Aller au contenu

je-rom

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    594

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Tout ce qui a été posté par je-rom

  1. je-rom
    Kaspersky s'est aussi correctement désinstallé. Toute façon il reste les icônes suivants sur mon bureau: 3 icônes de setup_7.0.0.1+ 1 de strip my rights + 1 de adblock_plus. C'est un peu encombrant.... Je voudrais les enlever sans en infecter leur fonctionnement si c'est possible plus tard.
  2. je-rom
    La suppression à la main du dossier C:\Program Files\Crawler c'est parfaitement bien passé. Voici le rapport de Hijackthis n°8: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:52:09, on 25/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Wireless 802.11g Monitor\WLService.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] :C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] :C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [synTPLpr] :C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] :C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users.WINDOWS\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36(3).exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe O23 - Service: setup_7.0.0.180_18.05.2008_22-36(3) - Kaspersky Lab - C:\Documents and Settings\All Users.WINDOWS\Bureau\Kaspersky Lab Tool\setup_7.0.0.180_18.05.2008_22-36(3).exe -- End of file - 7275 bytes
  3. je-rom
    Oui j'avais installé Spyware Terminator mais il y a longtemps de ça. Je l'avais supprimé car je ne l'apprécié pas trop, un modérateur ou modératrice me l'avait envoyé en fait sur ce site. MBAM m'a trouvé un élément infecté tout à la fin du scan dans sa recherche heuristique. Voici le rapport MBAM n°5: Malwarebytes' Anti-Malware 1.12 Version de la base de données: 785 Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 104199 Temps écoulé: 51 minute(s), 24 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  4. je-rom
    Salut oGu! Voici les rapports suivants: 1) Rapport de Combofix n°9 2) Rapport AVP TOOL (le scan à duré plus de 11heures, c'est normal?) --------------------------------------------------------------------------------------------------------------- 1) Rapport de Combofix n°9: ComboFix 08-05-21.3 - lagarde 2008-05-25 0:25:19.13 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.156 [GMT 2:00] Endroit: C:\Documents and Settings\lagarde\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\lagarde\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\kaesewhq.dll C:\WINDOWS\system32\xfcrqlah.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\kaesewhq.dll C:\WINDOWS\system32\xfcrqlah.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . 2008-05-24 20:42 . 2005-12-27 16:02 65,536 --a--c--- C:\WINDOWS\system32\StripMyRights.exe 2008-05-22 15:41 . 2008-05-22 15:41 268 --ah-c--- C:\sqmdata04.sqm 2008-05-22 15:41 . 2008-05-22 15:41 244 --ah-c--- C:\sqmnoopt04.sqm 2008-05-22 13:58 . 2008-05-22 13:58 268 --ah-c--- C:\sqmdata03.sqm 2008-05-22 13:58 . 2008-05-22 13:58 244 --ah-c--- C:\sqmnoopt03.sqm 2008-05-22 12:09 . 2008-05-22 12:09 268 --ah-c--- C:\sqmdata02.sqm 2008-05-22 12:09 . 2008-05-22 12:09 244 --ah-c--- C:\sqmnoopt02.sqm 2008-05-21 23:32 . 2008-05-22 13:39 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\TmpRecentIcons 2008-05-21 14:43 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-21 14:43 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-21 14:43 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-21 14:43 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-21 14:43 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-21 14:43 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-21 14:43 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-21 14:43 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-21 14:43 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-21 12:37 . 2008-05-21 12:38 <REP> d----c--- C:\Program Files\hpHosts 2008-05-21 12:37 . 2008-05-21 12:37 530,128 --a--c--- C:\hpHosts-Setup-Win32.exe 2008-05-20 22:15 . 2008-05-20 22:16 153,144 --a--c--- C:\ewido_micro.exe 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-05 20:46 27,048 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-18 01:28 . 2008-05-05 20:46 15,864 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-05-17 17:30 . 2008-05-24 19:21 <REP> d----c--- C:\Program Files\Mozilla Thunderbird 2008-05-17 17:14 . 2004-08-05 14:00 3,440 --a--c--- C:\sysoc.inf 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d--h-c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Voisinage r‚seau 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d--h-c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Voisinage d'impression 2008-05-17 15:50 . 2007-07-26 08:48 <REP> d--h-c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\ModŠles 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Mes documents 2008-05-17 15:50 . 2007-07-26 10:35 <REP> dr---c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Menu D‚marrer 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Favoris 2008-05-17 15:50 . 2007-07-26 08:56 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Bureau 2008-05-17 15:50 . 2008-05-17 16:24 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5 2008-05-17 15:47 . 2008-05-17 15:47 <REP> d----c--- C:\Program Files\CCleaner 2008-05-17 14:59 . 2008-05-24 16:59 <REP> d----c--- C:\WINDOWS\ERUNT 2008-05-17 14:03 . 2008-05-20 21:52 2,958 --a--c--- C:\WINDOWS\system32\tmp.reg 2008-05-17 14:02 . 2007-09-06 00:22 289,144 --a--c--- C:\WINDOWS\system32\VCCLSID.exe 2008-05-17 14:02 . 2006-04-27 17:49 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe 2008-05-17 14:02 . 2008-05-15 23:22 86,528 --a--c--- C:\WINDOWS\system32\VACFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\IEDFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\404Fix.exe 2008-05-17 14:02 . 2003-06-05 21:13 53,248 --a--c--- C:\WINDOWS\system32\Process.exe 2008-05-17 14:02 . 2004-07-31 18:50 51,200 --a--c--- C:\WINDOWS\system32\dumphive.exe 2008-05-17 14:02 . 2007-10-04 00:36 25,600 --a--c--- C:\WINDOWS\system32\WS2Fix.exe 2008-05-14 19:59 . 2008-05-14 19:59 <REP> d----c--- C:\Documents and Settings\Propriétaire 2008-05-14 13:48 . 2008-05-14 13:48 <REP> d----c--- C:\Program Files\Trend Micro 2008-05-09 17:57 . 2008-05-09 17:57 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-05-08 18:55 . 2008-05-08 18:55 <REP> d----c--- C:\backups 2008-05-07 20:44 . 2008-05-07 20:44 <REP> d----c--- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 15:04 --------- dc----w C:\Program Files\Java 2008-05-21 09:23 --------- dc----w C:\Program Files\Google 2008-05-20 23:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-05-17 23:27 --------- dc----w C:\Program Files\Common files 2008-05-17 15:34 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-03-25 04:51 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 -c--a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll 2007-10-20 07:38 108 -c--a-w C:\Program Files\output54.png 2007-10-20 07:37 2,118 -c--a-w C:\Program Files\photoshop.bmp 2007-10-20 07:33 2,118 -c--a-w C:\Program Files\Sans titre.bmp . ((((((((((((((((((((((((((((( snapshot_2008-05-22_12.30.32.07 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-12 23:28:38 765,952 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll + 2007-03-06 01:34:33 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll + 2007-03-06 01:34:38 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe + 2007-03-06 01:34:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll + 2007-03-06 01:34:56 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe + 2007-03-06 01:35:48 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll - 2008-05-22 10:10:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-24 22:28:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2000-08-31 06:00:00 73,728 -c--a-w C:\WINDOWS\fdsv.exe + 2000-08-31 06:00:00 89,504 -c--a-w C:\WINDOWS\fdsv.exe - 2008-05-22 09:55:41 29,371 -c--a-w C:\WINDOWS\hpoins03.dat + 2008-05-24 19:43:38 29,371 -c--a-w C:\WINDOWS\hpoins03.dat + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-13 16:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll - 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll + 2008-05-24 22:30:54 16,384 -c--atw C:\WINDOWS\TEMP\Perflib_Perfdata_6ac.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "LVCOMSX"=":C:\WINDOWS\system32\LVCOMSX.EXE" [ ] "LogitechVideoRepair"=":C:\Program Files\Logitech\Video\ISStart.exe" [ ] "LogitechVideoTray"=":C:\Program Files\Logitech\Video\LogiTray.exe" [ ] "SynTPLpr"=":C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ] "SynTPEnh"=":C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 22:35 262401] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.MJPG"= pvmjpg21.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\firefox.exe] Debugger=StripMyRights.exe /D /L N [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\mshta.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-06-23 08:04] R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys [2006-09-27 12:47] R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-29 16:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-10-06 13:04] R3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-05-07 13:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe09f87-c44c-11dc-9c4f-00c09f737e07}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 00:29:53 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-25 0:35:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-24 22:35:49 ComboFix2.txt 2008-05-24 16:10:21 ComboFix3.txt 2008-05-22 10:31:49 ComboFix4.txt 2008-05-21 10:23:39 ComboFix5.txt 2008-05-17 11:56:59 Pre-Run: 23,705,673,728 octets libres Post-Run: 23,706,869,760 octets libres 188 --- E O F --- 2008-05-22 18:57:53 ---------------------------------------------------------------------------------------------------------------------------------------------------- 2) Rapport AVP TOOL: Scan ---- Scanned: 312371 Detected: 6 Untreated: 0 Start time: 25/05/2008 02:15:04 Duration: 11:31:24 Finish time: 25/05/2008 13:46:28 Detected -------- Status Object ------ ------ deleted: adware not-a-virus:AdWare.Win32.WebSearch.bv File: C:\Program Files\Crawler\Toolbar\ctbr.dll deleted: Trojan program Trojan.Win32.Vapsup.fdm File: C:\QooBox\Quarantine\C\WINDOWS\fvowketqksn.dll.vir deleted: Trojan program Trojan.Win32.Vapsup.fdl File: C:\QooBox\Quarantine\C\WINDOWS\mpfanvqg.dll.vir deleted: Trojan program Trojan.Win32.Vapsup.fdn File: C:\QooBox\Quarantine\C\WINDOWS\pvnsmfor.dll.vir deleted: Trojan program Trojan.Win32.Inject.cac File: C:\QooBox\Quarantine\C\WINDOWS\system32\fccywVmn.dll.vir deleted: Trojan program Trojan.Win32.Inject.cac File: C:\QooBox\Quarantine\C\WINDOWS\system32\rqRjHwVN.dll.vir Events ------ Time Name Status Reason ---- ---- ------ ------ 25/05/2008 02:29:40 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSafe.zip/sbRecovery.reg password protected 25/05/2008 02:29:40 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSafe.zip/sbRecovery.ini password protected 25/05/2008 02:29:40 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 25/05/2008 02:29:40 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 25/05/2008 02:29:40 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro.zip/sbRecovery.reg password protected 25/05/2008 02:29:40 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro.zip/sbRecovery.ini password protected 25/05/2008 02:32:06 File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure.zip/sbRecovery.reg password protected 25/05/2008 02:32:06 File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure.zip/sbRecovery.ini password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/Ad-Aware SE Default.skn password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/arrow1.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/arrow2.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bck1.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt11.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt12.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt13.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt21.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt22.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt23.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt31.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt32.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt33.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt41.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt42.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt43.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt51.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt52.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt53.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt61.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt62.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox1.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox2.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox3.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox4.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/defbtn1.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/defbtn2.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/defbtn3.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph1.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph2.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph3.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph4.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph5.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph6.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph7.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/main.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/preview.bmp password protected 25/05/2008 02:37:39 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/sprite1.bmp password protected 25/05/2008 03:06:16 File: C:\Program Files\Crawler\Toolbar\ctbr.dll detected adware 'not-a-virus:AdWare.Win32.WebSearch.bv' 25/05/2008 03:06:17 File: C:\Program Files\Crawler\Toolbar\ctbr.dll not disinfected postponed 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/Ad-Aware SE Default.skn password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow1.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow2.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bck1.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt11.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt12.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt13.