Sujet Précédent Sujet Suivant

Vista Anti-virus 2008

Fermé
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008 - 13 nov. 2008 à 00:19
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008 - 13 nov. 2008 à 04:14
Bonjour,

Je semble avoir un virus sur mon ordi... j'ai un programme qui a rentre sure mon ordi qui s'appel Vista anti-virus 2008 et je ne suis pas capable m'en debarasser :( il n'arrete pas de faire des pop-ups sur mon ordi qui interompte tout ce que j'essaye de faire. Pouvez-vous svp m'offrire de l'aide?

15 réponses

Réponse 1 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 00:23
Salut !!

▶ Fais un rapport hijackthis pour que je puisse vérifier les infections de ton pc stp


▶ Télécharge hijackthis et enregistre le fichier d'installation sur ton bureau.

▶ Ensuite double-cliques sur le fichier d'installation puis sur "exécuter".

▶ Cliques sur "Install" en vérifiant que le chemin d'installation est bien dans tes programmes et puis sur "I Accept".

▶ Cliques sur "Do a system scan and save a logfile".

▶ Laisse l'analyse se terminer jusqu'à l'apparition du rapport dans le bloc note.

▶ Ensuite fais un copié/collé du rapport dans ta prochaine réponse sur le forum



Comment copier/coller le rapport :


Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 00:25
Voici le rapport que j'ai recu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:49, on 2008-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\windows\system32\alert.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\windows\system32\MalwareKiller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NVideoSupport Class - {15C3F151-CC22-4146-8F73-05D0CD987982} - C:\WINDOWS\system32nvideo.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Quick Access Toolbar - {1813785D-9CFB-45A0-9CBC-3E84F7A8471F} - C:\WINDOWS\system32GSearchTB.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Owner\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [alert.exe] C:\windows\system32\alert.exe
O4 - HKLM\..\Run: [Update.exe] C:\windows\system32\Update.exe
O4 - HKLM\..\Run: [MalwareKiller.exe] C:\windows\system32\MalwareKiller.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
0
Réponse 2 / 15
thieumdine Messages postés 66 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 5 février 2009 13
13 nov. 2008 à 00:25
salut,
j'ai eu un cas similaire sur le pc d'une amie il y a peu de temps... mais avec un soit-disant antivirus 2009.
Si ça peut t'aider, le nom du programme était av2009.exe.
Un cou de "Spybot search and destroy" a suffit à résoudre le problème.
Sinon cherche un truc du genre av2008, et supprime le à la main ou sinon si tu as un doute renommes le... il ne redémarrera pas si le nom appelé au démarrage n'est pas le bon.
Ou encore il faut regarder du côté des logiciels lancés au démarrage du pc...
voilà
bonne nuit
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 00:28
d'accord je vais verifier...

merci
0
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 00:30
Ce n est pas avec spybot que tu vas t en débarrasser...

Et en supprimant le dossier, tu fais quoi de la clé de registre ??!!
0
thieumdine Messages postés 66 Date d'inscription lundi 10 novembre 2008 Statut Membre Dernière intervention 5 février 2009 13 > geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010
13 nov. 2008 à 00:45
un coup de regcleaner par dessus...
0
Réponse 3 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 00:29
Le rapport que tu m as donné n est pas un rapport que tu viens de faire :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:49, on 2008-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 00:30
Qu'est ce que tu veux dire j'ai suivi les instruction que tu m'as donner et ca m'as donner ca est-ce que je devrais le reessayer?
0
Réponse 4 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 00:31
Tu habite où ?? En France ??
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 00:32
Non j'habite au Canada... En Ontario pour etre plus precis.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 00:33
ok... Commence par faire ceci stp :

Option 1 - Recherche :


▶ télécharge smitfraudfix et enregistre le sur le bureau

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.


Voici un tutoriel sonore et animé en cas de problème d'utilisation



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 00:40
voici le rapport:

SmitFraudFix v2.375

Scan done at 18:36:47,50, 2008-11-12
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\windows\system32\alert.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\windows\system32\MalwareKiller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VAV\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Program,Files\\PremierOpinion\\pmai.dll,C:\\Program,Files\\PremierOpinion\\pmai.dll,C:\\Program,Files\\PremierOpinion\\pmai.dll,C:\\Program Files\\PremierOpinion\\pmai.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 64.71.255.198

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 6 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 00:40
ok maintenant fais ceci stp :

Option 2 - Nettoyage :


redémarre le PC en mode sans échec

▶ Double cliquer sur smitfraudfix

▶ Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

▶ A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

▶ Enregistre le rapport sur ton bureau


▶ Redémarrer en mode normal et poster le rapport.
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 01:02
voici le rapport:

SmitFraudFix v2.375

Scan done at 18:55:07,07, 2008-11-12
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts



»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\VAV\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 7 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 01:03
ok maintenant :

▶ Télécharge malwarebyte's anti-malware

▶ Voici un tutoriel pour t'aider à l'utiliser.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée


