 2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA 2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com 2007-12-21 04:05 --------- d-----w C:\Documents and Settings\User\Application Data\DivX 2007-12-16 01:05 --------- d-----w C:\Program Files\DivX 2007-10-20 15:39 5,457,434 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2006-06-24 13:46 0 -c-ha-w C:\Program Files\Toolbar888 2006-06-24 13:46 0 -c-ha-w C:\Program Files\Internet Optimizer 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . [code]

----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe

/code ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184] "H005RPbFR"="ir4sock.exe" [] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "{A4A68187-0514-1033-0519-031213200001}"="C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}\Update.exe" [ ] "{A4A68187-0515-1033-0519-031213200001}"="C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}\Update.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] *Newly Created Service* - AVGASCLN . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-13 18:36:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Mozilla Firefox\firefox.exe . ************************************************************************** . Completion time: 2008-02-13 18:45:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-13 23:44:53 ComboFix2.txt 2008-02-13 00:26:42 ComboFix3.txt 2008-02-11 00:21:30 . 2008-02-13 22:52:59 --- E O F --- Pour le reste des rapports, y'a-t-il moyen que je te l'envoie par e-mail car le fichier est assez volumineux ?

FillPCA · Answer

Re,

Ton programme Zone Alarm semble touché.
1/ Télécharge la dernière version de ce logiciel.
2/     *  Sélectionne le texte suivant :

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"H005RPbFR"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"ZoneAlarm Client"=-
"{A4A68187-0514-1033-0519-031213200001}"=-
"{A4A68187-0515-1033-0519-031213200001}"=-

Folder::
C:\Program Files\Toolbar888
C:\Program Files\Internet Optimizer
C:\Program Files\Common Files\{A4A68187-0514-1033-0519-031213200001}
C:\Program Files\Common Files\{A4A68187-0515-1033-0519-031213200001}

Renv::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe

Dir::
C:\Program Files\m

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

3/ Coupe la connexion Internet, en débranchant le câble si nécessaire.
4/ Désinstalle Zone alarm, redémarre le pc puis ré-installe-le.
5/ Reconnecte-toi.
6/ Edite le rapport Combofix, un rapport Hijackthis, le rapport AVGantispyware et le rapport Panda.

Pour les rapports, tu peux me les envoyer à cette adresse si tu ne parviens pas à les poster : mlzrzblp@trashmail.net

FillPCA

afideg · Answer

Bonjour FillPCA 
Pour les rapports, tu peux me les envoyer à cette adresse si tu ne parviens pas à les poster : mlzrzblp@trashmail.net 

Dommage, je ne pourrai plus suivre ce topic instructif.  ;)
Merci d'avance.
Al

FillPCA · Answer

Salut,

J'éditerai les rapports si tu veux Al

FillPCA

afideg · Answer

Re,
Oui, merci
Exclusivement les points à retenir est déjà suffisant (avec l'origine-outil).

;)
Al.

Foud35 · Answer

Dommage, je ne pourrai plus suivre ce topic instructif. ;)
Merci d'avance.
Al


Je ne savais pas que mon topic l'était :O !

FillPCA · Answer

Salut, Je transmets les rapports : ComboFix 08-02-20.2 - User 2008-02-19 18:19:32.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.339 [GMT -5:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))) . 2008-02-16 15:00 . 2008-02-16 15:00 d-------- C:\Program Files\Jmgr.info 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft Synchronization Services 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-15 22:56 . 2008-02-15 22:56 d-------- C:\Program Files\RzGunz.com 2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp 2008-02-13 19:45 . 2008-02-18 19:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-13 19:45 . 2008-02-18 19:14 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-13 19:44 . 2008-02-18 20:19 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-13 19:44 . 2008-02-18 19:14 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-12 19:31 . 2008-02-12 20:46 d----c--- C:\_OTMoveIt 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-02-10 18:23 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-16 20:37 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 2008-02-02 13:02 . 2008-02-02 13:03 d-------- C:\Program Files\CCleaner 2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 22:52 . 2008-02-18 19:56 d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll 2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD 2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini 2008-01-26 10:55 . 2008-01-26 10:55 d-------- C:\Documents and Settings\User\RadiantSettings 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\Wolfenstein - Enemy Territory 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\GtkRadiant-1.4 2008-01-20 16:29 . 2008-01-22 20:32 d----c--- C:\vdp 2008-01-20 11:15 . 2008-01-20 11:20 dr------- C:\Documents and Settings\All Users\Application Data\Data . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++ 2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-19 00:48 --------- d-----w C:\Program Files\Bonjour 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-13 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon 2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire 2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com 2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks 2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX 2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared 2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks 2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio 2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire 2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation 2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA 2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com 2007-12-21 04:05 --------- d-----w C:\Documents and Settings\User\Application Data\DivX 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-20 15:39 5,457,434 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . [code]

----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe

[/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 18:26:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-20 18:29:42 ComboFix-quarantined-files.txt 2008-02-20 23:29:16 ComboFix2.txt 2008-02-13 23:45:06 ComboFix3.txt 2008-02-13 00:26:42 ComboFix4.txt 2008-02-11 00:21:30 . 2008-02-18 23:06:54 --- E O F ---

FillPCA · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:24 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform
msrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic
mapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform
mctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform
msrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html

FillPCA · Answer

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	2:17:23 PM 2/16/2008

 + Résultat de l'analyse:	



HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\Common Files\Companion Wizard\compwiz.exe.vir -> Adware.Companion : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Aucune action entreprise.
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\Common Files\services.exe.vir -> Adware.Maxifiles : Aucune action entreprise.
C:\QooBox\Quarantine\C\Program Files\DNS\cwebpage.dll.vir -> Adware.Maxifiles : Aucune action entreprise.
HKU\S-1-5-21-861567501-879983540-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Aucune action entreprise.
C:\Program Files\Toolbar888 -> Adware.Softomate : Aucune action entreprise.
C:	emp\Remover.exe -> Adware.Winad : Aucune action entreprise.
C:\_OTMoveIt\MovedFiles\02132008_175231\WINDOWS\system32\wvurrrq.dll.VIR -> Downloader.Small.hlr : Aucune action entreprise.
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP509\A0904571.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP511\A0907308.exe -> Dropper.Agent.dgo : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32k.bin.vir -> Not-A-Virus.Adware.RK : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32lvknlg.exe.vir -> Not-A-Virus.Adware.RK : Aucune action entreprise.
:mozilla.261:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.154:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.122:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.214:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.215:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.216:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.217:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.219:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Aucune action entreprise.
:mozilla.153:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.206:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.101:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.102:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.104:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.98:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.99:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.267:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.222:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Information : Aucune action entreprise.
C:\Documents and Settings\User\Cookies\user@auto.search.msn[1].txt -> TrackingCookie.Msn : Aucune action entreprise.
:mozilla.270:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Netflame : Aucune action entreprise.
:mozilla.221:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revenue : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.197:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.198:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.199:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.200:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.207:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.195:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.183:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.184:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.185:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.186:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Documents and Settings\User\Application Data\Grisoft\AVG Antispyware 7.5\quarantineesD62E5640.dat/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.0.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.11.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.15.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.19.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper 4.20.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.1.20.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0 by Mad Max.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0 by SND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.2.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.5.3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0 by SnD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.1.0 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.6.2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.7.0.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.7.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.8 READ NFO by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.8.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0 by Embrace.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0 by Mad Max.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0 by SND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v2.9.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0 READ NFO by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.0.0 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.0.0 by Mad Max.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.1 WORKING by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.1 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.01 Cracked by DVT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.2 Regged by PARANOiA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.2.0 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.4 Regged by PARANOiA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.6 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.8 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.1.9 WORKING READ NFO by ZWT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.15 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v3.2.0 WORKING by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.0 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.1 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.2 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.3 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo CD Ripper v4.0.4 by ZWT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Copy v1.0.3 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Duplicator v1.0 READ NFO by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Duplicator v1.01 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Duplicator v1.02 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 2.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 2.10 Regged-XMA0D.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 2.10.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 3.00.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 3.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper 3.02.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.0 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.02 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.1 REGGED by PARANOiA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v1.1 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v2.01 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v2.10 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v3.00 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v3.01 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo DVD Ripper v3.02 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavo cd ripper 3.14 patch rock.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavoaudiocdburnerv 2.0.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lavavoaudiocdripperv 2.1.20.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Law Dictionary v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower 2 v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v1.6 Plus 2 Trainer by POD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v1.6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 0 Plus 2 PROPER Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 0 Plus 2 PROPER Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 2 Plus 2 Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2 2 Plus 2 Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2.0 Plus 1 Trainer by POD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawn Mower v2.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LawnMower v1.4 Serial.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LawnTrac v1.0 PalmOS Cracked by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawnmonkey 2001 Deluxe Updated.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawtrust 2.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawtrust v2.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LawyerReckoning Expert v2.31 Russian.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawyerreckoning expert 2.31 urist raschet expert ru by tsrh.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lawyerreckoning expert 2.31 urist raschet expert ru.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LayerManager Professional (LayMan Pro) 4.0 R2K for AutoCAD 2000.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layerman v4.1g For AutoCad And LT 2k4 2k5 German by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layerman v4.1g For AutoCad And LT 2k4 2k5 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager for AutoCAD v4.1h German.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager for AutoCAD v4.1h.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager v4.1g 060505 for AutoCAD GERMAN by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layermanager v4.1g 060505 for AutoCAD by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Layo PCB1 v8.05.9.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Laytik Magazine v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Laytik Platezki v2.12 Russian.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lazarus Registration DLL v1.0 by DYNAMiTE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LazyCat 1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LazyCat v1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LazyMail V1.0-Lz0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lcfmeter.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Le Gerant 2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Le traducteur Français-Espagnol.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Le traducteur anglais-français Français anglais.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lead Poster v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeadTools Video MCMP MJPEG Codec v1003.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leading Edge Robodialer 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools Dicom Read DirectShow 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools Dicom Write DirectShow 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools LEAD Capture And Convert 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools LEAD Capture And Convert v1.0 by CORE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leadtools LEAD Capture and Convert v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafBreaks 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafChat v1.71.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafChat v1.761.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums 2.33.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.02.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v1.03.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.25 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafDrums v2.25.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafFX 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeafLoops 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leafdigital LeafChat 1.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\League Maker 2000 v1.3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\League Maker 2000 v1.3.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\League Puzzle v2.0-IND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.3 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.4 by PH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaguePad v4.0.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap 4.60 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap 4.60 by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap Office 2000.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap'n'Croak v1.6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leap-n-Croak v1.6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.4.602.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.5.610.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.6.612.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP 2.7.6.613.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.0.48.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.2.470.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.6.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.61.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0 Serial.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0 by Damn.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0 by RAC.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0.550 Patch.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1 by Damn.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1 by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.560 Keygen by Orion.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.560 Keygen by Pain.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.580 Keygen.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.580 Patch.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.1.580.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2 NEW.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2 by Laxity.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2 by Noesis.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Crack by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Keygen by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Serial by DBC.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Serial by Eminence.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 Serial by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 by Blizzard.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.592 by TNT.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.4.602 French by NEMROD34.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.4.602 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610 by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.610.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.6.612 Keygen.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.7.x.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.74.602 by MP2K.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.75 build 610.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.x Generic.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeapFTP v2.x.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapftp 2.7.5.610 by rev.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapftp v2.74.602.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapin Lizards 1.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leapin' Lizards 1.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 V3.0 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 V3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v2.1 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v2.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn Chinese 2003 v3.0 Cracked French by RESET.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Play Guitar v3.0 E-book.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak French v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak German v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian 2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.3 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.3.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Italian v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Japanese v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Japanese v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Russian v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Russian v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Simplified Chinese v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Simplified Chinese v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.5 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.7 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learn To Speak Spanish v2.7.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v1.01 Keygen Only-UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v1.01 by UCF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v1.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v2.0 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnChinese 2003 v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.2 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.2 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnDict v1.0.0.3.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnFlash 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.01.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.04 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.05 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnIt 5.052 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnWords v1.4 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LearnWords v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learning Cards v1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learning XML Second Edition - eBook.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Learnit v1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaseTool v3.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeaugeGen v1.0.1 Cracked-F4CG.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leave Me In Stitches v1.1.24.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LecBar 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder 4.24.040908.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.0.40040129 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2 Regged by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2 build 42040419.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2.040408 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.2.040419 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.24.040908 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Lecture Recorder v4.24.040908.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LedManager v1.0 PalmOS Cracked by TBEPDA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LedSoft Desk Charts v2.02 by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v2.0.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v2.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v2.1.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.0.5 by Orion.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.0.5 by SC.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leech v3.26.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeechGet 2003 v1.0 build 1500 Final.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeechGet 2003 v1.0 build 1500+ Final.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeechGet 2004.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leesoft Postman v2.0.0 Silent Update.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leesoft Postman v2.0.0 by Orion.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leesoft Postman v2.0.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\LeetchFTP Bookmarks Revealer v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Leetspeak 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy 2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy Family Tree 6.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy Of Kain Defiance PLUS 3 TRAINER by PiZZADOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy of Kain Defiance.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\Legacy of Kain Soul Reaver.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N MDaemon Pro 8.0.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N MDaemon Pro 8.1.2.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N+ v2 CD-Crack.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Ball V 2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-E-Learning Driving Theory Test 2002-2003 UK Edition v2.1.4G.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Gen Silver's Crackme 1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio 4.0.5 Build 1845 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio 4.0.5 Build 1846 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.02 - 2.14 Plugins.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.1.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v2.2.879.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v3.0.1 build 1211.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v3.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-Track Studio v4.0.4 Build 1781 REGGED by CRD.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-rec 1.5 stable tool by tsrh.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N-rec 1.6 tool by tsrh.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N1 DVD Ripper Version 1.3.47.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\N1 Sound Recorder v3.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAPOLEONS WAGRAM PLUS 2 TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAS Simulator v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASCAR 2003.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASCAR Heat.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASCAR v2.1 PalmOS Cracked by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA CRITIC v5.0.01.2005 LINUX by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA CRITIC v5.0.01.2005 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HANEX v5.0.01.2005 LINUX by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HANEX v5.0.01.2005 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HSIM v1.3.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HSIM v5.0.01.2005 LINUX by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NASSDA HSIM v5.0.01.2005 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1062.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1066 Incl KeyGen-DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1068 Incl KeyGen-DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.7.1068 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1010 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1010.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1012 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 Enhanced v1.8.1012.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 build 4064.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.2 build 2072.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.4 build 4062 10-Apr-2002.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.4 build 4069.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v1.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v6.4.5 build 1096.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v6.4.5 build 1128.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32 v6.4.5 build 1130.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ build 4064.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.2 build 2072.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.4 build 4062 (10-Apr-2002).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.4 build 4069.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32+ v1.4.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAT32e v1.7 build 1056.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATATA eBook Compiler Gold v2.2.1 Retail by TSRH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS IMAQ VISION V7.1 by RiSE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS IMAQ VISION V7.1.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS SIGNALEXPRESS V1.0 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL INSTRUMENTS SIGNALEXPRESS V1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL LAMPOONS UNIVERSITY TYCOON PLUS 3 TRAINER by aSxDOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATIONAL LAMPOONS UNIVERSITY TYCOON PLUS 3 TRAINER.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATULA v3.0 Bilingual by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATULA v3.0 Bilingual.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NATURA Sound Therapy v1.5.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAV Virus Definition Reviver 1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVAL CAMPAIGNS GUADALCANAL TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVAL CAMPAIGNS GUADALCANAL V1.01 TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVISWORKS V3.6 by LND.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NAVTEX Decoder v1.0.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA 2005.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA 2006.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA LIVE 2004 PLUS 10 TRAINER by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA LIVE 2005 EA SPORTS.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA LIVE 2006 CD-KEY.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2001.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 Cheats by FLTDOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 Cheats-FLTDOX.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 Trainer by DARKNeZZ.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003 by Air Perical.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2003.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 Current Rosters v1.11.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 Plus 10 Trainer by MYTH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 V1.0.0.4 Plus 10 Trainer by MYTH.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004 by Myth.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2004.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 (6).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 Keygen.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 Plus 12 Trainer by HOODLUM.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 Plus 12 Trainer-HOODLUM.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 b.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 by FFF.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 by Reloaded.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 c.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005 d.zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005(2).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.
C:\Uploads\NBA Live 2005(3).zip/setup.exe -> Trojan.Crypt.e : Aucune action entreprise.

etc...

FillPCA · Answer

Re,

C'est mieux, mais AVGantispyware a été mal employé. Il est indiqué "aucune action entreprise".

1/ 
    *  Sélectionne le texte suivant :

RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe 

Folder::
C:\Uploads

DirLook::
C:\Program Files\m

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Applique très exactement AVGantispyware ainsi :
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

Dans le rapport que tu sauvegadre, la mise en quarantaine doit apparaître.

3/ Edite le rapport Combofix, le rapport AVGantispyware et un nouveau rapport Hijackthis.

4/ Dis-moi comment le pc se porte.