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt21.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt22.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt23.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt31.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt32.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt33.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt41.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt42.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt43.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt51.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt52.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt53.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt61.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt62.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox1.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox2.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox3.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox4.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn1.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn2.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn3.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph1.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph2.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph3.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph4.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph5.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph6.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph7.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/main.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/preview.bmp password protected 25/05/2008 04:07:45 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/sprite1.bmp password protected 25/05/2008 05:18:34 File: C:\QooBox\Quarantine\C\WINDOWS\fvowketqksn.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdm' 25/05/2008 05:18:34 File: C:\QooBox\Quarantine\C\WINDOWS\fvowketqksn.dll.vir not disinfected postponed 25/05/2008 05:18:34 File: C:\QooBox\Quarantine\C\WINDOWS\mpfanvqg.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdl' 25/05/2008 05:18:34 File: C:\QooBox\Quarantine\C\WINDOWS\mpfanvqg.dll.vir not disinfected postponed 25/05/2008 05:18:35 File: C:\QooBox\Quarantine\C\WINDOWS\pvnsmfor.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdn' 25/05/2008 05:19:00 File: C:\QooBox\Quarantine\C\WINDOWS\pvnsmfor.dll.vir not disinfected postponed 25/05/2008 05:19:00 File: C:\QooBox\Quarantine\C\WINDOWS\system32\fccywVmn.dll.vir detected Trojan program 'Trojan.Win32.Inject.cac' 25/05/2008 05:19:00 File: C:\QooBox\Quarantine\C\WINDOWS\system32\fccywVmn.dll.vir not disinfected postponed 25/05/2008 05:19:01 File: C:\QooBox\Quarantine\C\WINDOWS\system32\rqRjHwVN.dll.vir detected Trojan program 'Trojan.Win32.Inject.cac' 25/05/2008 05:19:01 File: C:\QooBox\Quarantine\C\WINDOWS\system32\rqRjHwVN.dll.vir not disinfected postponed 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/arrow1.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/arrow2.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bck1.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bck2.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt11.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt12.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt13.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt21.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt22.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt23.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt31.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt32.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt33.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt41.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt42.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt43.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt51.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt52.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt53.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt61.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt62.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox1.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox2.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox3.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox4.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/default.skn password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/defbtn1.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/defbtn2.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/defbtn3.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph1.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph2.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph3.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph4.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph5.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph6.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph7.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/main.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/preview.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/sprite1.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/tab1.bmp password protected 25/05/2008 05:33:04 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/tab2.bmp password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file004 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file005 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file006 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file007 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file008 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file009 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file010 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file011 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file012 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file013 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file014 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file016 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file017 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file018 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file019 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file020 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file021 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file023 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file024 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file025 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file026 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file027 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file028 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file029 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file030 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file031 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file032 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file033 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file034 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file035 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file036 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file037 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file038 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file039 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file040 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file041 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file042 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file043 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file044 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file045 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file046 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file047 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file048 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file049 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file050 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file051 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file052 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file053 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file054 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file055 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file056 password protected 25/05/2008 05:39:16 File: C:\telechargements\klcodec272f.exe//file057 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file058 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file059 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file060 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file061 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file062 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file063 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file064 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file065 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file066 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file067 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file068 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file069 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file070 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file071 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file072 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file073 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file074 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file075 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file076 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file077 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file078 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file079 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file080 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file081 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file082 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file083 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file084 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file085 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file086 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file087 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file088 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file089 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file090 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file091 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file092 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file093 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file094 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file095 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file096 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file097 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file098 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file099 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file100 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file101 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file102 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file103 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file104 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file105 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file106 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file107 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file108 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file109 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file110 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file111 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file112 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file113 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file114 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file115 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file116 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file117 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file118 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file119 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file120 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file121 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file122 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file123 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file124 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file125 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file126 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file127 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file128 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file129 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file130 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file131 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file132 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file133 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file134 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file135 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file136 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file137 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file138 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file139 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file140 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file141 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file142 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file143 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file144 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file145 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file146 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file147 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file148 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file149 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file150 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file151 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file152 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file153 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file154 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file155 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file156 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file157 