Et ensuite refais un nouveau rapport hijackthis stp
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 01:44
voici le rapport du scan:

Malwarebytes' Anti-Malware 1.30
Database version: 1391
Windows 5.1.2600 Service Pack 2

2008-11-12 19:42:59
mbam-log-2008-11-12 (19-42-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 108704
Time elapsed: 36 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 42
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 24

Memory Processes Infected:
C:\Program Files\VAV\vav.exe (Rogue.Antivirus) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Adware.Rotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\banneradsgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\VAV\vav.exe (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0098861.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0098863.exe (Adware.RK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0099853.dll (Adware.RK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0099868.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0099869.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0101890.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0101893.exe (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0101895.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8669F2A9-13D9-43DE-AA07-AF3F40FA061C}\RP493\A0101909.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\LOT66225.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{1cd506a3-72e6-1dc0-693d-52bf88adc1c0}.dll-uninst.exe (Adware.Rotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{70655156-21c7-79ee-de3d-75816de81999}.dll-uninst.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

comme tu m'as demander je vais refaire un scan avec hijack this et je vais t'envoyer le rapport
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 01:46
voici le rapport de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:12, on 2008-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\windows\system32\alert.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\windows\system32\MalwareKiller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NVideoSupport Class - {15C3F151-CC22-4146-8F73-05D0CD987982} - C:\WINDOWS\system32nvideo.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Quick Access Toolbar - {1813785D-9CFB-45A0-9CBC-3E84F7A8471F} - C:\WINDOWS\system32GSearchTB.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Owner\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [alert.exe] C:\windows\system32\alert.exe
O4 - HKLM\..\Run: [Update.exe] C:\windows\system32\Update.exe
O4 - HKLM\..\Run: [MalwareKiller.exe] C:\windows\system32\MalwareKiller.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
0
Réponse 8 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 02:04
On continue...

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 02:32
voici le rapport de combofix:

ComboFix 08-11-11.01 - Owner 2008-11-12 20:17:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.195 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\TriJinx.1.0.0.67
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\MSINET.oca
c:\windows\system32\Update.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-12 19:04 . 2008-11-12 19:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-12 19:04 . 2008-11-12 19:04 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-12 19:04 . 2008-11-12 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-12 19:04 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-12 19:04 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-12 18:52 . 2005-04-27 15:54 <DIR> d-------- c:\documents and settings\Administrator.YOUR-A9A3FB198C\WINDOWS
2008-11-12 18:52 . 2005-09-07 11:07 <DIR> d-------- c:\documents and settings\Administrator.YOUR-A9A3FB198C\Application Data\SampleView
2008-11-12 18:52 . 2008-11-12 18:52 <DIR> d-------- c:\documents and settings\Administrator.YOUR-A9A3FB198C
2008-11-12 18:36 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-12 18:36 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-12 18:36 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-12 18:36 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-12 18:36 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-12 18:36 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-12 18:36 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-12 18:36 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-12 18:36 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-12 18:36 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-12 18:36 . 2008-11-12 18:55 4,362 --a------ c:\windows\system32\tmp.reg
2008-11-12 18:24 . 2008-11-12 18:24 <DIR> d-------- c:\program files\Trend Micro
2008-11-11 20:09 . 2008-11-11 20:09 233,472 --a------ c:\windows\system32\alert.exe
2008-11-11 20:09 . 2008-11-12 19:00 196,608 --a------ c:\windows\system32nvideo.dll
2008-11-11 20:09 . 2008-11-12 19:00 167,936 --a------ c:\windows\system32GSearchTB.dll
2008-11-11 20:09 . 2008-11-11 20:09 57,344 --a------ c:\windows\system32\MalwareKiller.exe
2008-11-11 20:04 . 2008-11-11 20:04 96,093 --a------ c:\windows\system32\xnhkdjstkzhazgvk.dll-uninst.exe
2008-11-11 17:52 . 2008-11-11 17:52 <DIR> d-------- c:\documents and settings\Owner\Application Data\Mushroom Age
2008-11-11 17:42 . 2008-11-11 17:42 <DIR> d-------- c:\documents and settings\Owner\Application Data\iWinArcade
2008-11-08 12:59 . 2008-11-08 12:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Mushroom Age
2008-11-07 23:07 . 2008-11-07 23:07 <DIR> d-------- C:\games
2008-11-07 21:44 . 2008-11-07 21:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Redrum
2008-10-23 20:35 . 2008-10-23 20:35 <DIR> dr------- c:\documents and settings\Owner\Application Data\Brother

