Aller au contenu

alexandre32123

Membres
  • Compteur de contenus

    8
  • Inscription

  • Dernière visite

alexandre32123's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Bonjour, Me voici infecte par le virus Win32:Small-gen2 [Trj]. Il est repere a chaque demarrage de l'ordinateur (des le debut de la connexion internet) par Avast. Je le mets en quarantaine e il revient a nouveau lors du demarrge suivant. Il est toujours localise au meme endroit (fichier temp) Voici mon hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 08:47:11, on 22/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\sj650\hpupdate.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpamPal\spampal.exe C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\MS_update_0612_KB74062.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\Olivier\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKLM\..\Run: [hp Update 3300C] "C:\sj650\hpupdate.exe" 3300C+ O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\RunServices: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MS_update_0612_KB74062.exe O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Bloquer toutes les publicités de ce site... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre... - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Ouvrir des liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Surligner toutes les occurrences sur la page - C:\Program Files\Avant Browser\Highlight.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164028899073 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com1.xdo O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Merci de m'aider a me sortir de ce truc.
  2. Voila, le scan onine a ete fait. Je n'ai plus d'annonce de virus ni la page intempestive. Donc, je pens que mon pb est resolu, mais ai-je d'autres verif a faire? Le scan en ligne m'a trouve plusieurs failles mais je ne sais pas comment les mettre en rapport ici, et je n'ai pas reussi a MAJ ces failles. En tout cas merci d'avoir deja pu resoudre mon pb initial!
  3. Voila, je suis tes indications, et je te remercie pour ta patience et tes efforts! Voici le log de spy sweeper: 2 scans ont ete faits dont un hier soir interrompu mais qui a elimie 5 trojans et spywares). Le 2eme ce matin n'a plus rien trouve. 10:10: Traces Found: 0 10:10: Custom Sweep has completed. Elapsed time 01:36:40 10:09: File Sweep Complete, Elapsed Time: 01:35:23 09:45: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned. 09:45: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned. 09:38: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [d:\games\starwars - battle grounds with sound (fully working).exe] 09:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [d:\system volume information\_restore{bb1b914f-52fc-4d07-99e8-943158869a52}\rp35\a0003066.exe] 09:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [d:\system volume information\_restore{7dc9c95e-6295-4f54-b3a1-1430c06bd3dd}\rp437\a0470352.exe] 08:52: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\emule\temp1.part] 08:51: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys] 08:44: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\emule\temp7.part] 08:42: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask] 08:34: Starting File Sweep 08:34: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned. 08:34: Cookie Sweep Complete, Elapsed Time: 00:00:00 08:34: Starting Cookie Sweep 08:34: Registry Sweep Complete, Elapsed Time:00:00:10 08:34: Starting Registry Sweep 08:34: Memory Sweep Complete, Elapsed Time: 00:00:52 08:33: Warning: AntiVirus engine for IdentifyMemObject returned [Access Denied] on [C:\WINDOWS\Policies.dll] 08:33: Starting Memory Sweep 08:33: Sweep initiated using definitions version 861 08:33: Spy Sweeper 5.3.1.2346 started 08:33: | Start of Session, samedi 17 février 2007 | *************** 08:32: Program Version 5.3.1.2346 Using Spyware Definitions 861 08:32: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 16/02/2007 07:37:56 (GMT) 08:32: Spy Sweeper 5.3.1.2346 started 08:32: | Start of Session, samedi 17 février 2007 | *************** Operation: Terminate Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe Source: C:\WINDOWS\system32\csrss.exe 08:29: Tamper Detection Operation: Terminate Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe Source: C:\WINDOWS\system32\csrss.exe 08:29: Tamper Detection Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 08:27: Shield States 08:27: Spyware Definitions: 861 08:27: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 16/02/2007 07:37:56 (GMT) 08:26: Spy Sweeper 5.3.1.2346 started 08:26: Spy Sweeper 5.3.1.2346 started 08:26: | Start of Session, samedi 17 février 2007 | *************** 08:30: Spy Sweeper 5.3.1.2346 started 08:30: Spy Sweeper 5.3.1.2346 started 08:30: | Start of Session, samedi 17 février 2007 | *************** 20:04: Spy Installation Shield: found: Virus: Troj/Bckdr-PUX, version 20:03: ApplicationMinimized - EXIT 20:03: ApplicationMinimized - ENTER 20:03: Your virus definitions have been updated. 20:02: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 16/02/2007 07:37:56 (GMT) Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On 20:01: Messenger service has been disabled. ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: Off IE Hijack Shield: On IE Tracking Cookies Shield: Off 20:01: Shield States 20:01: Spyware Definitions: 861 20:01: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 16/02/2007 07:37:56 (GMT) 20:00: Spy Sweeper 5.3.1.2346 started 20:00: Spy Sweeper 5.3.1.2346 started 20:00: | Start of Session, vendredi 16 février 2007 | *************** 20:08: Program Version 5.3.1.2346 Using Spyware Definitions 861 20:08: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 16/02/2007 07:37:56 (GMT) 20:07: Spy Sweeper 5.3.1.2346 started 20:07: | Start of Session, vendredi 16 février 2007 | *************** 22:07: Removal process completed. Elapsed time 00:00:22 22:07: Quarantining All Traces: Troj/AdClick-DU 22:07: Quarantining All Traces: 180search assistant/zango 22:07: Quarantining All Traces: Troj/SpamTh-Gen 22:07: Quarantining All Traces: fullcontext 22:07: explorer.exe is in use. It will be removed on reboot. 22:07: trojan-backdoor-msdcom32 is in use. It will be removed on reboot. 22:06: Quarantining All Traces: trojan-backdoor-msdcom32 22:06: Removal process initiated 22:06: Traces Found: 12 22:06: File Sweep Complete, Elapsed Time: 01:57:09 22:06: Sweep Canceled 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\hotsearchbar.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc43.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc29.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc39.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\systemdoctor.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc33.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc35.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc57.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\tibsvq.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\bravesentry1.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc49.zip] 21:31: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc47.zip] 21:30: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks2.zip] 21:30: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks1.zip] 21:29: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchsearchklick4.zip] 21:29: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks.zip] 21:29: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet18.zip] 21:29: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet10.zip] 21:28: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc65.zip] 21:28: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites32.zip] 21:28: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet9.zip] 21:28: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet33.zip] 21:28: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet32.zip] 21:28: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet6.zip] 21:28: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet5.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\spysheriff.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet16.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet15.