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file158 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file159 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file160 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file161 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file162 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file163 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file164 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file165 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file166 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file167 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file168 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file169 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file170 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file171 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file172 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file173 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file174 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file175 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file176 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file177 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file178 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file179 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file180 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file181 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file182 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file183 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file184 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file185 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file186 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file187 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file188 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file189 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file190 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file191 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file192 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file193 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file194 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file195 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file196 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file197 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file198 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file199 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file200 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file201 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file202 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file203 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file204 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file205 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file206 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file207 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file208 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file209 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file210 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file211 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file212 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file213 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file214 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file215 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file216 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file217 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file218 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file219 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file220 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file221 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file222 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file223 password protected 25/05/2008 05:39:17 File: C:\telechargements\klcodec272f.exe//file224 password protected 25/05/2008 09:06:05 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSafe.zip/sbRecovery.reg password protected 25/05/2008 09:06:05 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ErrorSafe.zip/sbRecovery.ini password protected 25/05/2008 09:06:05 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg password protected 25/05/2008 09:06:05 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini password protected 25/05/2008 09:06:05 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro.zip/sbRecovery.reg password protected 25/05/2008 09:06:05 File: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro.zip/sbRecovery.ini password protected 25/05/2008 09:12:06 File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure.zip/sbRecovery.reg password protected 25/05/2008 09:12:06 File: C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure.zip/sbRecovery.ini password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/Ad-Aware SE Default.skn password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/arrow1.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/arrow2.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bck1.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt11.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt12.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt13.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt21.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt22.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt23.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt31.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt32.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt33.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt41.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt42.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt43.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt51.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt52.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt53.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt61.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/bt62.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox1.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox2.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox3.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/checkbox4.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/defbtn1.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/defbtn2.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/defbtn3.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph1.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph2.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph3.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph4.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph5.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph6.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/glyph7.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/main.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/preview.bmp password protected 25/05/2008 09:16:17 File: C:\Documents and Settings\lagarde\Bureau\aawsepersonal.exe//WISE0020.BIN/sprite1.bmp password protected 25/05/2008 09:34:51 File: C:\Program Files\Crawler\Toolbar\ctbr.dll detected adware 'not-a-virus:AdWare.Win32.WebSearch.bv' 25/05/2008 09:34:51 File: C:\Program Files\Crawler\Toolbar\ctbr.dll not disinfected postponed 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/Ad-Aware SE Default.skn password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow1.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow2.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bck1.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt11.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt12.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt13.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt21.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt22.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt23.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt31.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt32.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt33.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt41.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt42.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt43.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt51.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt52.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt53.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt61.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt62.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox1.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox2.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox3.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox4.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn1.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn2.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn3.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph1.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph2.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph3.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph4.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph5.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph6.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph7.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/main.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/preview.bmp password protected 25/05/2008 10:27:34 File: C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/sprite1.bmp password protected 25/05/2008 11:04:16 File: C:\QooBox\Quarantine\C\WINDOWS\fvowketqksn.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdm' 25/05/2008 11:04:16 File: C:\QooBox\Quarantine\C\WINDOWS\fvowketqksn.dll.vir not disinfected postponed 25/05/2008 11:04:17 File: C:\QooBox\Quarantine\C\WINDOWS\mpfanvqg.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdl' 25/05/2008 11:04:17 File: C:\QooBox\Quarantine\C\WINDOWS\mpfanvqg.dll.vir not disinfected postponed 25/05/2008 11:04:17 File: C:\QooBox\Quarantine\C\WINDOWS\pvnsmfor.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdn' 25/05/2008 11:04:17 File: C:\QooBox\Quarantine\C\WINDOWS\pvnsmfor.dll.vir not disinfected postponed 25/05/2008 11:04:17 File: C:\QooBox\Quarantine\C\WINDOWS\system32\fccywVmn.dll.vir detected Trojan program 'Trojan.Win32.Inject.cac' 25/05/2008 11:04:17 File: C:\QooBox\Quarantine\C\WINDOWS\system32\fccywVmn.dll.vir not disinfected postponed 25/05/2008 11:04:43 File: C:\QooBox\Quarantine\C\WINDOWS\system32\rqRjHwVN.dll.vir detected Trojan program 'Trojan.Win32.Inject.cac' 25/05/2008 11:04:43 File: C:\QooBox\Quarantine\C\WINDOWS\system32\rqRjHwVN.dll.vir not disinfected postponed 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/arrow1.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/arrow2.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bck1.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bck2.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt11.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt12.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt13.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt21.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt22.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt23.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt31.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt32.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt33.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt41.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt42.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt43.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt51.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt52.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt53.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt61.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/bt62.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox1.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox2.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox3.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/checkbox4.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/default.skn password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/defbtn1.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/defbtn2.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/defbtn3.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph1.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph2.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph3.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph4.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph5.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph6.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/glyph7.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/main.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/preview.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/sprite1.