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 02:48 --------- d-----w c:\documents and settings\All Users\Application Data\iWin Games
2008-11-12 01:51 --------- d-----w c:\program files\SUPERAntiSpyware
2008-11-12 01:08 --------- d-----w c:\program files\DivX
2008-11-12 00:56 --------- d-----w c:\program files\iWin.com
2008-11-12 00:55 --------- d-----w c:\program files\Garfield 2
2008-11-12 00:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-07 23:32 --------- d-----w c:\program files\bfgclient
2008-10-29 01:28 --------- d-----w c:\documents and settings\Owner\Application Data\Flood Light Games
2008-10-29 01:28 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-10-10 16:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-05 21:07 --------- d-----w c:\program files\LimeWire
2008-10-03 02:29 --------- d-----w c:\program files\MSECache
2008-09-28 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-09-14 21:29 --------- d-----w c:\documents and settings\Owner\Application Data\Ace
2008-09-14 19:43 --------- d-----w c:\program files\hp deskjet 656c series
2008-09-14 19:04 --------- d-----w c:\program files\Yahoo! Games
2008-09-14 19:03 --------- d-----w c:\program files\QuickTime
2008-09-14 19:01 --------- d-----w c:\program files\Common Files\Real
2008-06-24 03:29 0 ----a-w c:\program files\temp01
2006-10-27 21:42 774,144 -c--a-w c:\program files\RngInterstitial.dll
2006-10-11 18:07 282 -c--a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15C3F151-CC22-4146-8F73-05D0CD987982}]
2008-11-12 19:00 196608 --a------ c:\windows\system32nvideo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1813785D-9CFB-45A0-9CBC-3E84F7A8471F}"= "c:\windows\system32GSearchTB.dll" [2008-11-12 167936]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-24 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-24 118784]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-01-24 949376]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Easy Dock"="c:\documents and settings\Owner\My Documents\RCA easyRip\EZDock.exe" [2008-07-29 532480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"alert.exe"="c:\windows\system32\alert.exe" [2008-11-11 233472]
"MalwareKiller.exe"="c:\windows\system32\MalwareKiller.exe" [2008-11-11 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\documents and settings\Owner\My Documents\RCA Detective\RCADetective.exe [2008-08-19 1069056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-09-07 1742384]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2006-09-12 1421328]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
--a------ 1998-11-30 18:04 497376 c:\windows\p_981116.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;c:\windows\system32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;c:\windows\system32\Drivers\BrUsbSer.sys [2006-09-03 11904]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\DRIVERS\vpnva.sys [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ab23800-cb46-11db-8a72-00e0b8923486}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6ad740-6e55-11dd-8cfb-00e0b8923486}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-Update.exe - c:\windows\system32\Update.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\znm93l74.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 20:23:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wscntfy.exe
c:\progra~1\BigFix\BigFix.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
.
**************************************************************************
.
Completion time: 2008-11-12 20:27:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-13 01:27:24

Pre-Run: 23 971 848 192 bytes free
Post-Run: 24,823,402,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

418

et voici le rapport de smitfraudfix:

SmitFraudFix v2.375

Scan done at 20:29:28,33, 2008-11-12
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\windows\system32\alert.exe
C:\windows\system32\MalwareKiller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 64.71.255.198

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E94E3918-573C-42F1-B2D6-6BD7E8EBC558}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 9 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 02:37
Pourquoi as tu refais smitfraudfix ??

refais un nouveau rapport hijackthis stp
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 02:44
voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:14, on 2008-11-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\windows\system32\alert.exe
C:\windows\system32\MalwareKiller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NVideoSupport Class - {15C3F151-CC22-4146-8F73-05D0CD987982} - C:\WINDOWS\system32nvideo.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Quick Access Toolbar - {1813785D-9CFB-45A0-9CBC-3E84F7A8471F} - C:\WINDOWS\system32GSearchTB.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easy Dock] C:\Documents and Settings\Owner\My Documents\RCA easyRip\EZDock.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [alert.exe] C:\windows\system32\alert.exe
O4 - HKLM\..\Run: [MalwareKiller.exe] C:\windows\system32\MalwareKiller.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://www.playfirst.com/play/game/dreamchronicles/dreamweb.1.0.0.9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
0
Réponse 10 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 02:49
relance hijackthis en cliquant sur scan only et coches ces lignes stp :

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

puis tu cliques sur fix checked.

Ensuite vas faire la mise à jour de java à cette adresse stp : https://www.java.com/fr/download/manual.jsp

et ensuite désinstalles la version antérieure dans ajout/suppression de programmes.

Est ce que tu as encore des problèmes ??
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 02:59
j'ai encore des pop ups :(
0
Réponse 11 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 03:01
Quel genre de popups ??