FillPCA

Foud35 · Answer

Salut ! ComboFix 08-02-20.2 - User 2008-02-22 18:33:37.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.267 [GMT -5:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Uploads C:\Uploads\La Fabrica de Botones de Trellian 2.00.003.zip C:\Uploads\La Farandole des Mots NEW.zip C:\Uploads\La Farandole des Mots.zip C:\Uploads\La Femme Plus v1.0 ARM PPC2002 Regged by COREPDA.zip C:\Uploads\LawnMower v1.4 Keygen.zip C:\Uploads\LB Workshop 4.4.5.zip C:\Uploads\LB Workshop 4.5.0.zip C:\Uploads\LB Workshop 4.6.zip C:\Uploads\LB Workshop v4.0 by AvAtAr.zip C:\Uploads\LB Workshop v4.0 by FFF.zip C:\Uploads\LB Workshop v4.3.0 by iND.zip C:\Uploads\LB Workshop v4.4.5 by iND.zip C:\Uploads\LB Workshop v4.4.5 Regged by HERETiC.zip C:\Uploads\LBC-Faktura Professional Edition 1.10.zip C:\Uploads\LBM CustumPack 1.10.zip C:\Uploads\LbMail v1.0 by LasH.zip C:\Uploads\LbMail v1.0 by TNT.zip C:\Uploads\LBZipper v1.0.25.zip C:\Uploads\LBZipper v1.0.65.zip C:\Uploads\LC3 - L0phtCrack 3 by FHCF.zip C:\Uploads\LC3 (L0phtCrack) v3.02.zip C:\Uploads\LC3 L0phtCrack 3.0.zip C:\Uploads\LC3 L0phtCrack v3.02.zip C:\Uploads\LC3 Password Auditing and Recovery v3.02.zip C:\Uploads\LC4 4-00.zip C:\Uploads\LC4 Password Auditing and Recovery v4.0.zip C:\Uploads\LC4 v4.00 by N-GeN.zip C:\Uploads\LC4 v4.00.zip C:\Uploads\LC4.zip C:\Uploads\LC5 L0phtCrack v5.00.zip C:\Uploads\LC5 L0phtCrack v5.02 by Blizzard.zip C:\Uploads\LC5 L0phtCrack v5.02 by FHCF.zip C:\Uploads\LC5 L0phtCrack v5.04 by FSS.zip C:\Uploads\LC5 L0phtCrack v5.04.zip C:\Uploads\LCARS MediaPlayer 2.01.112.zip C:\Uploads\LCARS MediaPlayer 2.01.119.zip C:\Uploads\LCARS MediaPlayer 2.01.123.zip C:\Uploads\LCARS MediaPlayer 2.01.124.zip C:\Uploads\LCARS MediaPlayer 2.01.125.zip C:\Uploads\TamoSoft CommView Remote Agent v1.1.43.zip C:\Uploads\TamoSoft Essential NetTools v3.2.133.zip C:\Uploads\Tangentbordstr ning v1.00.zip C:\Uploads\Tangentbordstr300ning v1.00.zip C:\Uploads\Tangentbordstraning 2.21.zip C:\Uploads\Tangerine Connect v2.0.zip C:\Uploads\Tangle v1.02 PalmOS Cracked by BLZPDA.zip C:\Uploads\Tango 1.0.zip C:\Uploads\Tango v1.0 by UnderPl.zip C:\Uploads\Tangosol Coherence v2.4 by SHOCK.zip C:\Uploads\Tangosol Coherence v2.4.zip C:\Uploads\Tangosol Coherence v2.5.1 by SHOCK.zip C:\Uploads\Tangram 2000 v1.0.zip C:\Uploads\Tangram v1.0 PalmOS CRACKED by LCDPDA.zip C:\Uploads\Tangram v3.0 PalmOS Cracked by BLZPDA.zip C:\Uploads\Tangrams v2.01 for Pocket PC.zip C:\Uploads\TAnimationFX v5.0 OCX.zip C:\Uploads\Xilisoft MOV Converter 2.1.52.831b.zip C:\Uploads\Xilisoft MOV Converter 2.1.55.1008b.zip C:\Uploads\Xilisoft MOV Converter 2.1.55.1025b.zip C:\Uploads\Xilisoft MOV Converter 2.1.55.1107b.zip C:\Uploads\Xilisoft MOV Converter 2.1.55.1205b.zip C:\Uploads\Xilisoft MOV Converter 2.1.59.0118b.zip C:\Uploads\Xilisoft MOV Converter 2.1.59.0217b.zip C:\Uploads\Xilisoft MOV Converter v2.1.59.0316b.zip C:\Uploads\Xilisoft MP3 WAV Converter 1.0.10.920.zip C:\Uploads\Xilisoft MP3 WAV Converter 1.0.15.1129.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.16.1212.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.21.201.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.22.228.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.32.310.zip C:\Uploads\Xilisoft MP3 Wav Converter 2.0.32.329.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.34.406.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.35.415.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.35.511.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.0.36.727.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.1.41.922.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.1.42.1208.zip C:\Uploads\Xilisoft MP3 WAV Converter 2.1.44.0111.zip C:\Uploads\Xilisoft MP3 WAV Converter v2.1.46.0322b.zip C:\Uploads\Xilisoft MP4 Converter 2.1.56.1213b.zip C:\Uploads\Xilisoft MP4 Converter 2.1.57.1228b.zip C:\Uploads\Xilisoft MP4 Converter 2.1.59.0206b.zip C:\Uploads\Xilisoft MP4 Converter v2.1.59.0316b.zip C:\Uploads\XiliSoft MPEG to DVD Converter 2.0.05.0221.zip C:\Uploads\Xilisoft MPEG to DVD Converter v2.0.07.0317.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.45.519b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.46.609b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.50.714b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.50.728b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.52.831b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.54.915b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.54.922b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.55.1107b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.55.1220b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.59.0118b.zip C:\Uploads\Xilisoft PSP Video Converter 2.1.59.0217b.zip C:\Uploads\Xilisoft PSP Video Converter v2.1.59.0303b.zip C:\Uploads\Xilisoft PSP Video Converter v2.1.59.0316b.zip C:\Uploads\Xilisoft RM Converter 2.1.54.916b.zip C:\Uploads\Xilisoft RM Converter 2.1.55.1008b.zip C:\Uploads\Xilisoft RM Converter 2.1.55.1025b.zip C:\Uploads\Xilisoft RM Converter 2.1.55.1107b.zip C:\Uploads\Xilisoft RM Converter 2.1.55.1220b.zip C:\Uploads\Xilisoft RM Converter 2.1.59.0118b.zip C:\Uploads\Xilisoft RM Converter 2.1.59.0217b.zip C:\Uploads\Xilisoft RM Converter v2.1.59.0316b.zip . ((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))) . 2008-02-20 18:58 . 2008-02-22 18:53 1,034,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-20 18:58 . 2008-02-21 21:39 12,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-20 18:49 . 2008-02-20 18:49 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-20 18:45 . 2008-02-20 18:48 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-20 18:45 . 2008-02-20 18:45 d-------- C:\Program Files\Zone Labs 2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-20 18:45 . 2008-02-22 18:10 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-16 15:00 . 2008-02-16 15:00 d-------- C:\Program Files\Jmgr.info 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft Synchronization Services 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-15 22:56 . 2008-02-15 22:56 d-------- C:\Program Files\RzGunz.com 2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp 2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-13 19:44 . 2008-02-20 19:18 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-12 19:31 . 2008-02-12 20:46 d----c--- C:\_OTMoveIt 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-02-10 18:23 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-02-09 10:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-16 20:37 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 2008-02-02 13:02 . 2008-02-02 13:03 d-------- C:\Program Files\CCleaner 2008-01-26 22:53 . 2008-01-26 22:53 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 22:52 . 2008-02-18 19:56 d-------- C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-01-26 22:52 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2008-01-26 22:52 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\WGPUSB.dll 2008-01-26 22:52 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD 2008-01-26 22:52 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2008-01-26 22:52 . 2006-06-26 11:23 123 --a------ C:\WINDOWS\system32\ucuiinfo.ini 2008-01-26 10:55 . 2008-01-26 10:55 d-------- C:\Documents and Settings\User\RadiantSettings 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\Wolfenstein - Enemy Territory 2008-01-25 23:20 . 2008-01-26 11:35 d-------- C:\Program Files\GtkRadiant-1.4 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour 2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++ 2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-13 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-06 23:41 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-01-27 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:20 --------- d-----r C:\Documents and Settings\All Users\Application Data\Data 2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon 2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2008-01-02 21:14 --------- d-----w C:\Program Files\LimeWire 2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-12-29 20:50 --------- d-----w C:\Documents and Settings\User\Application Data\ma-config.com 2007-12-29 03:24 --------- d-----w C:\Program Files\Pure Networks 2007-12-29 03:23 --------- d-----w C:\Program Files\DIFX 2007-12-29 03:22 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared 2007-12-29 03:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks 2007-12-28 21:35 --------- d-----w C:\Program Files\Voice Studio 2007-12-28 21:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire 2007-12-27 23:46 --------- d-----w C:\Program Files\Common Files\DirectX 2007-12-27 23:45 --------- d-----w C:\Documents and Settings\User\Application Data\NHN Corporation 2007-12-27 23:35 --------- d-----w C:\Program Files\NHN USA 2007-12-27 04:16 --------- d-----w C:\Program Files\ma-config.com 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . [code]