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/tab1.bmp password protected 25/05/2008 11:18:51 File: C:\telechargements\aawsepersonal.exe//WISE0022.BIN/tab2.bmp password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file004 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file005 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file006 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file007 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file008 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file009 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file010 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file011 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file012 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file013 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file014 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file016 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file017 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file018 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file019 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file020 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file021 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file023 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file024 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file025 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file026 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file027 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file028 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file029 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file030 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file031 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file032 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file033 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file034 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file035 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file036 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file037 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file038 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file039 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file040 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file041 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file042 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file043 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file044 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file045 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file046 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file047 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file048 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file049 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file050 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file051 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file052 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file053 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file054 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file055 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file056 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file057 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file058 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file059 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file060 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file061 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file062 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file063 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file064 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file065 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file066 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file067 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file068 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file069 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file070 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file071 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file072 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file073 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file074 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file075 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file076 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file077 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file078 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file079 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file080 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file081 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file082 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file083 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file084 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file085 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file086 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file087 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file088 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file089 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file090 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file091 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file092 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file093 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file094 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file095 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file096 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file097 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file098 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file099 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file100 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file101 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file102 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file103 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file104 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file105 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file106 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file107 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file108 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file109 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file110 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file111 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file112 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file113 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file114 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file115 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file116 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file117 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file118 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file119 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file120 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file121 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file122 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file123 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file124 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file125 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file126 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file127 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file128 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file129 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file130 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file131 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file132 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file133 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file134 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file135 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file136 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file137 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file138 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file139 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file140 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file141 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file142 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file143 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file144 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file145 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file146 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file147 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file148 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file149 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file150 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file151 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file152 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file153 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file154 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file155 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file156 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file157 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file158 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file159 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file160 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file161 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file162 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file163 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file164 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file165 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file166 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file167 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file168 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file169 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file170 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file171 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file172 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file173 password protected 25/05/2008 11:20:49 File: C:\telechargements\klcodec272f.exe//file174 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file175 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file176 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file177 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file178 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file179 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file180 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file181 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file182 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file183 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file184 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file185 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file186 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file187 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file188 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file189 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file190 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file191 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file192 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file193 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file194 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file195 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file196 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file197 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file198 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file199 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file200 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file201 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file202 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file203 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file204 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file205 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file206 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file207 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file208 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file209 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file210 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file211 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file212 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file213 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file214 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file215 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file216 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file217 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file218 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file219 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file220 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file221 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file222 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file223 password protected 25/05/2008 11:20:50 File: C:\telechargements\klcodec272f.exe//file224 password protected 25/05/2008 13:11:26 File: c:\program files\crawler\toolbar\ctbr.dll detected adware 'not-a-virus:AdWare.Win32.WebSearch.bv' 25/05/2008 13:45:37 File: c:\program files\crawler\toolbar\ctbr.dll deleted 25/05/2008 13:46:02 File: c:\qoobox\quarantine\c\windows\fvowketqksn.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdm' 25/05/2008 13:46:02 File: c:\qoobox\quarantine\c\windows\fvowketqksn.dll.vir deleted 25/05/2008 13:46:02 File: c:\qoobox\quarantine\c\windows\mpfanvqg.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdl' 25/05/2008 13:46:03 File: c:\qoobox\quarantine\c\windows\mpfanvqg.dll.vir deleted 25/05/2008 13:46:03 File: c:\qoobox\quarantine\c\windows\pvnsmfor.dll.vir detected Trojan program 'Trojan.Win32.Vapsup.fdn' 25/05/2008 13:46:28 File: c:\qoobox\quarantine\c\windows\pvnsmfor.dll.vir deleted 25/05/2008 13:46:28 File: c:\qoobox\quarantine\c\windows\system32\fccywvmn.dll.vir detected Trojan program 'Trojan.Win32.Inject.cac' 25/05/2008 13:46:28 File: c:\qoobox\quarantine\c\windows\system32\fccywvmn.dll.vir deleted 25/05/2008 13:46:28 File: c:\qoobox\quarantine\c\windows\system32\rqrjhwvn.dll.vir detected Trojan program 'Trojan.Win32.Inject.cac' 25/05/2008 13:46:28 File: c:\qoobox\quarantine\c\windows\system32\rqrjhwvn.dll.vir deleted Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- Settings -------- Parameter Value --------- ----- Security Level High Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats Yes Scan password-protected archives No Enable iChecker technology Yes Enable iSwift technology Yes Show detected threats on "Detected" tab Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ----
  5. je-rom
    Faudrais à la fin que tu me dise si tu veux bien, comment désinstaller ce kaspersky s'il te plaît. Là je le laisse scanner mon pc, je vais au dodo, bonne soirée à bientôt oGu!
  6. je-rom
    Attend laisse tomber, je viens de me rendre compte que le logiciel d'installation c'est mis tout seul sur mon bureau. En plus, il y est deux fois
  7. je-rom
    Je ne comprends pas oGu. Déjà la première fois j'avais cliqué sur le 1er de la liste qui date du 23 mai et apparament ce n'était pas le bon car il ne se nommé pas setup_7... je me suis retrouvé avec un fichier nommé RESCUE qui m'a pri 40 minutes de dézipage. Là j'ai cliqué sur le dernier de la liste se nommant setup_7..... et je reçois un message qui me dit: You must be logged in as an administrator when installing this program. Ok c'est cool , mais je ne peux pas aller plus loin.