▶ Télécharger et enregistrer lopSD sur le Bureau

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 03:09
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.40GHz )
BIOS : Rev 1.0
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Not Activated)
C:\ (Local Disk) - NTFS - Total:49 Go (Free:23 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:4 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 2008-11-12|21:06 )

--------------------\\ Listing des dossiers dans APPLIC~1


[2005-04-27|02:28] C:\DOCUME~1\ADMINI~1.YOU\APPLIC~1\Identities
[2005-09-07|11:07] C:\DOCUME~1\ADMINI~1.YOU\APPLIC~1\Microsoft
[2005-09-07|11:07] C:\DOCUME~1\ADMINI~1.YOU\APPLIC~1\SampleView
[2005-04-27|02:47] C:\DOCUME~1\ADMINI~1.YOU\APPLIC~1\Sun

[2005-04-27|02:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2006-03-28|13:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-07-06|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
[2007-04-22|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[2008-07-07|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFish
[2008-11-08|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[2008-09-04|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[2005-09-25|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[2008-07-09|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
[2008-10-28|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Flood Light Games
[2007-05-01|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames
[2008-08-07|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[2006-10-24|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GameHouse
[2008-07-06|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii Games
[2007-05-13|22:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-01-01|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[2008-01-01|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[2008-01-01|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[2008-09-04|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2008-11-11|21:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin Games
[2007-06-26|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2008-11-12|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[2005-09-07|11:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[2007-01-24|22:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[2007-11-25|22:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-07-06|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MonteCristo
[2006-11-08|22:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[2008-11-08|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mushroom Age
[2007-05-07|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[2006-03-28|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
[2007-08-16|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[2007-06-28|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Media
[2008-01-14|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[2008-01-26|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
[2005-09-07|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism Deploy
[2008-11-07|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Redrum
[2006-10-26|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2008-09-28|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[2008-08-25|21:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Slapdash Games
[2006-11-16|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SonyPicturesGames
[2006-12-04|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
[2007-04-12|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[2007-11-14|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[2007-01-24|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[2008-11-11|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2007-04-10|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[2006-09-02|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2005-09-07|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-04-16|09:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2007-07-19|21:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[2005-04-27|02:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2005-09-07|11:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2005-09-07|11:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[2005-04-27|02:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun

[2007-01-18|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2005-04-27|02:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-09-14|16:29] C:\DOCUME~1\Owner\APPLIC~1\Ace
[2008-01-01|21:42] C:\DOCUME~1\Owner\APPLIC~1\Adobe
[2005-09-07|19:26] C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
[2008-07-04|18:42] C:\DOCUME~1\Owner\APPLIC~1\Ancient Quest of Saqqarah__bfg
[2006-03-23|12:20] C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
[2008-01-30|22:05] C:\DOCUME~1\Owner\APPLIC~1\Azureus
[2007-07-30|21:29] C:\DOCUME~1\Owner\APPLIC~1\Big Fish Games
[2008-07-07|21:33] C:\DOCUME~1\Owner\APPLIC~1\BigFish
[2008-08-07|21:14] C:\DOCUME~1\Owner\APPLIC~1\BigFishGames
[2008-07-10|22:16] C:\DOCUME~1\Owner\APPLIC~1\BloodTies
[2008-10-23|20:35] C:\DOCUME~1\Owner\APPLIC~1\Brother
[2008-06-26|18:35] C:\DOCUME~1\Owner\APPLIC~1\cerasus.media
[2005-09-25|19:38] C:\DOCUME~1\Owner\APPLIC~1\CyberLink
[2008-01-26|17:33] C:\DOCUME~1\Owner\APPLIC~1\DivX
[2008-10-28|20:28] C:\DOCUME~1\Owner\APPLIC~1\Flood Light Games
[2007-05-01|18:08] C:\DOCUME~1\Owner\APPLIC~1\FloodLightGames
[2007-03-30|21:57] C:\DOCUME~1\Owner\APPLIC~1\FlowPlay
[2008-08-24|23:48] C:\DOCUME~1\Owner\APPLIC~1\ForgottenRiddles
[2008-07-28|21:24] C:\DOCUME~1\Owner\APPLIC~1\ForgottenRiddles2
[2007-06-28|22:15] C:\DOCUME~1\Owner\APPLIC~1\funkitron
[2007-05-07|21:19] C:\DOCUME~1\Owner\APPLIC~1\GameHouse
[2007-04-27|17:28] C:\DOCUME~1\Owner\APPLIC~1\Gamelab
[2008-07-06|12:56] C:\DOCUME~1\Owner\APPLIC~1\Gogii Games
[2007-05-13|18:25] C:\DOCUME~1\Owner\APPLIC~1\Google
[2006-08-28|20:25] C:\DOCUME~1\Owner\APPLIC~1\Help
[2008-09-04|17:54] C:\DOCUME~1\Owner\APPLIC~1\HPAppData
[2005-04-27|02:28] C:\DOCUME~1\Owner\APPLIC~1\Identities
[2008-05-28|16:48] C:\DOCUME~1\Owner\APPLIC~1\InstallShield
[2007-06-01|17:11] C:\DOCUME~1\Owner\APPLIC~1\iWin
[2008-11-11|17:42] C:\DOCUME~1\Owner\APPLIC~1\iWinArcade
[2007-10-25|09:24] C:\DOCUME~1\Owner\APPLIC~1\Legends of pirates
[2006-04-27|13:40] C:\DOCUME~1\Owner\APPLIC~1\Macromedia
[2007-04-18|00:26] C:\DOCUME~1\Owner\APPLIC~1\Magic Academy
[2008-11-12|19:04] C:\DOCUME~1\Owner\APPLIC~1\Malwarebytes
[2006-12-07|18:24] C:\DOCUME~1\Owner\APPLIC~1\McAfee
[2008-07-03|20:02] C:\DOCUME~1\Owner\APPLIC~1\Meridian93
[2008-09-27|16:05] C:\DOCUME~1\Owner\APPLIC~1\Microsoft
[2005-09-11|08:49] C:\DOCUME~1\Owner\APPLIC~1\Mozilla
[2006-03-28|13:42] C:\DOCUME~1\Owner\APPLIC~1\MSNInstaller
[2008-11-11|17:52] C:\DOCUME~1\Owner\APPLIC~1\Mushroom Age
[2008-08-24|17:55] C:\DOCUME~1\Owner\APPLIC~1\MysteryStudio
[2007-04-11|22:02] C:\DOCUME~1\Owner\APPLIC~1\Ohana Games
[2007-06-17|13:50] C:\DOCUME~1\Owner\APPLIC~1\Oxin's Style!
[2007-04-04|16:23] C:\DOCUME~1\Owner\APPLIC~1\Pi Eye Games
[2008-01-14|21:42] C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
[2008-09-14|14:01] C:\DOCUME~1\Owner\APPLIC~1\Real
[2008-08-22|18:49] C:\DOCUME~1\Owner\APPLIC~1\Righteous Kill
[2005-11-14|19:01] C:\DOCUME~1\Owner\APPLIC~1\Roxio
[2005-09-07|11:07] C:\DOCUME~1\Owner\APPLIC~1\SampleView
[2008-08-07|18:10] C:\DOCUME~1\Owner\APPLIC~1\SultansLabyrinth
[2005-04-27|02:47] C:\DOCUME~1\Owner\APPLIC~1\Sun
[2007-11-14|17:20] C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
[2005-09-07|11:37] C:\DOCUME~1\Owner\APPLIC~1\Symantec
[2005-09-12|10:41] C:\DOCUME~1\Owner\APPLIC~1\Talkback
[2006-10-04|21:11] C:\DOCUME~1\Owner\APPLIC~1\Template