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchfeatinstaller1.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchfeatinstaller.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\windowsexplorer.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet12.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet11.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch14.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch13.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch10.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\axfibula6.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\axfibula5.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\axfibula4.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\axfibula3.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\axfibula2.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet4.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet3.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet14.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet13.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet2.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet1.zip] 21:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc46.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc77.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch17.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch16.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch15.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchsearchklick5.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc45.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc44.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\axfibula1.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc79.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc78.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch9.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch8.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch7.zip] 21:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites21.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet31.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet30.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet29.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet28.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet27.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\tibsvq1.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc17.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc16.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc15.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc14.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc13.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix5.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix4.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites5.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites4.zip] 21:25: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\coolwwwsearcholehelp.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet26.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc81.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc76.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc83.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc80.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc28.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc27.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc26.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc25.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc74.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc24.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites13.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites12.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc75.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc73.zip] 21:24: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites20.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites36.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc82.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc19.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc18.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites7.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites37.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites6.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites39.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\deepdive1.zip] 21:23: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites38.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc38.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\deepdive2.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites40.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc37.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc36.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\axfibula.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\spysheriff6.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet25.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\spysheriff5.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\spysheriff4.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\spysheriff3.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\spysheriff2.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc64.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\spysheriff1.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\spysheriff.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc6.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc5.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc4.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc3.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc12.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet24.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc11.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc10.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc9.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet23.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc32.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc42.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet22.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites17.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc41.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc31.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc40.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix9.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet21.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchfeatinstaller3.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchfeatinstaller2.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\deepdive.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc8.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc63.zip] 21:22: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc7.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix8.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix1.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites19.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc2.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix3.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites18.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix2.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites3.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites2.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet20.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc52.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc30.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc51.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch6.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc1.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc21.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites15.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites31.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc20.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc60.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc59.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites30.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites27.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\alexarelated.