  8. je-rom
    Il y as un souci avec AVP TOOL by Kaspersky, une fois ce dernier dézipé, je ne trouve pas le dossier nommé "setup_7.0xxxxx". C'est normal aussi que ça prenne environ 40 minutes à déziper?
  9. je-rom
    Désolé ça m'était sorti de la tête.Rapport Combofix n°8: ComboFix 08-05-21.3 - lagarde 2008-05-24 17:59:14.12 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.193 [GMT 2:00] Endroit: C:\Documents and Settings\lagarde\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\lagarde\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\juewnenf.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM7f644ff9.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\juewnenf.dll C:\WINDOWS\system32\lwwjcewi.exe C:\WINDOWS\system32\noyibkgx.dll C:\WINDOWS\system32\oolklarj.dll C:\WINDOWS\system32\pdjatriy.dll C:\WINDOWS\system32\ybyemlpw.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . 2008-05-22 15:41 . 2008-05-22 15:41 268 --ah-c--- C:\sqmdata04.sqm 2008-05-22 15:41 . 2008-05-22 15:41 244 --ah-c--- C:\sqmnoopt04.sqm 2008-05-22 13:58 . 2008-05-22 13:58 268 --ah-c--- C:\sqmdata03.sqm 2008-05-22 13:58 . 2008-05-22 13:58 244 --ah-c--- C:\sqmnoopt03.sqm 2008-05-22 12:40 . 2008-05-22 12:40 107,392 --a--c--- C:\WINDOWS\system32\kaesewhq.dll 2008-05-22 12:31 . 2008-05-22 12:31 94,464 --a--c--- C:\WINDOWS\system32\xfcrqlah.dll 2008-05-22 12:09 . 2008-05-22 12:09 268 --ah-c--- C:\sqmdata02.sqm 2008-05-22 12:09 . 2008-05-22 12:09 244 --ah-c--- C:\sqmnoopt02.sqm 2008-05-21 23:32 . 2008-05-22 13:39 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\TmpRecentIcons 2008-05-21 14:43 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-21 14:43 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-21 14:43 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-21 14:43 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-21 14:43 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-21 14:43 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-21 14:43 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-21 14:43 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-21 14:43 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-21 12:37 . 2008-05-21 12:38 <REP> d----c--- C:\Program Files\hpHosts 2008-05-21 12:37 . 2008-05-21 12:37 530,128 --a--c--- C:\hpHosts-Setup-Win32.exe 2008-05-20 22:15 . 2008-05-20 22:16 153,144 --a--c--- C:\ewido_micro.exe 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-05 20:46 27,048 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-18 01:28 . 2008-05-05 20:46 15,864 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-05-17 17:30 . 2008-05-24 12:39 <REP> d----c--- C:\Program Files\Mozilla Thunderbird 2008-05-17 17:14 . 2004-08-05 14:00 3,440 --a--c--- C:\sysoc.inf 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d--h-c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Voisinage r‚seau 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d--h-c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Voisinage d'impression 2008-05-17 15:50 . 2007-07-26 08:48 <REP> d--h-c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\ModŠles 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Mes documents 2008-05-17 15:50 . 2007-07-26 10:35 <REP> dr---c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Menu D‚marrer 2008-05-17 15:50 . 2007-07-26 10:35 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Favoris 2008-05-17 15:50 . 2007-07-26 08:56 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5\Bureau 2008-05-17 15:50 . 2008-05-17 16:24 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5 2008-05-17 15:47 . 2008-05-17 15:47 <REP> d----c--- C:\Program Files\CCleaner 2008-05-17 14:59 . 2008-05-24 16:59 <REP> d----c--- C:\WINDOWS\ERUNT 2008-05-17 14:03 . 2008-05-20 21:52 2,958 --a--c--- C:\WINDOWS\system32\tmp.reg 2008-05-17 14:02 . 2007-09-06 00:22 289,144 --a--c--- C:\WINDOWS\system32\VCCLSID.exe 2008-05-17 14:02 . 2006-04-27 17:49 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe 2008-05-17 14:02 . 2008-05-15 23:22 86,528 --a--c--- C:\WINDOWS\system32\VACFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\IEDFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\404Fix.exe 2008-05-17 14:02 . 2003-06-05 21:13 53,248 --a--c--- C:\WINDOWS\system32\Process.exe 2008-05-17 14:02 . 2004-07-31 18:50 51,200 --a--c--- C:\WINDOWS\system32\dumphive.exe 2008-05-17 14:02 . 2007-10-04 00:36 25,600 --a--c--- C:\WINDOWS\system32\WS2Fix.exe 2008-05-14 19:59 . 2008-05-14 19:59 <REP> d----c--- C:\Documents and Settings\Propriétaire 2008-05-14 13:48 . 2008-05-14 13:48 <REP> d----c--- C:\Program Files\Trend Micro 2008-05-09 17:57 . 2008-05-09 17:57 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-05-08 18:55 . 2008-05-08 18:55 <REP> d----c--- C:\backups 2008-05-07 20:44 . 2008-05-07 20:44 <REP> d----c--- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 15:04 --------- dc----w C:\Program Files\Java 2008-05-21 09:23 --------- dc----w C:\Program Files\Google 2008-05-20 23:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-05-17 23:27 --------- dc----w C:\Program Files\Common files 2008-05-17 15:34 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2007-10-20 07:38 108 -c--a-w C:\Program Files\output54.png 2007-10-20 07:37 2,118 -c--a-w C:\Program Files\photoshop.bmp 2007-10-20 07:33 2,118 -c--a-w C:\Program Files\Sans titre.bmp . ((((((((((((((((((((((((((((( snapshot_2008-05-22_12.30.32.07 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-12 23:28:38 765,952 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll + 2007-03-06 01:34:33 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll + 2007-03-06 01:34:38 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe + 2007-03-06 01:34:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll + 2007-03-06 01:34:56 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe + 2007-03-06 01:35:48 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll - 2008-05-22 10:10:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-24 16:03:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2000-08-31 06:00:00 73,728 -c--a-w C:\WINDOWS\fdsv.exe + 2000-08-31 06:00:00 89,504 -c--a-w C:\WINDOWS\fdsv.exe - 2008-05-22 09:55:41 29,371 -c--a-w C:\WINDOWS\hpoins03.dat + 2008-05-24 15:11:09 29,371 -c--a-w C:\WINDOWS\hpoins03.dat + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll + 2007-08-13 16:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll - 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll + 2008-05-24 16:04:08 16,384 -c--atw C:\WINDOWS\TEMP\Perflib_Perfdata_2dc.