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[2008-11-12 20:57][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-04 14:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[2007-06-29|13:31] C:\Program Files\Abra Academy
[2007-04-19|21:12] C:\Program Files\Academy of Magic Word Spells
[2005-04-27|02:32] C:\Program Files\Adobe
[2005-09-07|10:56] C:\Program Files\Ahead
[2007-03-28|16:35] C:\Program Files\AOL Games
[2007-08-13|15:50] C:\Program Files\Azada
[2008-01-26|17:56] C:\Program Files\Azureus
[2006-12-18|09:33] C:\Program Files\BFG
[2008-11-07|18:32] C:\Program Files\bfgclient
[2006-10-25|19:12] C:\Program Files\BigFix
[2008-09-04|16:45] C:\Program Files\Brother
[2007-05-13|18:31] C:\Program Files\Cheetah Burner
[2006-09-12|09:12] C:\Program Files\Cisco Systems
[2008-11-12|20:54] C:\Program Files\Common Files
[2005-04-27|02:20] C:\Program Files\ComPlus Applications
[2005-09-07|11:52] C:\Program Files\CONEXANT
[2005-09-07|11:03] C:\Program Files\CyberLink
[2007-01-26|23:07] C:\Program Files\directx
[2008-11-11|20:08] C:\Program Files\DivX
[2007-08-15|21:51] C:\Program Files\EnsignGames
[2008-02-07|20:47] C:\Program Files\Eset
[2006-12-10|20:16] C:\Program Files\Fairies
[2007-07-31|20:22] C:\Program Files\GameFiesta
[2007-05-02|18:21] C:\Program Files\Games
[2008-11-11|19:55] C:\Program Files\Garfield 2
[2007-05-21|11:30] C:\Program Files\Google
[2007-05-01|17:57] C:\Program Files\GrimmsHatchery_at
[2007-07-30|21:28] C:\Program Files\Hasbro Interactive
[2005-09-11|19:32] C:\Program Files\Hewlett-Packard
[2008-08-12|22:04] C:\Program Files\HOTLLAMA Media
[2008-01-01|22:26] C:\Program Files\HP
[2008-09-14|14:43] C:\Program Files\hp deskjet 656c series
[2008-10-10|11:43] C:\Program Files\InstallShield Installation Information
[2005-09-07|10:57] C:\Program Files\Intel
[2008-05-27|22:19] C:\Program Files\Internet Explorer
[2008-11-11|19:56] C:\Program Files\iWin.com
[2008-11-12|20:54] C:\Program Files\Java
[2007-11-13|11:23] C:\Program Files\Lexmark_HostCD
[2008-10-05|16:07] C:\Program Files\LimeWire
[2008-11-12|19:04] C:\Program Files\Malwarebytes' Anti-Malware
[2005-09-07|13:11] C:\Program Files\Messenger
[2005-09-07|12:11] C:\Program Files\Microsoft ActiveSync
[2005-04-27|02:23] C:\Program Files\microsoft frontpage
[2007-02-11|19:55] C:\Program Files\Microsoft Money 2005
[2008-10-02|21:30] C:\Program Files\Microsoft Office
[2005-09-07|10:55] C:\Program Files\Microsoft Picture It! 10
[2008-03-18|20:29] C:\Program Files\Microsoft SQL Server Compact Edition
[2005-09-07|11:05] C:\Program Files\Microsoft Works
[2005-09-07|12:09] C:\Program Files\Microsoft.NET
[2005-04-27|02:20] C:\Program Files\Movie Maker
[2008-03-17|22:47] C:\Program Files\Mozilla Firefox
[2008-10-02|21:29] C:\Program Files\MSECache
[2006-03-28|13:42] C:\Program Files\MSN
[2005-09-07|11:07] C:\Program Files\MSN Encarta Plus
[2007-05-02|20:53] C:\Program Files\MSN Games
[2005-04-27|02:19] C:\Program Files\MSN Gaming Zone