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc50.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc58.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites26.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites23.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites22.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix7.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc66.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites16.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc70.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites1.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\bravesentry6.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc69.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchsearchklick3.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\coolwwwsearcholehelp1.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix6.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\bravesentry5.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet37.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet36.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet17.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc68.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet35.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet34.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc67.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites33.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc48.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites34.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\bravesentry4.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc72.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet41.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites9.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch18.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch12.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch11.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\bravesentry3.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet40.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch5.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch4.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc71.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch3.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch2.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet39.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch1.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearch.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchsearchklick1.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites8.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchsearchklick.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchsearchklick2.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks11.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks10.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet8.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks9.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\bravesentry2.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks8.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet7.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks7.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks6.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks5.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks4.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc62.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet19.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc61.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\coolwwwsearchielinks3.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites29.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc34.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites28.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\bravesentry.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc56.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc55.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc54.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc23.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc22.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\smitfraudc53.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix11.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\searchcentrix10.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search & destroy\recovery\newdotnet38.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites14.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites25.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites11.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites35.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites10.zip] 21:21: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users.windows\application data\spybot - search & destroy\recovery\jupilites24.zip] 21:21: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned. 21:21: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned. 21:20: a0002697.hta (ID = 0) 21:20: Found Troj/AdClick-DU: Troj/AdClick-DU 21:14: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [d:\games\starwars - battle grounds with sound (fully working).exe] 21:07: a0006302.ini (ID = 70576) 21:07: Found Adware: 180search assistant/zango 21:01: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [d:\system volume information\_restore{bb1b914f-52fc-4d07-99e8-943158869a52}\rp35\a0003066.exe] 20:58: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [d:\system volume information\_restore{7dc9c95e-6295-4f54-b3a1-1430c06bd3dd}\rp437\a0470352.exe] 20:32: pwaq.dll (ID = 0) 20:27: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\emule\temp1.part] 20:26: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys] 20:19: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\emule\temp7.part] 20:17: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask] 20:17: fcwol.dll (ID = 0) 20:17: Found Troj/SpamTh-Gen: Troj/SpamTh-Gen 20:09: Starting File Sweep 20:09: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned. 20:09: Cookie Sweep Complete, Elapsed Time: 00:00:00 20:09: Starting Cookie Sweep 20:09: Registry Sweep Complete, Elapsed Time:00:00:10 20:09: HKU\S-1-5-21-746137067-920026266-1343024091-1003\software\microsoft\windows\currentversion\run\ || axvenore (ID = 1354027) 20:09: Found Adware: fullcontext 20:09: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || dcom server 2238 (ID = 1589699) 20:09: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {2c1cd3d7-86ac-4068-93bc-a02304bb2238} (ID = 1578070) 20:09: HKLM\software\classes\clsid\{2c1cd3d7-86ac-4068-93bc-a02304bb2238}\ (ID = 1561179) 20:09: HKCR\clsid\{2c1cd3d7-86ac-4068-93bc-a02304bb2238}\ (ID = 1561175) 20:09: Starting Registry Sweep 20:09: Memory Sweep Complete, Elapsed Time: 00:00:48 20:08: Warning: AntiVirus engine for IdentifyMemObject returned [Access Denied] on [C:\WINDOWS\Policies.dll] 20:08: Starting Memory Sweep 20:08: HKCR\clsid\{2c1cd3d7-86ac-4068-93bc-a02304bb2238}\inprocserver32\ (ID = 1604405) 20:08: explorer.exe (ID = 1588150) 20:08: HKLM\software\microsoft\windows\currentversion\run\ || explorer 2238 (ID = 1588150) 20:08: Found Trojan Horse: trojan-backdoor-msdcom32 20:08: Sweep initiated using definitions version 861 20:08: Spy Sweeper 5.3.1.2346 started 20:08: | Start of Session, vendredi 16 février 2007 | *************** Voici le log de hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 10:15:04, on 17/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\sj650\hpupdate.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\SpamPal\spampal.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Olivier\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TMSN Class - {B72549CE-5644-4116-B8A4-A2B042321EC4} - C:\WINDOWS\Policies.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKLM\..\Run: [hp Update 3300C] "C:\sj650\hpupdate.exe" 3300C+ O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\RunServices: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164028899073 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com1.xdo O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Je poursuis avec les scans en ligne... merci!