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "LVCOMSX"=":C:\WINDOWS\system32\LVCOMSX.EXE" [ ] "LogitechVideoRepair"=":C:\Program Files\Logitech\Video\ISStart.exe" [ ] "LogitechVideoTray"=":C:\Program Files\Logitech\Video\LogiTray.exe" [ ] "SynTPLpr"=":C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ] "SynTPEnh"=":C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 22:35 262401] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.MJPG"= pvmjpg21.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\mshta.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-06-23 08:04] R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys [2006-09-27 12:47] R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-29 16:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-10-06 13:04] R3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-05-07 13:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe09f87-c44c-11dc-9c4f-00c09f737e07}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 18:05:50 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\msiexec.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-24 18:10:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-24 16:10:14 ComboFix2.txt 2008-05-22 10:31:49 ComboFix3.txt 2008-05-21 10:23:39 ComboFix4.txt 2008-05-17 11:56:59 ComboFix5.txt 2008-05-15 17:30:50 Pre-Run: 23,705,042,944 octets libres Post-Run: 23,689,781,248 octets libres 188 --- E O F --- 2008-05-22 18:57:53
  10. je-rom
    Il reste des choses à faire ou on va arrêter? J'ai des idées qui me viennent sinon comme améliorer la rapidité de Firefox, améliorer la sécurité, désinstaller des choses inutiles sur mon pc, et faire démarrer mon pc plus vite. C'est incroyable la différence que met mon pc à s'allumer et s'éteindre comparer à celui de mon père. A oui! Un truc dont je voulais te parler depuis longtemps. J'ai constatais qu'à chaque démarrage de mon pc, en arrivant sur le bureau, il y a toujours des téléchargements de l'imprimante à mon père qui s'effectue et c'est vraiment pénible. Ca dure bien 30 secondes (avant ça ne le faisait pas, l'installation était déjà faite depuis environ 6 mois) . Ca le fait aussi quand on insère une clé USB mais là ça ne dure que 15 secondes à peu près. Est-ce que tu vois ce que je veux dire et si oui comment m'en débarrasser? Ceci fait ralentir mon pc.
  11. je-rom
    Oui, désolé je viens de comprendre, il faut tout simplement décocher la case: ajouter un compteur de position. Sorry!
  12. je-rom
    Les suggestions ont disparus, merci beaucoup car c'était pénible en effet . Par contre ta les chiffre devant qui apparaissent et qui n'existaient pas avant non plus. Tu penses que c'est mieux ainsi? Sinon on peut les enlever? Je t'ai pris exemple en écrivant ZEBULON dans le moteur de recherche et en faisant ressortir ces fameux chiffres en gras: 1. Zebulon.fr : Le site de l'optimisation PC et Windows Tous les trucs et astuces pour optimiser Windows et booster votre PC. www.zebulon.fr/ - 34k - En cache - Pages similaires Test de connexion Téléchargements Performances système Votre configuration Forums Test de sécurité Outils en ligne Antivirus en ligne Autres résultats, domaine zebulon.fr » 2. Test de connexion internet : quelle est votre bande passante ? Mesurer sa bande passante afin de tester sa connexion internet. www.zebulon.fr/outils/speedtest/speedtest.php - 20k - En cache - Pages similaires 3. Le Manège enchanté - Wikipédia
  13. je-rom
    Voilà, j'ai essayé de faire tous ce que tu m'a dit, je ne suis pas sur à 100% que tout est marché mais voilà. Par contre, il y a un truc bizarre. Mon petit historique internet ne marche plus comme avant. Par exemple avant je tapé sur la touche "Z" et de suite s'affiché Zébulon retenu en historique et il y avait plus qu'à cliquer dessus. Maintenant non seulement il n'y a plus zébulon, mais en plus je me retrouve avec des mots tel que: ZIP CODES, ZAPPOS,ZILLOW, ZERO PUNCTUATION, ZIP CODE,ZUNE,ZELLERS,ZIMBABWE,ZAWI,ZEITGEIST. Bref que tu charabia!!
  14. je-rom
    OK, mais si je clique sur ce lien, ils me disent: "Firefox ne sais pas ouvrir cette adresse car le protocole (abp) n'est associé à aucun programme". Faut t'il que j'installe Adblock Plus ??
  15. je-rom
    Salut oGu! J'ai eu un message en lançant Combofix en anglais me disant comme quoi il a expiré et donc le logo est parti. Je pense qu'il faut que tu m'en envoie en autre... Au fait, voici le rapport HJT 7: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:18:57, on 24/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Wireless 802.11g Monitor\WLService.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] :C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] :C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [synTPLpr] :C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] :C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe -- End of file - 6991 bytes
  16. je-rom
    Salut oGu! A ce que tu me racontes j'ai surement dû cliquer sur la publicité qui était en double fenêtre avec mon site et forcément ça la pris en compte et actionner VirtuMonde . D'accord je me réfèreré à l'avenir toujours à un intervenant sécurité. Je vais changer mes habitudes pour surfer le mieux que je peux. D'ailleurs je tiens à ne plus surfer à part sur Zébulon afin que tu ne me désinfecte pas dans le vide.