----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe

[/code] [color=red]Files Infected - Win32.Agent.zb[/color] . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Program Files\m ---- 2006-01-21 08:53 3 --a--c--- C:\Program Files\m\AI_21-01-2006.log 2006-01-20 11:47 3 --a--c--- C:\Program Files\m\AI_20-01-2006.log 2006-01-19 08:28 3 --a--c--- C:\Program Files\m\AI_19-01-2006.log 2006-01-18 11:50 3 --a--c--- C:\Program Files\m\AI_18-01-2006.log 2006-01-17 10:36 3 --a--c--- C:\Program Files\m\AI_17-01-2006.log 2006-01-16 19:06 3 --a------ C:\Program Files\m\AI_16-01-2006.log 2006-01-15 10:02 3 --a------ C:\Program Files\m\AI_15-01-2006.log 2005-07-23 20:45 116882 --a--c--- C:\Program Files\m\data.bin ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-22 18:53:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-22 19:08:07 ComboFix-quarantined-files.txt 2008-02-23 00:07:50 ComboFix2.txt 2008-02-20 23:29:44 ComboFix3.txt 2008-02-13 23:45:06 ComboFix4.txt 2008-02-13 00:26:42 ComboFix5.txt 2008-02-11 00:21:30 . 2008-02-22 23:23:20 --- E O F --- À mon avis le test a bien marché puisqu'il ne l'est pas re-détecté puis les fichiers sont bien plaçés en quarantine : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 5:48:26 PM 2/17/2008 + Résultat de l'analyse: :mozilla.331:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.332:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.334:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.335:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.336:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.337:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.115:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.252:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.92:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.93:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.94:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.95:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.96:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.97:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.388:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.389:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.390:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.202:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.203:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.204:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.206:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.207:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.99:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.438:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.246:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.236:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.237:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.238:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.239:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.240:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.241:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.242:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.243:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.244:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.217:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.219:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.220:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.259:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.106:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.107:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.108:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.255:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.297:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.377:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.483:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.69:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.70:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.71:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.116:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.117:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.445:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Information : Nettoyé. :mozilla.301:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.486:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.34:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé. :mozilla.444:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé. :mozilla.348:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.349:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.350:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.351:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.80:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.82:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.83:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.73:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.74:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.157:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.199:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.200:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.423:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.424:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.425:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.426:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. Fin du rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:36:21 PM, on 2/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\User\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe" O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/ O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html

FillPCA · Answer

Bonjour,

Une infection résiste.

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

2/ 
    *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

Edite ce rapport.

FillPCA

Foud35 · Answer

Salut voilà les rapports 

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Saturday, March 01, 2008 4:03:06 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  1/03/2008
 Kaspersky Anti-Virus database records: 592131
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\

Scan Statistics:
	Total number of scanned objects: 92782
	Number of viruses found: 5
	Number of infected objects: 15
	Number of suspicious objects: 0
	Duration of the scan process: 04:40:47

Infected Object Name / Virus Name / Last Action
C:\4b3a8ae29d4df862afbdaeb1\Forum\fond.jpg	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\fond.png	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_activate.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_send_email.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_welcome_activated.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_welcome_inactive.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\coppa_welcome_inactive.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_added.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_approved.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_request.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_aim.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_edit.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_email.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_icq_add.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_ip.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_msnm.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_pm.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_profile.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_quote.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_search.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_www.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_yim.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\index.htm	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\install.txt	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_admin.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_bbcode.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_faq.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_main.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\msg_newpost.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\post.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\privmsg_notify.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\profile_send_email.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forumeply-locked.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forumeply.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\search_stopwords.txt	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\search_synonyms.txt	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum	opic_notify.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_activate.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_activate_passwd.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_welcome.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_welcome_inactive.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\ban.png	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\corps.png	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\footer.png	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\menu.png	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\placepub.png	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_activate.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_send_email.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_welcome_activated.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_welcome_inactive.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\coppa_welcome_inactive.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_added.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_approved.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_request.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_aim.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_edit.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_email.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_icq_add.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_ip.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_msnm.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_pm.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_profile.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_quote.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_search.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_www.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_yim.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\index.htm	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\install.txt	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_admin.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_bbcode.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_faq.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_main.php	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\msg_newpost.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\post.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\privmsg_notify.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\profile_send_email.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTCeply-locked.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTCeply.gif	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\search_stopwords.txt	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\search_synonyms.txt	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC	opic_notify.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_activate.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_activate_passwd.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_welcome.tpl	Object is locked	skipped
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_welcome_inactive.tpl	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\User\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\User\Desktop\backups\backup-20080209-222048-283.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\User\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\User\NTUSER.DAT.LOG	Object is locked	skipped
C:\mti-hits.exe/data0004	Infected: not-a-virus:AdWare.Win32.EZula.cc	skipped
C:\mti-hits.exe	NSIS: infected - 1	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt	Object is locked	skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gebyw.dll.vir	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gjvtckbi.dll.vir	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ubiavlpc.dll.vir	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vdmbyyxj.dll.vir	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir	Infected: Trojan.Win32.Zapchast.dt	skipped
C:\QooBox\Quarantine\catchme2008-02-10_191208.64.zip/odjjvpmz.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped
C:\QooBox\Quarantine\catchme2008-02-10_191208.64.zip	ZIP: infected - 1	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP25\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt	Object is locked	skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt	Object is locked	skipped
C:\WINDOWS\Internet Logs\GHASSAN.ldb	Object is locked	skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB	Object is locked	skipped
C:\WINDOWS\Internet Logs	vDebug.log	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0816D07A-0344-4E5E-A277-84E1D843A59F}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\BMG5.exe/{D3150260-5753-454D-9923-26CF37C6FECC}.dll	Infected: Trojan.Win32.VB.aft	skipped
C:\WINDOWS\system32\BMG5.exe	InstallCreator: infected - 1	skipped
C:\WINDOWS\system32\BMG5.exe	UPX: infected - 1	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\fidbox.dat	Object is locked	skipped
C:\WINDOWS\system32\drivers\fidbox.idx	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\umrhco8d.ini	Infected: not-a-virus:AdWare.Win32.Sahat.ao	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_98.dat	Object is locked	skipped
C:\WINDOWS\TEMP\ZLT07a01.TMP	Object is locked	skipped
C:\WINDOWS\TEMP\ZLT07a04.TMP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
C:\_OTMoveIt\MovedFiles\02132008_175231\WINDOWS\system32\bpcxcbny.VIR	Infected: not-a-virus:AdWare.Win32.Virtumonde.gen	skipped

Scan process completed.




SDFix: Version 1.140

Run by Administrator on Sun 03/02/2008 at 11:34 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found






Removing Temp Files...

ADS Check:
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 11:54:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 17


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 25 Jun 2007        61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"
Tue  3 Aug 2004        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue  8 Nov 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 22 Jan 2008       915,968 ...H. --- "C:\Program Files\RzGunz.com\Client 5\game.exe"
Mon 25 Jun 2007        61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll"
Tue  3 Aug 2004        60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe"
Wed 11 Aug 2004        73,728 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe"
Fri 12 Nov 2004        37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!



Et un Hijackthis ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:07 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform
msrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s
O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic
mapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform
mctxth.exe"
O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe
O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform
msrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html

FillPCA · Answer

Re,

Si tu as un peu de temps ce soir, ce serait bien qu'on finisse car le nettoyage a commencé il y a longtemps et ce n'est jamais bon de nettoyer sur une longue période.

1/ Supprime ta version de combofix et télécharge celle-ci : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2/     *  Sélectionne le texte suivant :

FILE::
C:\mti-hits.exe
C:\WINDOWS\system32\BMG5.exe
C:\WINDOWS\system32\umrhco8d.ini

RENV::
----a-w 5,724,184 2008-01-13 20:31:16 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-18 00:47:34 C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w 5,724,184 2008-01-20 01:06:28 C:\Program Files\Windows Live\Messenger\msnmsgr .exe 

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe 

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

3/ Edite le rapport Combofix et dis-moi comment le pc se porte.

FillPCA

Foud35 · Answer

D'accord, je suis prêt à le finir ce soir si tu es toujours libre : le rapport de combofix ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\mti-hits.exe C:\WINDOWS\system32\BMG5.exe C:\WINDOWS\system32\umrhco8d.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\mti-hits.exe C:\WINDOWS\system32\BMG5.exe C:\WINDOWS\system32\umrhco8d.ini . ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat 2008-02-27 19:36 . 2008-02-27 19:37 d-------- C:\Documents and Settings\User\Application Data\rzgunz.com 2008-02-23 20:28 . 2008-02-26 20:35 d-------- C:\Program Files\StepMania 2008-02-23 20:19 . 2008-02-23 20:19 d-------- C:\Documents and Settings\User\Application Data\fretsonfire 2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-20 18:49 . 2008-02-20 18:49 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-20 18:45 . 2008-02-20 18:48 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-20 18:45 . 2008-02-20 18:45 d-------- C:\Program Files\Zone Labs 2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-16 15:00 . 2008-02-16 15:00 d-------- C:\Program Files\Jmgr.info 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft Synchronization Services 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-15 22:56 . 2008-02-15 22:56 d-------- C:\Program Files\RzGunz.com 2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp 2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-13 19:44 . 2008-02-20 19:18 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-12 19:31 . 2008-02-12 20:46 d----c--- C:\_OTMoveIt 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-03-02 12:11 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-24 21:17 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour 2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++ 2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner 2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data 2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon 2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . [code]