  4. Voici le rapport de sdfix: SDFix: Version 1.65 Run by: Olivier - 15/02/2007 @ 20:15:55,68 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: MZU_RK Path: \??\C:\WINDOWS\System32\MZU_DRV.sys MZU_RK Deleted Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\Policies.dll - Deleted C:\WINDOWS\system32\mini3tone.ini - Deleted C:\WINDOWS\system32\Policies\Policies.dll - Deleted C:\WINDOWS\system32\Policies\replace-update-script.bat - Deleted C:\WINDOWS\system32\Policies\update-script.bat - Deleted C:\WINDOWS\system32\Policies\version.txt - Deleted ADS Check: C:\WINDOWS\system32 :bigo.dll 9728 Total size: 9728 bytes. Removing ADS... system32: deleted 9728 bytes in 1 streams. Checking for remaining Streams C:\WINDOWS\system32 No streams found. Final Check: Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\Documents and Settings\Olivier\Application Data\Microsoft\Word\~WRL3428.tmp C:\Documents and Settings\Olivier\Application Data\Microsoft\Word\~WRL3934.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b4248c4c189bf5460d6eb98122ea18be\BIT2.tmp Finished Voici celui de hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 20:21:25, on 15/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe C:\sj650\hpupdate.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpamPal\spampal.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Olivier\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TMSN Class - {B72549CE-5644-4116-B8A4-A2B042321EC4} - C:\WINDOWS\Policies.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Explorer 2238] C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O4 - HKLM\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+ O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe" O4 - HKCU\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Bloquer toutes les publicités de ce site... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre... - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Ouvrir des liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Surligner toutes les occurrences sur la page - C:\Program Files\Avant Browser\Highlight.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...native/x86/win3 2/activex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...en/x86/client/w uweb_site.cab?1164028899073 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...trendmicro.com/ housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com1.xdo O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Et voici le rapport de: SmitFraudFix v2.142 Rapport fait à 20:28:21,20, 15/02/2007 Executé à partir de C:\Documents and Settings\Olivier\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olivier »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Olivier\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Olivier\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" [HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2238}\InProcServer32] @="C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2238}\InProcServer32] @="C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="\\\\?\\C:\\WINDOWS\\System32\\com1.xdo" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  5. Voici le rapport de fixwareout: Fixwareout Last edited 2/11/2007 Post this report in the forums please ... »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. C:\WINDOWS\System32\kernel32.exe Deleted .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "WinampAgent"="\"C:\\Program Files\\Winamp\\Winampa.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "_mzu_stonedrv3"="c:\\windows\\system32\\_mzu_stonedrv3.exe" "Explorer 2238"="C:\\DOCUME~1\\Olivier\\LOCALS~1\\Temp\\30285\\explorer.exe" "_zlu_zlope04"="c:\\windows\\system32\\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe" "hp Update 3300C"="C:\\sj650\\hpupdate.exe 3300C+" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit" "WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "AXVenore"="\"C:\\Program Files\\AXVenore\\AXVenore.exe\"" "_mzu_stonedrv3"="c:\\windows\\system32\\_mzu_stonedrv3.exe" "_zlu_zlope04"="c:\\windows\\system32\\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Voici le rapport de hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 18:44:58, on 15/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe C:\sj650\hpupdate.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpamPal\spampal.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Olivier\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TMSN Class - {B72549CE-5644-4116-B8A4-A2B042321EC4} - C:\WINDOWS\Policies.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKLM\..\Run: [Explorer 2238] C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O4 - HKLM\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+ O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKLM\..\RunServices: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe" O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKCU\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Bloquer toutes les publicités de ce site... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre... - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Ouvrir des liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Surligner toutes les occurrences sur la page - C:\Program Files\Avant Browser\Highlight.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164028899073 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com1.xdo O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Je poursuis...