[2008-07-24|20:05] C:\Program Files\MSN Messenger
[2006-10-19|12:35] C:\Program Files\MSXML 4.0
[2007-06-22|17:37] C:\Program Files\Mystery Case Files Prime Suspects
[2007-06-22|17:37] C:\Program Files\Mystery Case Files Ravenhearst
[2006-03-28|13:38] C:\Program Files\Napster
[2005-04-27|02:20] C:\Program Files\NetMeeting
[2008-09-04|16:42] C:\Program Files\Nuance
[2005-04-27|02:21] C:\Program Files\Online Services
[2007-09-28|08:51] C:\Program Files\Outlook Express
[2007-06-17|15:49] C:\Program Files\Oxin's Style!
[2008-05-28|16:49] C:\Program Files\Philips
[2005-09-07|11:01] C:\Program Files\Program Shortcuts
[2008-09-14|14:03] C:\Program Files\QuickTime
[2007-11-22|11:21] C:\Program Files\Real
[2008-09-04|16:40] C:\Program Files\ScanSoft
[2006-12-21|20:57] C:\Program Files\Shockwave.com
[2006-12-25|15:11] C:\Program Files\SigmaTel
[2007-03-21|17:08] C:\Program Files\Smiley Arcade
[2008-11-11|20:51] C:\Program Files\SUPERAntiSpyware
[2007-01-24|23:28] C:\Program Files\Symantec
[2005-09-07|11:03] C:\Program Files\Synaptics
[2007-07-23|16:19] C:\Program Files\Top Ten Solitaire
[2008-11-12|18:24] C:\Program Files\Trend Micro
[2006-10-15|16:01] C:\Program Files\TryMedia
[2008-07-29|20:01] C:\Program Files\Ubi Soft
[2008-07-19|17:02] C:\Program Files\Ubisoft
[2005-04-27|02:28] C:\Program Files\Uninstall Information
[2005-09-20|10:33] C:\Program Files\uosus
[2008-03-31|11:14] C:\Program Files\Windows Live
[2007-01-16|14:09] C:\Program Files\Windows Media Connect 2
[2007-02-14|22:55] C:\Program Files\Windows Media Player
[2005-04-27|02:19] C:\Program Files\Windows NT
[2005-04-27|02:21] C:\Program Files\WindowsUpdate
[2007-01-24|23:44] C:\Program Files\WinRAR
[2005-04-27|02:23] C:\Program Files\xerox
[2007-03-29|14:25] C:\Program Files\Yahoo!
[2008-09-14|14:04] C:\Program Files\Yahoo! Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[2005-04-27|02:32] C:\Program Files\Common Files\Adobe
[2005-09-07|10:55] C:\Program Files\Common Files\Ahead
[2005-09-07|12:11] C:\Program Files\Common Files\DESIGNER
[2005-09-20|10:35] C:\Program Files\Common Files\Deterministic Networks
[2008-01-01|22:25] C:\Program Files\Common Files\HP
[2008-09-04|16:40] C:\Program Files\Common Files\InstallShield
[2008-10-02|21:30] C:\Program Files\Common Files\Microsoft Shared
[2005-04-27|02:20] C:\Program Files\Common Files\MSSoap
[2005-09-07|10:54] C:\Program Files\Common Files\New Boundary
[2005-04-26|19:13] C:\Program Files\Common Files\ODBC
[2008-09-14|14:01] C:\Program Files\Common Files\Real
[2008-09-04|16:40] C:\Program Files\Common Files\ScanSoft Shared
[2005-04-27|02:20] C:\Program Files\Common Files\Services
[2005-04-26|19:13] C:\Program Files\Common Files\SpeechEngines
[2007-01-24|23:23] C:\Program Files\Common Files\Symantec Shared
[2007-09-28|08:51] C:\Program Files\Common Files\System
[2008-03-18|20:19] C:\Program Files\Common Files\WindowsLiveInstaller
[2007-11-14|17:15] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 45 Processes )