----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe

[/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] "P2kAutostart"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8334:TCP"= 8334:TCP:BitComet 8334 TCP "8334:UDP"= 8334:UDP:BitComet 8334 UDP "67:UDP"= 67:UDP:DHCP Discovery Service R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 14:47:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = ??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-03 14:51:22 ComboFix-quarantined-files.txt 2008-03-03 19:51:06 ComboFix2.txt 2008-02-23 00:08:11 ComboFix3.txt 2008-02-20 23:29:44 ComboFix4.txt 2008-02-13 23:45:06 ComboFix5.txt 2008-02-13 00:26:42 . 2008-03-02 16:58:03 --- E O F ---

Foud35 · Answer

Je suis d'accord pour le finir ce soir, si tu es toujours disponible : le rapport combofix ; ComboFix 08-03-03.4 - User 2008-03-02 14:35:34.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT -5:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\mti-hits.exe C:\WINDOWS\system32\BMG5.exe C:\WINDOWS\system32\umrhco8d.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\mti-hits.exe C:\WINDOWS\system32\BMG5.exe C:\WINDOWS\system32\umrhco8d.ini . ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat 2008-02-27 19:36 . 2008-02-27 19:37 d-------- C:\Documents and Settings\User\Application Data\rzgunz.com 2008-02-23 20:28 . 2008-02-26 20:35 d-------- C:\Program Files\StepMania 2008-02-23 20:19 . 2008-02-23 20:19 d-------- C:\Documents and Settings\User\Application Data\fretsonfire 2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-20 18:49 . 2008-02-20 18:49 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-20 18:45 . 2008-02-20 18:48 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-20 18:45 . 2008-02-20 18:45 d-------- C:\Program Files\Zone Labs 2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-20 18:45 . 2008-03-02 11:48 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-16 15:00 . 2008-02-16 15:00 d-------- C:\Program Files\Jmgr.info 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft Synchronization Services 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-15 22:56 . 2008-02-15 22:56 d-------- C:\Program Files\RzGunz.com 2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp 2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-13 19:44 . 2008-02-20 19:18 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-12 19:31 . 2008-02-12 20:46 d----c--- C:\_OTMoveIt 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-03-02 12:11 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-24 21:17 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour 2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++ 2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner 2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data 2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon 2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . [code]

----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe

[/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] "P2kAutostart"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8334:TCP"= 8334:TCP:BitComet 8334 TCP "8334:UDP"= 8334:UDP:BitComet 8334 UDP "67:UDP"= 67:UDP:DHCP Discovery Service R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 14:47:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = ??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-03 14:51:22 ComboFix-quarantined-files.txt 2008-03-03 19:51:06 ComboFix2.txt 2008-02-23 00:08:11 ComboFix3.txt 2008-02-20 23:29:44 ComboFix4.txt 2008-02-13 23:45:06 ComboFix5.txt 2008-02-13 00:26:42 . 2008-03-02 16:58:03 --- E O F --- Désolé du double message, sinon j'ai oublié de répondre à l'autre question. Mon pc se porte bien, il ne lag quasiment plus jamais, plus aucun message d'erreur, fluide tout roule bien en dirait et je t'en remercie .

FillPCA · Answer

Re,

1/     *  Sélectionne le texte suivant :

RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr .exe

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Edite le rapport Combofix et un nouveau rapport Hijackthis.


FillPCA

Foud35 · Answer

Re, ComboFix 08-03-03.4 - User 2008-03-02 15:35:28.8 - NTFSx86 Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat 2008-02-27 19:36 . 2008-02-27 19:37 d-------- C:\Documents and Settings\User\Application Data\rzgunz.com 2008-02-23 20:28 . 2008-02-26 20:35 d-------- C:\Program Files\StepMania 2008-02-23 20:19 . 2008-02-23 20:19 d-------- C:\Documents and Settings\User\Application Data\fretsonfire 2008-02-20 18:58 . 2008-03-01 23:26 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-20 18:58 . 2008-03-01 23:26 24,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-20 18:49 . 2008-02-20 18:49 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-20 18:45 . 2008-02-20 18:48 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-20 18:45 . 2008-02-20 18:45 d-------- C:\Program Files\Zone Labs 2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-20 18:45 . 2008-03-03 15:17 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-16 15:00 . 2008-02-16 15:00 d-------- C:\Program Files\Jmgr.info 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft Synchronization Services 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-15 22:56 . 2008-02-15 22:56 d-------- C:\Program Files\RzGunz.com 2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp 2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-13 19:44 . 2008-02-20 19:18 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-12 19:31 . 2008-02-12 20:46 d----c--- C:\_OTMoveIt 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-03-02 12:11 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-24 21:17 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour 2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++ 2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner 2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data 2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon 2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . [code]

----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe

[/code] [color=red]Files Infected - Win32.Agent.zb[/color] . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] "P2kAutostart"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [ ] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8334:TCP"= 8334:TCP:BitComet 8334 TCP "8334:UDP"= 8334:UDP:BitComet 8334 UDP "67:UDP"= 67:UDP:DHCP Discovery Service R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 15:55:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = ??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-03 16:10:43 ComboFix-quarantined-files.txt 2008-03-03 21:10:24 ComboFix2.txt 2008-03-03 19:51:25 ComboFix3.txt 2008-02-23 00:08:11 ComboFix4.txt 2008-02-20 23:29:44 ComboFix5.txt 2008-02-13 23:45:06 . 2008-03-02 20:26:25 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:12:12 PM, on 3/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\User\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {E9AAC68A-5A64-0496-3BED-27800A4F0E94} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [avast!] ; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [BlockChecker] ; C:\Program Files\Block Checker\block-checker.exe O4 - HKLM\..\Run: [LocalCooling] ; "C:\Program Files\LocalCooling\localcooling.exe" -s O4 - HKLM\..\Run: [nmapp] ; "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [nmctxth] ; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [OrderReminder] ; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe O4 - HKLM\..\Run: [QMusic2] ; "C:\Program Files\BenQ\QMusic2\QMAgent.exe" O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PaSystem] ; "C:\Program Files\pasystem\pasystem.exe" O4 - HKCU\..\Run: [PopUpStopperFreeEdition] ; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [Skype] ; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] ; C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TheTurtle] ; C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [updateMgr] ; "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/ O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPUSB WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component 0: (no name) - C:\WINDOWS\system32\ad.html

FillPCA · Answer

Re,

Je me renseigne, car il y a un agent infectieux qui ne part pas.

FillPCA

Edite : peux-tu faire ceci :
    *  Télécharge GenProc (de Lazzzy et Narco4) sur ton bureau : http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
    * Dézippe-le sur ton bureau (Clic droit>Extraire ici).
    * Double-clique sur GenProc.bat et édite le rapport généré par le programme.
    * Tu trouveras une aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

FillPCA

Foud35 · Answer

Re, alors voilà : 

[1] GenProc 0.79 Mon 03/03/2008 : Aucune infection caractéristique trouvée !

FillPCA · Answer

OK. J'ai demandé de l'aide de la part de copains.

Une question : msn fonctionne normalement ?

FillPCA

Foud35 · Answer

Merci de ton aide .


Msn fonctionne fonctionne normalement, il se peut que le problème vient du fait que j'aie mal désinstaller le programme Msn discovery et que il y a un problème dessus ? Il me demande le fichier manquant pour msn discovery puis lorsque je clique sur ok il m'affiche msn normalement ? Devrai-je installer msn discovery et le dé-installer pour voir si sa corrigerai le problème ?

FillPCA · Answer

Re,

On va faire ceci :
1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKLM\..\Run: [avgnt] ; "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

Clique sur fix/réparer.

2/     * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :

C:\Program Files\Windows Live\Messenger\msnmsgr .exe

    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

EmptyTemp

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Lance combofix normalement.

4/ Essaie Windows Live messengers et dis-moi comment ça marche.

FillPCA

Foud35 · Answer

Re, File/Folder C:\Program Files\Windows Live\Messenger\msnmsgr .exe not found. [Custom Input] < EmptyTemp > File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF153.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF1B73.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD012.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFD053.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFFDB1.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT00714.TMP scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT07fa2.TMP scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. OTMoveIt2 v1.0.19 log created on 03032008_170439 ComboFix 08-03-03.4 - User 2008-03-03 17:22:47.9 - NTFSx86 Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!/b/color . ((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))) . 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat 2008-02-27 19:36 . 2008-02-27 19:37 d-------- C:\Documents and Settings\User\Application Data\rzgunz.com 2008-02-23 20:28 . 2008-02-26 20:35 d-------- C:\Program Files\StepMania 2008-02-23 20:19 . 2008-02-23 20:19 d-------- C:\Documents and Settings\User\Application Data\fretsonfire 2008-02-20 18:58 . 2008-03-03 17:09 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-20 18:58 . 2008-03-03 17:09 25,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-20 18:49 . 2008-02-20 18:49 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-20 18:45 . 2008-02-20 18:48 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-20 18:45 . 2008-02-20 18:45 d-------- C:\Program Files\Zone Labs 2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-20 18:45 . 2008-03-03 17:11 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-16 15:00 . 2008-02-16 15:00 d-------- C:\Program Files\Jmgr.info 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft Synchronization Services 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-15 22:56 . 2008-02-15 22:56 d-------- C:\Program Files\RzGunz.com 2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp 2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-13 19:44 . 2008-02-20 19:18 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-12 19:31 . 2008-02-12 20:46 d----c--- C:\_OTMoveIt 2008-02-10 17:30 . 2008-02-10 17:30 d-------- C:\WINDOWS\ERUNT 2008-02-10 17:28 . 2008-03-02 12:11 d----c--- C:\SDFix 2008-02-09 10:35 . 2008-03-02 12:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-02-24 21:17 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-04 10:22 . 2008-02-04 10:22 d-------- C:\Program Files\SnIco Edit 2008-02-03 21:13 . 2008-02-03 21:13 d-------- C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-03 21:08 . 2008-02-03 21:14 d----c--- C:\gunzmap 2008-02-03 20:58 . 2008-02-03 21:11 d-------- C:\Program Files\GtkRadiant 1.5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-24 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour 2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++ 2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-02-16 03:59 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Someplayer 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-13 23:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner 2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:20 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\Data 2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 14:11 --------- d-----r C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon 2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-07 17:33 --------- d-----w C:\Program Files\TheTurtle 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 15:42 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . [code]