  6. Voila, j'ai nettoye le pc en mode sans echec avec : -Ad aware -Spybot -AVG -Avast Rien a signaler, tout est propre... et pourtant! Et j'ai toujours le trojan Win32:Agent-EEW a chaque nouveau lancement de Avant Browser. Je le supprime. Plus de pb, jusqu'a ce que j'eteigne et rallume le pc: a nouveau Avast detecte le trojan au lancement de Avant. Toujours au meme endroit (dossier temp dans localsetting) Voici mon dernier hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 18:09:15, on 15/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\EXPLORERI.exe C:\WINDOWS\EXPLORERI.exe C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe C:\sj650\hpupdate.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\SpamPal\spampal.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Olivier\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TMSN Class - {B72549CE-5644-4116-B8A4-A2B042321EC4} - C:\WINDOWS\Policies.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKLM\..\Run: [Explorer 2238] C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O4 - HKLM\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+ O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKLM\..\RunServices: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe" O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKCU\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164028899073 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{78000588-DCFE-41C8-B43A-F3E88206B71C}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{D79B7A68-2AF5-402F-9C47-07F55E2199DB}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.23 85.255.112.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{78000588-DCFE-41C8-B43A-F3E88206B71C}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.23 85.255.112.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{78000588-DCFE-41C8-B43A-F3E88206B71C}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.23 85.255.112.220 O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com1.xdo O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
  7. Voila, j'ai fait tout ce que tu m'as dit: J'espere que vous pourrez m'aider. Voici par ailleurs l'adresse de pages qui s'ouvrent sans que je les demande: http://thebest-results.com/search.php?q=ca...9175&saff=0 http://usafindanything.com/search.php?q=ex...9175&saff=0 Mais c'est pas toujours la meme... comment se debarraser de cette salete? Merci Rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 08:51:46, on 15/02/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe C:\sj650\hpupdate.exe C:\WINDOWS\EXPLORERI.exe C:\WINDOWS\EXPLORERI.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpamPal\spampal.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Olivier\Bureau\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: TMSN Class - {B72549CE-5644-4116-B8A4-A2B042321EC4} - C:\WINDOWS\Policies.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKLM\..\Run: [Explorer 2238] C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O4 - HKLM\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+ O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKLM\..\RunServices: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe" O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe O4 - HKCU\..\Run: [_zlu_zlope04] c:\windows\system32\_zsk_zlu_zlope04cwr_tgawotlcmef_.exe O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164028899073 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{78000588-DCFE-41C8-B43A-F3E88206B71C}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{D79B7A68-2AF5-402F-9C47-07F55E2199DB}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.23 85.255.112.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{78000588-DCFE-41C8-B43A-F3E88206B71C}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.23 85.255.112.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{78000588-DCFE-41C8-B43A-F3E88206B71C}: NameServer = 85.255.114.23,85.255.112.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.23 85.255.112.220 O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\com1.xdo O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\DOCUME~1\Olivier\LOCALS~1\Temp\30285\explorer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Rapport blacklight : 02/15/07 08:52:47 [info]: BlackLight Engine 1.0.55 initialized 02/15/07 08:52:47 [info]: OS: 5.1 build 2600 () 02/15/07 08:52:47 [Note]: 7019 4 02/15/07 08:52:47 [Note]: 7005 0 02/15/07 08:53:00 [Note]: 7006 0 02/15/07 08:53:00 [Note]: 7011 1052 02/15/07 08:53:01 [Note]: 7026 0 02/15/07 08:53:01 [Note]: 7026 0 02/15/07 08:53:06 [Note]: FSRAW library version 1.7.1021 02/15/07 08:54:39 [Note]: 2000 1012 02/15/07 08:54:55 [Note]: 7007 0 Rapport AVG: --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 10:12:06 15/02/2007 + Résultat de l'analyse: D:\System Volume Information\_restore{BB1B914F-52FC-4D07-99E8-943158869A52}\RP36\A0005710.exe -> Adware.BrowsePal : Ignoré. D:\System Volume Information\_restore{BB1B914F-52FC-4D07-99E8-943158869A52}\RP35\A0003045.exe -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). D:\System Volume Information\_restore{BB1B914F-52FC-4D07-99E8-943158869A52}\RP35\A0003058.exe -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). D:\System Volume Information\_restore{BB1B914F-52FC-4D07-99E8-943158869A52}\RP35\A0003077.exe -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\dxvwaowd.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\dxvwnmlt.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\dxvwyedp.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport
  8. Bonjour, je suis nouveau ici et je vous demande de l'aide. 1. A chaque lancement de mon navigateur (avant browser), Avast me repere un trojan Win32:Agent-EEW [Trj]. Il se trouve dans le dossier temp. J'ai beau le nettoyer, mettre en 40aine le trojan, il revient a chaque redemarrage et lancement de ma connexion internet. 2. Par ailleurs, j'ai regulierement une page web qui s'ouvre sans que je lui demande avec toujours un site de recherche qui change parfois d'aspect. Le dernier en date est nomme best search. L'adresse est a chaque fois differente. 3. Enfin, j'ai aussi semble-t-il un faux positif que me signale avast depuis une tentative de scan en ligne avec panda. Le nom du trojan est win32 ctx. Meme remarque, chaque fois je le supprime et chaque fois il revient. Je ne sais plus trop quoi faire et je fais donc appel a vous! Merci d'avance!
×
×
  • Créer...