IEXPLORE.EXE ~ [PID:3136]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 21:08:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 14

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\Application Data\Oxin's Style!\3DSeXVilla Crack 30.001
C:\DOCUME~1\Owner\Application Data\Oxin's Style!\3DSeXVilla Crack 30.001\install
C:\DOCUME~1\Owner\Application Data\Oxin's Style!\3DSeXVilla Crack 30.001\install\3DSex1.cab
C:\DOCUME~1\Owner\Application Data\Oxin's Style!\3DSeXVilla Crack 30.001\install\3DSexvilla 30.001 Crack(oxin).msi


[F:10][D:2]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:37][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:139][D:4]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 2008-11-12|21:05 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 2008-11-12|21:09 - Option : [1]

--------------------\\ Fin du rapport a 21:09:11
0
Réponse 12 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 03:12
vas supprimer ce dossier mis en gras stp :

C:\DOCUME~1\Owner\Application Data\Oxin's Style!\3DSeXVilla Crack 30.001


▶ Télécharge sur le bureau Navilog1

*Si ton antivirus s'affole , le désactiver
sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur
sous XP : double-clic dessus pour l'installer et le lancer


▶ Quand installé
▶ taper F
▶ Appuyer sur une touche jusqu' arriver aux options
▶ Choisir Recherche ( = taper 1 )

▶ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

▶un rapport : fixnavi.txt dans ==> C:

▶le copier et le coller dans la réponse
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 03:29
Search Navipromo version 3.6.9 commencé le 2008-11-12 à 21:17:54,61

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Owner"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1\programs" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Owner\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.YOU\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Owner\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.YOU\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Owner\startm~1\programs" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.YOU\startm~1\programs" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Owner\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1.YOU\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Owner\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1.YOU\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 2008-11-12 à 21:28:50,95 ***
0
Réponse 13 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 03:31
quel genre de popups as tu encore ??
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 03:34
si tu comprend l'anglais j'en ai un qui dit



error check connection
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 03:36
j'en ai un autre qui dit : Attention Low Performance
0
Réponse 14 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 03:35
as tu les logiciels ad-aware et spybot ??
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 03:36
Je pense pas
0
Réponse 15 / 15
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
13 nov. 2008 à 03:39
alors les voici :

Ad-aware

Spybot

Fais une mise à jour et une analyse complete avec chaques logiciels (une analyse à la fois)

Je vais aller dormir car je commence à tomber de sommeil lol

Je vérifierai tes réponses demain et te dirai la suite ;-)

Bonne fin de soirée @+
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 04:12
lol bin merci beaucoup de ton aide ce soir je vais t'envoyer les resultats des scans aussitot qu'ils ont fini pis je te reparlerai demain quand je peux.

Je te souhaite une bonne soiree et puis je vais attendre ta reponse demain :D
0
poune1987 Messages postés 19 Date d'inscription jeudi 13 novembre 2008 Statut Membre Dernière intervention 13 novembre 2008
13 nov. 2008 à 04:14
voici le log du ad-aware 2008

Ad-Aware Build
Log File Created on: 2008-11-12 22:12:34
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name: YOUR-A9A3FB198C
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: Intel(R) Celeron(R) M processor 1.40GHz
Memory Available: 56%
Total Physical Memory: 526827520 Bytes
Available Physical Memory: 290910208 Bytes
Total Page File Size: 1285988352 Bytes
Available On Page File: 840560640 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1910693888 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 81
Build Number: 0
Build Date and Time: 2008/05/15 06:25:49

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 235824
Infections Detected: 29
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 2 2
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 24 24
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 47 Name: Adware.AdMedia Category: Adware TAI:10
Item Id: 300036953 Value: Root: HKCR Path: typelib\{495874fe-4a82-4ad1-9476-0b957e0b95eb}
Item Id: 300036952 Value: Root: HKCR Path: interface\{e3ed53c5-7ad5-4df5-9734-afb6e7e5d9db}
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat ad.yieldmanager.com bh /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat ad.yieldmanager.com uid /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com AdData /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com BT000000340005742D9084 /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com BTA /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com BT000000340005742B9084 /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com BTA3 /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com ASB3 /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com BT000000340005743314163 /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com ADP /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com BT000000340005743124833 /
Item Id: 600000372 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat rbc.bridgetrack.com BT000000340005742F24833 /
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat doubleclick.net id /
Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat atdmt.com AA002 /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat smartadserver.com TestIfCookieP /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat smartadserver.com pbw /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat smartadserver.com pid /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat smartadserver.com pbwmaj /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat casalemedia.com CMID /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat casalemedia.com CMPS /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat casalemedia.com CMPP /
Item Id: 600000434 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat casalemedia.com CMX2 /
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Owner\Cookies\index.dat msnportal.112.2o7.net s_vi /
Item Id: 600000164 Value: Browser: Firefox Cookie: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/znm93l74.default\cookies.txt centrport.net CPID /
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Owner\Recent Count: 160
Item Id: 2 Value: MRU Registry Key: S-1-5-21-3517721446-1025723880-2559589248-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 25
Item Id: 3 Value: MRU Registry Key: S-1-5-21-3517721446-1025723880-2559589248-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 3