----a-w         5,724,184 2008-01-13 20:31:16  C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
----a-w         5,724,184 2008-01-18 00:47:34  C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
----a-w         5,724,184 2008-01-20 01:06:28  C:\Program Files\Windows Live\Messenger\msnmsgr      .exe

/code ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 21:12 5724184] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2008-01-09 17:30 536576] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [ ] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] "P2kAutostart"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "LocalCooling"="C:\Program Files\LocalCooling\localcooling.exe" [2008-01-13 12:28 2056875] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0/u] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8334:TCP"= 8334:TCP:BitComet 8334 TCP "8334:UDP"= 8334:UDP:BitComet 8334 UDP "67:UDP"= 67:UDP:DHCP Discovery Service R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34] R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 07:17] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 17:40:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = ??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-03 17:54:39 ComboFix-quarantined-files.txt 2008-03-03 22:54:20 ComboFix2.txt 2008-03-03 21:10:47 ComboFix3.txt 2008-03-03 19:51:25 ComboFix4.txt 2008-02-23 00:08:11 ComboFix5.txt 2008-02-20 23:29:44 . 2008-03-03 22:08:55 --- E O F --- WLM semble fonctionne normalement, il a l'air plus fluide et un brin plus rapide , l'infection est-elle toujours présente ?

FillPCA · Answer

Re,

Elle apparait dans le rapport, mais je pense à un faux-positif. Je pense que c'est réglé, mais je t'apporte confirmation dès que j'ai du nouveau.

En attendant, peux-tu faire ceci ?
    * Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    * Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
    * Ton Bureau va disparaître. Ceci est normal.
    * S'il ne réapparait pas, fais ceci :  CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
      Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

FillPCA

Foud35 · Answer

Ça va aucun problème,  je l'ai effectué :

-->- Suppression: 

C:\Documents and Settings\User\Desktop\SdFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\OtMoveIt2.exe: supprimé !
C:\Documents and Settings\User\Desktop\ComboFix.exe: supprimé !
C:\Documents and Settings\User\Desktop\HijackThis.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\User\Desktop\LopXpMh2: supprimé !
C:\Documents and Settings\User\Desktop\GenProc: supprimé !

FillPCA · Answer

Salut,

J'ai peut-être une piste.

FillPCA

Foud35 · Answer

Ah d'accord c'est une bonne nouvelle, si tu as besoin d'un coup de pouce pour recherche, tu pourrais me dire les mots-clefs principales et je chercherai sur google, puisque je ne connais pas le nom ou le type de l'infection

FillPCA · Answer

Salut,

Les difficultés du nettoyage seraient apparemment liées au mode d'affichage lié à ce forum. On va se resservir de Combofix.

    *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Envoie-moi ce rapport soit par un serveur d'hébergement comme YousendIt ou par Email à l'adresse suivante : 
ncquqtqz@trashmail.net

FillPCA

Foud35 · Answer

Salut !

Voilà scan effectué et disponible ici même : 

https://www.hightail.com/

Merci !

FillPCA · Answer

bonjour,

Le format d'affichage est en effet différent !

    *  Sélectionne le texte suivant :

RENV::
C:\Program Files\Windows Live\Messenger\msnmsgr        .exe
C:\Program Files\Windows Live\Messenger\msnmsgr       .exe
C:\Program Files\Windows Live\Messenger\msnmsgr      .exe


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite ce rapport.

FillPCA

Foud35 · Answer

Salut voilà le scan effectué, je l'ai aussi hebergé sur YouSendIt au cas ou il y aurait un problème : https://www.hightail.com/ et ComboFix 08-03-04.4 - User 2008-03-05 10:51:21.11 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.257 [GMT -5:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))) . 2008-03-04 20:49 . 2008-03-04 20:49 d-------- C:\Program Files\Uniblue 2008-03-04 20:49 . 2008-03-04 20:51 d-------- C:\Documents and Settings\User\.LocalCooling 2008-03-04 20:49 . 2008-03-04 20:49 d--h----- C:\Documents and Settings\All Users\Application Data\{7C24407D-548F-4211-9AD3-2549A100B03D} 2008-03-04 16:41 . 2008-03-04 17:16 d-------- C:\Program Files\ManyCam 2.2 2008-03-04 13:28 . 2008-03-04 13:28 2,208 --a------ C:\WINDOWS\system32\drivers\nxsIO32.sys 2008-03-03 20:42 . 2008-03-03 20:42 d-------- C:\Documents and Settings\All Users\Application Data\BOONTY 2008-03-03 20:41 . 2008-03-03 20:41 d-------- C:\Program Files\Common Files\BOONTY Shared 2008-03-03 20:40 . 2008-03-03 20:40 d-------- C:\Program Files\BoontyGames 2008-03-03 20:40 . 2008-03-03 20:40 d-------- C:\Program Files\Boonty 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-03-01 10:27 . 2008-03-01 10:27 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-02-27 19:37 . 2008-02-27 19:40 5 --a------ C:\Program Files\ntde.dat 2008-02-27 19:36 . 2008-02-27 19:37 d-------- C:\Documents and Settings\User\Application Data\rzgunz.com 2008-02-23 20:28 . 2008-03-03 20:48 d-------- C:\Program Files\StepMania 2008-02-23 20:19 . 2008-02-23 20:19 d-------- C:\Documents and Settings\User\Application Data\fretsonfire 2008-02-20 18:58 . 2008-03-04 22:22 3,334,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-20 18:58 . 2008-03-04 22:22 32,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-20 18:49 . 2008-02-20 18:49 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-02-20 18:48 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-20 18:48 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-20 18:48 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-20 18:45 . 2008-02-20 18:48 d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-20 18:45 . 2008-02-20 18:45 d-------- C:\Program Files\Zone Labs 2008-02-20 18:45 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-20 18:45 . 2008-03-05 09:58 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-16 15:00 . 2008-02-16 15:00 d-------- C:\Program Files\Jmgr.info 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft Synchronization Services 2008-02-15 23:01 . 2008-02-15 23:01 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-02-15 22:56 . 2008-02-15 22:56 d-------- C:\Program Files\RzGunz.com 2008-02-13 21:40 . 2008-02-13 21:44 72,454,144 --a--c--- C:\25C.tmp 2008-02-13 19:45 . 2008-02-20 19:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-13 19:45 . 2008-02-20 19:15 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-13 19:44 . 2008-02-20 19:18 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-13 19:44 . 2008-02-20 19:15 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\User\Application Data\Grisoft 2008-02-13 18:16 . 2008-02-13 18:16 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-13 18:16 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-10 17:30 . 2008-03-03 18:28 d-------- C:\WINDOWS\ERUNT 2008-02-09 10:35 . 2008-03-03 20:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-09 10:35 . 2008-02-09 10:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-07 19:36 . 2008-03-05 10:35 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2 2008-02-07 19:29 . 2008-02-07 19:30 d-------- C:\Program Files\OpenOffice.org 2.3 2008-02-07 19:27 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-05 00:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-04 20:14 --------- d-----w C:\Program Files\Common Files\NewSoft 2008-03-04 19:34 --------- d-----w C:\Program Files\TheTurtle 2008-03-04 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 22:10 861,045 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-03 20:15 275,456 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-02-29 02:03 2,416,128 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-29 01:36 --------- d-----w C:\Documents and Settings\User\Application Data\Canon 2008-02-21 02:05 --------- d-----w C:\Program Files\Bonjour 2008-02-19 01:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-19 01:01 --------- d-----w C:\Program Files\Notepad++ 2008-02-19 00:58 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-02-19 00:56 --------- d-----w C:\Program Files\Dynex Wireless G Enhanced Adapter 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\User\Application Data\Someplayer 2008-02-16 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Someplayer 2008-02-13 23:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-13 23:25 --------- d-----w C:\Program Files\MessengerPlus! 3 2008-02-13 23:25 --------- d-----w C:\Program Files\LocalCooling 2008-02-08 00:27 --------- d-----w C:\Program Files\Java 2008-02-04 15:22 --------- d-----w C:\Program Files\SnIco Edit 2008-02-04 02:13 --------- d-----w C:\Documents and Settings\User\Application Data\RadiantSettings 2008-02-04 02:11 --------- d-----w C:\Program Files\GtkRadiant 1.5.0 2008-02-03 14:43 --------- d-----w C:\Program Files\Google 2008-02-02 18:03 --------- d-----w C:\Program Files\CCleaner 2008-01-27 03:53 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-01-26 16:35 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory 2008-01-26 16:35 --------- d-----w C:\Program Files\GtkRadiant-1.4 2008-01-20 17:39 --------- d-----w C:\Program Files\EasyPHP1-8 2008-01-20 17:29 --------- d-----w C:\Program Files\e-anim701 2008-01-20 16:20 --------- d-----r C:\Documents and Settings\All Users\Application Data\Data 2008-01-20 16:12 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-20 04:20 --------- d-----w C:\Program Files\themexp 2008-01-20 04:17 --------- d-----w C:\Program Files\psdriver 2008-01-20 04:11 --------- d--h--w C:\Program Files\m 2008-01-20 04:07 --------- d-----w C:\Program Files\Exolon 2008-01-19 15:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback 2008-01-19 14:11 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon 2008-01-19 14:08 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-01-19 13:57 --------- d-----w C:\Documents and Settings\User\Application Data\SystemRequirementsLab 2008-01-14 10:06 21,632 ----a-w C:\WINDOWS\system32\drivers\ManyCam.sys 2008-01-13 19:01 --------- d-----w C:\Program Files\RaGEZONE 2008-01-12 20:56 20,480 ----a-w C:\WINDOWS\quit.exe 2008-01-12 17:48 --------- d-----w C:\Program Files\SlySoft 2008-01-11 00:17 --------- d-----w C:\Program Files\RaGEZONE GunZ C4.7 2008-01-06 22:01 --------- d--h--w C:\Documents and Settings\User\Application Data\ijjigame 2008-01-05 15:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-05 03:50 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-05 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-01-05 03:20 --------- d-----w C:\Program Files\Windows Live 2007-12-31 23:30 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-12-11 22:35 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 22:32 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2006-12-09 04:37 3,896 ----a-w C:\Documents and Settings\User\psetup.exe 2004-08-04 04:56 60,416 -csha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe 2004-08-11 05:45 73,728 -csha-w C:\WINDOWS\BricoPacks\SysFiles\71_wmplayer.exe . ((((((((((((((((((((((((((((( snapshot@2008-03-04_19.33.54.04 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-05 14:58:01 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_c0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-19 20:06 5724184] "PaSystem"="C:\Program Files\pasystem\pasystem.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ] "TheTurtle"="C:\Program Files\TheTurtle\TheTurtle.exe" [2005-09-15 12:44 815104] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-09 17:30 307200] "P2kAutostart"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [2008-01-09 17:29 36975] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-13 21:48 79224] "BlockChecker"="C:\Program Files\Block Checker\block-checker.exe" [ ] "nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2008-01-09 17:29 451896] "nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 17:29 451896] "OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2008-01-09 17:29 98304] "QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]] Source= C:\WINDOWS\system32\ad.html FriendlyName= [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "AntiVirService"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "PopUpStopperFreeEdition"=; "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LocalCooling"=; "C:\Program Files\LocalCooling\localcooling.exe" -s [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8334:TCP"= 8334:TCP:BitComet 8334 TCP "8334:UDP"= 8334:UDP:BitComet 8334 UDP "67:UDP"= 67:UDP:DHCP Discovery Service R2 Dynex DX-WGPUSB WLService;Dynex Wireless G Enhanced Adapter Service;C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 16:08] R2 nxsIO32;NextSensor Kernel I/O Driver;C:\WINDOWS\System32\DRIVERS\nxsIO32.sys [2008-03-04 13:28] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2002-12-10 09:11] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 05:06] R3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2003-04-09 10:44] S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-03-03 20:41] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-05 11:01:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run P2kAutostart = ??? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\Program Files\TheTurtle\rkmt.dll PROCESS: C:\WINDOWS\system32\csrss.exe -> C:\Program Files\TheTurtle\rkmt.dll . Completion time: 2008-03-05 11:05:27 ComboFix2.txt 2008-03-05 00:35:43 ComboFix3.txt 2008-03-03 22:54:42 . 2008-03-05 03:21:41 --- E O F --- Merci :)

FillPCA · Answer

Salut,

1/     *  Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
          o afficher les fichiers et dossiers cachés,
          o décocher "masquer les extensions des fichiers dont le type est connu",
          o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

2/     *  Peux-tu tester ceci : C:\WINDOWS\system32\drivers
xsIO32.sys
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

FillPCA

Foud35 · Answer

Salut rapport effectué :
 Fichier nxsIO32.sys reçu le 2008.03.05 22:40:38 (CET)
Situation actuelle:  terminé
Résultat: 1/32 (3.13%)
	
Antivirus 	Version 	Dernière mise à jour 	Résultat
AhnLab-V3	2008.3.4.0	2008.03.05	-
AntiVir	7.6.0.73	2008.03.05	-
Authentium	4.93.8	2008.03.04	-
Avast	4.7.1098.0	2008.03.05	-
AVG	7.5.0.516	2008.03.05	-
BitDefender	7.2	2008.03.05	-
CAT-QuickHeal	9.50	2008.03.05	-
ClamAV	0.92.1	2008.03.05	-
DrWeb	4.44.0.09170	2008.03.05	-
eSafe	7.0.15.0	2008.02.28	-
eTrust-Vet	31.3.5590	2008.03.05	-
Ewido	4.0	2008.03.05	-
FileAdvisor	1	2008.03.05	-
Fortinet	3.14.0.0	2008.03.05	-
F-Prot	4.4.2.54	2008.03.04	-
F-Secure	6.70.13260.0	2008.03.05	-
Ikarus	T3.1.1.20	2008.03.05	-
Kaspersky	7.0.0.125	2008.03.05	-
McAfee	5245	2008.03.05	-
Microsoft	1.3301	2008.03.05	-
NOD32v2	2923	2008.03.05	-
Norman	5.80.02	2008.03.05	-
Panda	9.0.0.4	2008.03.05	-
Prevx1	V2	2008.03.05	-
Rising	20.34.22.00	2008.03.05	-
Sophos	4.27.0	2008.03.05	-
Sunbelt	3.0.930.0	2008.03.05	-
Symantec	10	2008.03.05	-
TheHacker	6.2.92.233	2008.03.04	-
VBA32	3.12.6.2	2008.03.05	-
VirusBuster	4.3.26:9	2008.03.05	-
Webwasher-Gateway	6.6.2	2008.03.05	Win32.Malware.gen!88 (suspicious)
Information additionnelle
File size: 2208 bytes

Merci d'avance

FillPCA · Answer

Re,

1/ Je te conseille de désinstaller Boonty Games, qui n'a pas très bonne réputation.

2/ 
    *  Télécharge OTMoveIt2  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    * Double-clique sur OTMoveIt.exe pour lancer le programme,
    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :

C:\Documents and Settings\All Users\Application Data\{7C24407D-548F-4211-9AD3-2549A100B03D}
C:\Program Files
tde.dat
C:\Documents and Settings\User\Application Datazgunz.com
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\BoontyGames
C:\Program Files\Boonty

Si tu n'as pas désinstallé Boonty Games, tu gardes les 4 dernières lignes situées au-dessus.

    * Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" :

EmptyTemp

    * Clique sur MoveIt! pour lancer la suppression,
    * Le résultat appraraîtra dans le cadre Results.
    * Clique sur Exit pour fermer le programme.
    * Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles
    * Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Fais un scan en ligne en utilisant Kaspersky à l'aide de ce tuto : https://forum.pcastuces.com/default.asp

4/ Edite le rapport OTMoveIt et le rapport Kaspersky.

Dis-moi comment le pc se porte.