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\program files\superantispyware\saswinlo.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\mprui.dll

c:\windows\system32\netui2.dll

c:\windows\system32\netmsg.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\comres.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\imon.dll

c:\windows\system32\wsock32.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\imon.dll

c:\windows\system32\wsock32.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\imon.dll

c:\windows\system32\wsock32.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\es.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winhttp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\browser.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\sxs.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\unimdmat.dll

c:\windows\system32\modemui.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\hid.dll

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wups2.dll

c:\windows\system32\wbem\wbemcons.dll

c:\windows\system32\catsrvut.dll

c:\windows\system32\catsrv.dll

c:\windows\system32\mfcsubs.dll

c:\windows\system32\mpr.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\imon.dll

c:\windows\system32\wsock32.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\imon.dll

c:\windows\system32\wsock32.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\hpzlnt03.dll

c:\windows\system32\hpzlnt04.dll

c:\windows\system32\mdimon.dll

c:\windows\system32\msi.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
c:\program files\cisco systems\vpn client\cvpnd.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msvcirt.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\imon.dll

c:\windows\system32\ole32.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\vsdata.dll

c:\windows\system32\vsinit.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\program files\hp\digital imaging\bin\hpqddsvc.dll

c:\program files\hp\digital imaging\bin\hpqddcmn.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\winspool.drv

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\hp\digital imaging\bin\hpqcxs08.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE
c:\program files\java\jre6\bin\jqs.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\program files\java\jre6\bin\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\pdh.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\odbcbcp.dll

c:\windows\system32\version.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\imon.dll

c:\windows\system32\wsock32.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\perfos.dll

c:\windows\system32\perfdisk.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\hpzinw12.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRAM FILES\ESET\NOD32KRN.EXE
c:\program files\eset\nod32krn.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mpr.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\program files\eset\nod32krr.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\program files\eset\ps_amon.dll

c:\program files\eset\pr_amon.dll

c:\program files\eset\ps_dmon.dll

c:\program files\eset\pr_dmon.dll

c:\program files\eset\ps_emon.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\program files\eset\pr_emon.dll

c:\windows\system32\imon.dll

c:\program files\eset\pr_imon.dll

c:\program files\eset\ps_nod32.dll

c:\program files\eset\pr_nod32.dll

c:\program files\eset\ps_upd.dll

c:\program files\eset\pr_upd.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\hpzipm12.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRAM FILES\COMMON FILES\NEW BOUNDARY\PRISMXL\PRISMXL.SYS
c:\program files\common files\new boundary\prismxl\prismxl.sys

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msvcrt.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\sti.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msi.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\mlang.dll

c:\windows\system32\netshell.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\credui.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\syntpfcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\sxs.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\browselc.dll

c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\duser.dll

c:\windows\system32\msgina.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shdoclc.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\msv1_0.dll

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
c:\windows\system32\wscntfy.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\msctf.dll

C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\imon.dll

c:\program files\eset\pr_imon.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
c:\program files\synaptics\syntp\syntplpr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\syncom.dll

c:\windows\system32\syntpfcs.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
c:\program files\synaptics\syntp\syntpenh.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\system32\winmm.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\syncom.dll

c:\windows\system32\syntpapi.dll

c:\windows\system32\syntpfcs.dll

c:\windows\system32\msctf.dll

C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
c:\windows\system32\igfxtray.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\hccutils.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\igfxdev.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\syntpfcs.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\igfxres.dll

c:\windows\system32\igfxress.dll

C:\WINDOWS\SYSTEM32\HKCMD.EXE
c:\windows\system32\hkcmd.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\hccutils.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\igfxdev.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\syntpfcs.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\igfxres.dll

c:\windows\system32\igfxhk.dll

C:\PROGRAM FILES\ESET\NOD32KUI.EXE
c:\program files\eset\nod32kui.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\mfc42u.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\program files\eset\nod32rui.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\program files\eset\pu_amon.dll

c:\program files\eset\pr_amon.dll

c:\program files\eset\pu_dmon.dll

c:\program files\eset\pr_dmon.dll

c:\program files\eset\pu_emon.dll

0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment taper le anti slash?
Flagadatof -
SANG -

26 réponses
comment obtenir un slash inversé ?
Quynh-Anh -
Quynh-Anh -

5 réponses