FillPCA

Foud35 · Answer

Salut, voilà après 11 heures de scan voici les rapports :

C:\Documents and Settings\All Users\Application Data\{7C24407D-548F-4211-9AD3-2549A100B03D} moved successfully.
C:\Program Files
tde.dat moved successfully.
C:\Documents and Settings\User\Application Datazgunz.com\NabTrap\0.5.0.1000 moved successfully.
C:\Documents and Settings\User\Application Datazgunz.com\NabTrap moved successfully.
C:\Documents and Settings\User\Application Datazgunz.com moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY moved successfully.
C:\Program Files\Common Files\BOONTY Shared\Service moved successfully.
C:\Program Files\Common Files\BOONTY Shared moved successfully.
C:\Program Files\BoontyGames moved successfully.
C:\Program Files\Boonty\Components moved successfully.
C:\Program Files\Boonty moved successfully.
[Custom Input]
< EmptyTemp >
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF3A12.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF4A6D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DF4B3C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFE252.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\~DFE659.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_18c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\ZLT0527b.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\ZLT0527e.TMP scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
 
OTMoveIt2 v1.0.20 log created on 03052008_180730




-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Thursday, March 06, 2008 10:22:36 PM
 Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky On-line Scanner version : 5.0.98.0
 Dernière mise à jour de la base antivirus Kaspersky :  6/03/2008
 Enregistrements dans la base antivirus Kaspersky : 603975
-------------------------------------------------------------------------------

Paramètres d'analyse:
	Analyser avec la base antivirus suivante: étendue
	Analyser les archives: vrai
	Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\

Statistiques de l'analyse:
	Total d'objets analysés: 92637
	Nombre de virus trouvés: 4
	Nombre d'objets infectés: 7
	Nombre d'objets suspects: 0
	Durée de l'analyse: 11:22:19

Nom de l'objet infecté / Nom du virus / Dernière action
C:\4b3a8ae29d4df862afbdaeb1\Forum\fond.jpg	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\fond.png	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_activate.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_send_email.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_welcome_activated.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\admin_welcome_inactive.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\coppa_welcome_inactive.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_added.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_approved.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\group_request.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_aim.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_edit.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_email.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_icq_add.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_ip.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_msnm.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_pm.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_profile.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_quote.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_search.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_www.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\icon_yim.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\index.htm	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\install.txt	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_admin.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_bbcode.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_faq.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\lang_main.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\msg_newpost.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\post.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\privmsg_notify.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\profile_send_email.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forumeply-locked.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forumeply.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\search_stopwords.txt	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\search_synonyms.txt	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum	opic_notify.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_activate.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_activate_passwd.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_welcome.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Forum\user_welcome_inactive.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\ban.png	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\corps.png	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\footer.png	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\menu.png	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\Forum\Images\placepub.png	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_activate.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_send_email.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_welcome_activated.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\admin_welcome_inactive.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\coppa_welcome_inactive.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_added.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_approved.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\group_request.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_aim.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_edit.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_email.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_icq_add.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_ip.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_msnm.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_pm.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_profile.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_quote.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_search.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_www.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\icon_yim.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\index.htm	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\install.txt	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_admin.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_bbcode.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_faq.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\lang_main.php	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\msg_newpost.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\post.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\privmsg_notify.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\profile_send_email.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTCeply-locked.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTCeply.gif	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\search_stopwords.txt	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\search_synonyms.txt	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC	opic_notify.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_activate.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_activate_passwd.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_welcome.tpl	L'objet est verrouillé	ignoré
C:\4b3a8ae29d4df862afbdaeb1\PTC\user_welcome_inactive.tpl	L'objet est verrouillé	ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT	L'objet est verrouillé	ignoré
C:\Documents and Settings\LocalService
tuser.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT	L'objet est verrouillé	ignoré
C:\Documents and Settings\NetworkService
tuser.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\cert8.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\formhistory.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\GoogleToolbarData\googlesafebrowsing.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\history.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\key3.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\parent.lock	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\search.sqlite	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\urlclassifier2.sqlite	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\OpenOffice.org2\user\uno_packages\cache\log.txt	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\OpenOffice.org2\user\uno_packages\cacheegistry\com.sun.star.comp.deployment.component.PackageRegistryBackend\common_.rdb	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\OpenOffice.org2\user\uno_packages\cacheegistry\com.sun.star.comp.deployment.component.PackageRegistryBackend\Windows_x86_.rdb	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\OpenOffice.org2\user\uno_packages\cacheegistry\com.sun.star.comp.deployment.configuration.PackageRegistryBackendegistered_packages.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Application Data\OpenOffice.org2\user\uno_packages\cache\uno_packages.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Cookies\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\bardawilgas@msn.com\SharingMetadata\Logs\Dfsr00005.log	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\bardawilgas@msn.com\SharingMetadata\pending.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\bardawilgas@msn.com\SharingMetadata\Working\database_AEA4_A6B7_A4A6_8187\dfsr.db	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\bardawilgas@msn.com\SharingMetadata\Working\database_AEA4_A6B7_A4A6_8187\fsr.log	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\bardawilgas@msn.com\SharingMetadata\Working\database_AEA4_A6B7_A4A6_8187\fsrtmp.log	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Messenger\bardawilgas@msn.com\SharingMetadata\Working\database_AEA4_A6B7_A4A6_8187	mp.edb	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows Live Contacts\bardawilgas@msn.comeal\members.stg	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows Live Contacts\bardawilgas@msn.com\shadow\members.stg	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\Cache\5D96378Ad01	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\Cache\_CACHE_001_	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\Cache\_CACHE_002_	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\Cache\_CACHE_003_	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\ipxx929z.default\Cache\_CACHE_MAP_	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temp\Perflib_Perfdata_9e4.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temp\~DF1FE4.tmp	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temp\~DF29AB.tmp	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temp\~DF2D6C.tmp	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temp\~DF54E0.tmp	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temp\~DFC662.tmp	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temp\~DFC6A2.tmp	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\My Documents\Mes archives de conversations\March 2008\m_a_r_c_007@hotmail.com.html	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\My Documents\Mes archives de conversations\March 2008afunit@hotmail.com.html	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\NTUSER.DAT	L'objet est verrouillé	ignoré
C:\Documents and Settings\User\NTUSER.DAT.LOG	L'objet est verrouillé	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	L'objet est verrouillé	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	L'objet est verrouillé	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	L'objet est verrouillé	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	L'objet est verrouillé	ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log	L'objet est verrouillé	ignoré
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt	L'objet est verrouillé	ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase	L'objet est verrouillé	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP27\A0006861.exe/data0004	Infecté : not-a-virus:AdWare.Win32.EZula.cc	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP27\A0006861.exe	NSIS: infecté - 1	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP27\A0006862.exe/{D3150260-5753-454D-9923-26CF37C6FECC}.dll	Infecté : Trojan.Win32.VB.aft	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP27\A0006862.exe	InstallCreator: infecté - 1	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP27\A0006862.exe	UPX: infecté - 1	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP27\A0006863.ini	Infecté : not-a-virus:AdWare.Win32.Sahat.ao	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP33\A0008689.dll	Infecté : not-a-virus:AdWare.Win32.Virtumonde.gen	ignoré
C:\System Volume Information\_restore{2D67E47B-B92A-4750-B82B-16051B33A8FB}\RP40\change.log	L'objet est verrouillé	ignoré
C:\WINDOWS\Debug\PASSWD.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\SchedLgU.Txt	L'objet est verrouillé	ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{3E010703-80A8-440E-9C8D-88FD7A4DAC36}.bin	L'objet est verrouillé	ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	L'objet est verrouillé	ignoré
C:\WINDOWS\Sti_Trace.log	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\CatRoot2\edb.log	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\CatRoot2	mp.edb	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\Antivirus.Evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\AppEvent.Evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\default	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\default.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SAM	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SAM.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SecEvent.Evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SECURITY	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SECURITY.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\software	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\software.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\SysEvent.Evt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\system	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\config\system.LOG	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\drivers\fidbox.dat	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\drivers\fidbox.idx	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\h323log.txt	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	L'objet est verrouillé	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	L'objet est verrouillé	ignoré
C:\WINDOWS\TEMP\Perflib_Perfdata_98.dat	L'objet est verrouillé	ignoré
C:\WINDOWS\wiadebug.log	L'objet est verrouillé	ignoré
C:\WINDOWS\wiaservc.log	L'objet est verrouillé	ignoré
C:\WINDOWS\WindowsUpdate.log	L'objet est verrouillé	ignoré

Analyse terminée.

FillPCA · Answer

Salut,

OK. Des traces d'infections anciennes.

1/
·	Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
·	Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
·	Ton Bureau va disparaître. Ceci est normal.
·	S'il ne réapparait pas, fais ceci :  CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau.

2/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
Tu peux par contre, garder AVG Antispyware et CCleaner.
3/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois  ouvrir une session Administrateur sous Windows XP. 
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. 
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs" 
> Appliquer et Ok. Redémarrer l'ordinateur.
Comment faire pour...(lettre A):  https://forum.pcastuces.com/comment_faire_pour__-f25s3902.htm

4/ Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp
5/ Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Tes infections : Vundo, Win32.Sahat, Trojan.Win32.VB.aft, Win32.EZula, SDBot, lop, Adware.Softomate, Adware.Winad, Trojan.Crypt.e ***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM 
6/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
7/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf et prudence !

FillPCA

Foud35 · Answer

Merci infiniment de ton aide, je vais bien suivre les conseilles de sécurité et empêcher ses intrusions néfastes . Je compte aussi faire avancé les choses voilà mon sujet :
http://www.malwarecomplaints.info/viewtopic.php?p=14530#14530

Je te remercie infiniment, et en voyant la grand liste de ses intrusions je fus stupéfait

FillPCA · Answer

Salut,

Content d'avoir pu t'aider. 
Bon surf !

FillPCA

afideg · Answer

Bonjour
Encore bravo FillPCA 
Bon dimanche à vous deux
Al.

FillPCA · Answer

Salut Al,

Oui, content que ce soit réglé.

FillPCA

Énorme plantage suite à un erreur du système

47 réponses

Votre réponse

Discussions similaires

Newsletters