  17. je-rom
    Yes surement oGu, je ne crack rien, je sais même pas comment on fait, par contre j'ai visité YOU TUBE, ainsi que des tchats ensuite il est apparu la publicité pour le pocker puis 15 minutes après ait apparu le faux antivirus avec la tête de cafard comme logo de "MalWarrior 2008". Désolé, j'avais oublié de répondre à cette question dans mon précédent post. Je compte changer mes habitudes pour surfer à moins que je puisse arriver à me désinfecter tout seul comme aujourd'hui. Qu'en penses-tu? Je voudrais savoir déjà si j'ai vraiment réussi en totalité ou en partie si tu sais? Ce dont je suis sur, c'est que je n'ai rien fais de mal à part la visite de sites web douteux. Au pire je tiens à changer mes habitudes comme je t'ai confié. Cordialement Jérôme
  18. je-rom
    Salut oGu! T'inquiète pas je te comprends, le travail passe avant tout. Tu regarderas mes rapports quand t'aura moins de taf, je peux attendre, mon pc va beaucoup mieux grâce à tes précédents tuyaux que tu m'a filé. Je t'envois les rapports suivants comme tu m'a demandé: 1) Rapport Combofix n°7 2) Rapport MBAM n°3 puis n°4 car j'ai du le relancer une fois de plus, c'est ce que MBAM m'a demandé telement il avait du mal à se débarasser de pas mal d'éléments enfectés! [MBAM m'a vraiment aidé sur ce coup là, mon ordinateur allé déjà beaucoup mieux après! Puis, pour fluidifier un peu plus j'ai lancé un CCleaner, et mon pc sourié .] 3) Rapport Antivir n°2 4) Rapport de HijackThis n°6 NB: Je pense que les rapport les + intéressants à comprendre sont ceux de MBAM. J'avais dans un premier temps, une cinquantaine d'éléments infectés. Puis dans un second, une vingtaine ; le tout supprimé si j'ai bien compris. BON COURAGE, BONNE LECTURE ET MERDE POUR TON INSPECTION!! ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1) Rapport Combofix n°7: ComboFix 08-05-12.1 - lagarde 2008-05-22 12:03:45.11 - NTFSx86 Endroit: C:\Documents and Settings\lagarde\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\SuuuFfhk.ini C:\WINDOWS\system32\SuuuFfhk.ini2 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))))))) . 2008-05-22 12:09 . 2008-05-22 12:09 268 --ah-c--- C:\sqmdata02.sqm 2008-05-22 12:09 . 2008-05-22 12:09 244 --ah-c--- C:\sqmnoopt02.sqm 2008-05-21 23:32 . 2008-05-21 23:32 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\TmpRecentIcons 2008-05-21 21:46 . 2008-05-21 21:46 90,112 --a--c--- C:\WINDOWS\system32\noyibkgx.dll 2008-05-21 21:42 . 2008-05-21 21:42 107,392 --a--c--- C:\WINDOWS\system32\oolklarj.dll 2008-05-21 21:37 . 2008-05-21 21:37 2,560 --a--c--- C:\WINDOWS\system32\lwwjcewi.exe 2008-05-21 21:36 . 2008-05-22 12:25 109,807 --a--c--- C:\WINDOWS\BM7f644ff9.xml 2008-05-21 21:36 . 2008-05-21 21:36 95,488 --a--c--- C:\WINDOWS\system32\pdjatriy.dll 2008-05-21 21:34 . 2008-05-21 21:34 318,848 --a--c--- C:\WINDOWS\system32\khfFuuuS.dll 2008-05-21 21:29 . 2008-05-21 17:43 217,088 --a--c--- C:\WINDOWS\pxgdslro.dll 2008-05-21 21:29 . 2008-05-21 17:43 217,088 --a--c--- C:\WINDOWS\nldfmtapnvb.dll 2008-05-21 21:29 . 2008-05-21 17:43 176,128 --a--c--- C:\WINDOWS\gnowmebk.dll 2008-05-21 21:29 . 2008-05-21 17:43 151,552 --a--c--- C:\WINDOWS\gktxaspm.dll 2008-05-21 21:29 . 2008-05-21 17:43 94,208 --a--c--- C:\WINDOWS\elsq.exe 2008-05-21 21:29 . 2008-05-21 17:44 81,920 --a--c--- C:\WINDOWS\mdtgkswr.exe 2008-05-21 21:29 . 2008-05-21 21:29 29,312 --a--c--- C:\WINDOWS\system32\geBqQJBu.dll 2008-05-21 14:48 . 2008-05-21 14:55 1,374 --a--c--- C:\WINDOWS\imsins.BAK 2008-05-21 14:43 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-21 14:43 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-21 14:43 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-21 14:43 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-21 14:43 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-21 14:43 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-21 14:43 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-21 14:43 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-21 14:43 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-21 12:37 . 2008-05-21 12:38 <REP> d----c--- C:\Program Files\hpHosts 2008-05-21 12:37 . 2008-05-21 12:37 530,128 --a--c--- C:\hpHosts-Setup-Win32.exe 2008-05-20 22:15 . 2008-05-20 22:16 153,144 --a--c--- C:\ewido_micro.exe 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-05 20:46 27,048 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-18 01:28 . 2008-05-05 20:46 15,864 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-05-17 17:30 . 2008-05-21 19:49 <REP> d----c--- C:\Program Files\Mozilla Thunderbird 2008-05-17 17:14 . 2004-08-05 14:00 3,440 --a--c--- C:\sysoc.inf 2008-05-17 15:50 . 2008-05-17 16:24 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5 2008-05-17 15:47 . 2008-05-17 15:47 <REP> d----c--- C:\Program Files\CCleaner 2008-05-17 14:59 . 2008-05-17 14:59 <REP> d----c--- C:\WINDOWS\ERUNT 2008-05-17 14:09 . 2008-05-17 15:24 <REP> d----c--- C:\SDFix 2008-05-17 14:03 . 2008-05-20 21:52 2,958 --a--c--- C:\WINDOWS\system32\tmp.reg 2008-05-17 14:02 . 2007-09-06 00:22 289,144 --a--c--- C:\WINDOWS\system32\VCCLSID.exe 2008-05-17 14:02 . 2006-04-27 17:49 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe 2008-05-17 14:02 . 2008-05-15 23:22 86,528 --a--c--- C:\WINDOWS\system32\VACFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\IEDFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\404Fix.exe 2008-05-17 14:02 . 2003-06-05 21:13 53,248 --a--c--- C:\WINDOWS\system32\Process.exe 2008-05-17 14:02 . 2004-07-31 18:50 51,200 --a--c--- C:\WINDOWS\system32\dumphive.exe 2008-05-17 14:02 . 2007-10-04 00:36 25,600 --a--c--- C:\WINDOWS\system32\WS2Fix.exe 2008-05-14 19:59 . 2008-05-14 19:59 <REP> d----c--- C:\Documents and Settings\Propriétaire 2008-05-14 19:59 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings 2008-05-14 13:48 . 2008-05-14 13:48 <REP> d----c--- C:\Program Files\Trend Micro 2008-05-09 17:57 . 2008-05-09 17:57 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-05-08 18:55 . 2008-05-08 18:55 <REP> d----c--- C:\backups 2008-05-07 20:44 . 2008-05-07 20:44 <REP> d----c--- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents 2008-04-23 22:15 . 2008-04-23 22:15 268 --ah-c--- C:\sqmdata01.sqm 2008-04-23 22:15 . 2008-04-23 22:15 244 --ah-c--- C:\sqmnoopt01.sqm 2008-04-23 21:51 . 2008-04-23 21:51 268 --ah-c--- C:\sqmdata00.sqm 2008-04-23 21:51 . 2008-04-23 21:51 244 --ah-c--- C:\sqmnoopt00.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 15:04 --------- dc----w C:\Program Files\Java 2008-05-21 09:23 --------- dc----w C:\Program Files\Google 2008-05-20 23:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-05-17 23:27 --------- dc----w C:\Program Files\Common files 2008-05-17 15:34 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-03-25 04:51 621,344 -c--a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 -c--a-w C:\WINDOWS\system32\msjint40.dll 2008-03-23 11:27 --------- dc----w C:\Documents and Settings\lagarde\Application Data\ItsLabel 2008-03-22 17:32 --------- dc----w C:\Program Files\FreebieSMS 2008-03-20 08:09 1,845,376 -c--a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 12:58 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll 2007-10-20 07:38 108 -c--a-w C:\Program Files\output54.png 2007-10-20 07:37 2,118 -c--a-w C:\Program Files\photoshop.bmp 2007-10-20 07:33 2,118 -c--a-w C:\Program Files\Sans titre.bmp . ((((((((((((((((((((((((((((( snapshot_2008-05-17_13.56.33.18 ))))))))))))))))))))))))))))))))))))))))) . + 2006-03-24 04:49:05 49,152 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll + 2005-10-12 23:15:25 15,072 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll + 2005-10-12 23:15:26 216,800 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe + 2005-10-12 23:15:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll + 2005-10-12 23:15:28 727,776 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\update.exe + 2005-10-12 23:15:45 394,976 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll + 2006-07-14 15:52:22 121,856 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll + 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll + 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe + 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll + 2005-10-12 23:12:28 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe + 2005-10-12 23:12:33 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll + 2006-05-25 08:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe + 2006-05-25 08:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll + 2006-05-24 10:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe + 2006-05-24 10:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll + 2005-10-12 23:15:26 216,800 -c----w C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe + 2005-10-12 23:15:45 394,976 -c----w C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi.dll + 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll + 2004-12-21 10:14:24 28,672 -c----w C:\WINDOWS\$NtUninstallKB914440$\custsat.dll + 2005-10-12 23:15:24 216,800 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe + 2005-10-12 23:15:43 394,976 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll + 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe + 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll - 2008-05-17 11:50:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-22 10:10:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-17 00:22:37 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-05-17 13:00:13 4,780,032 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-05-17 13:00:13 163,840 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-05-17 00:22:37 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-05-17 12:59:57 4,780,032 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-05-17 12:59:57 163,840 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-05-17 10:06:21 29,371 -c--a-w C:\WINDOWS\hpoins03.dat + 2008-05-22 09:55:41 29,371 -c--a-w C:\WINDOWS\hpoins03.dat + 2004-08-05 12:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll + 2004-08-05 12:00:00 101,888 -c----w C:\WINDOWS\ie7\advpack.dll + 2004-08-05 12:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll + 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll + 2008-02-16 09:02:34 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll + 2008-02-16 09:02:35 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll + 2008-02-16 09:02:35 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll + 2004-08-05 12:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll + 2004-08-05 12:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe + 2004-08-05 12:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll + 2004-08-05 12:00:00 221,696 -c----w C:\WINDOWS\ie7\ieaksie.dll + 2004-08-05 12:00:00 245,760 -c----w C:\WINDOWS\ie7\ieakui.dll + 2004-08-05 12:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll + 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\ie7\iedw.exe + 2004-08-05 12:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll + 2008-02-16 09:02:35 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll + 2004-08-05 12:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll + 2004-08-05 12:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll + 2004-08-05 12:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe + 2004-08-05 12:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll + 2008-02-16 09:02:35 96,768 -c----w C:\WINDOWS\ie7\inseng.dll + 2007-12-18 14:41:58 450,560 -c----w C:\WINDOWS\ie7\jscript.dll + 2008-02-16 09:02:35 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll + 2004-08-05 12:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll + 2004-08-05 12:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe + 2008-02-16 22:32:38 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll + 2008-02-16 09:02:36 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll + 2004-08-05 12:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll + 2004-08-05 12:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll + 2008-02-16 09:02:37 146,432 -c----w C:\WINDOWS\ie7\msrating.dll + 2008-02-16 09:02:37 532,480 -c----w C:\WINDOWS\ie7\mstime.dll + 2004-08-05 12:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll + 2008-02-16 09:02:37 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll + 2007-09-26 16:34:42 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll + 2007-09-26 16:32:30 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe + 2006-09-06 15:43:28 216,800 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe + 2006-09-06 15:43:30 394,976 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll + 2004-08-05 12:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll + 2008-02-16 09:02:39 617,984 -c----w C:\WINDOWS\ie7\urlmon.dll + 2007-12-18 14:41:59 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll + 2007-06-26 13:56:54 851,968 -c----w C:\WINDOWS\ie7\vgx.dll + 2004-08-05 12:00:00 281,600 -c----w C:\WINDOWS\ie7\webcheck.dll + 2008-02-16 09:02:39 663,552 -c----w C:\WINDOWS\ie7\wininet.dll + 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll + 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll + 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll + 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll + 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll + 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe + 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll + 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll + 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll + 2007-02-12 14:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat + 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll + 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll + 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll + 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll + 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll + 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe + 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe + 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll + 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll + 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll + 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll + 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll + 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll + 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll + 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll + 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll + 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll + 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll + 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll + 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll + 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll + 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000 + 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll + 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll + 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll + 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll + 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000 + 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe + 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll + 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll + 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat + 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll + 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000 + 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll + 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll + 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000 + 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll + 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll + 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000 + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe + 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe + 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll + 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll + 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000 + 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll + 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000 + 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll + 2007-12-08 08:38:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000 + 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll + 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll + 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll + 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll + 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll + 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll + 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000 + 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll + 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000 + 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll + 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000 + 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll + 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000 - 2007-07-26 15:08:03 3,572 -c--a-w C:\WINDOWS\mozver.dat + 2008-05-21 17:52:51 4,188 -c--a-w C:\WINDOWS\mozver.dat + 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\network diagnostic\custsat.dll + 2006-10-10 12:44:50 557,568 -c----w C:\WINDOWS\network diagnostic\xpnetdiag.exe - 2004-08-05 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\admparse.dll + 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\system32\admparse.dll - 2004-08-05 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\advpack.dll + 2008-03-01 12:58:06 124,928 -c--a-w C:\WINDOWS\system32\advpack.dll - 2004-08-05 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll + 2007-08-13 16:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll - 2004-08-05 12:00:00 101,888 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2004-12-21 10:14:24 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll + 2007-08-13 16:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll - 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll - 2004-08-05 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll + 2007-08-13 16:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll - 2004-08-05 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2004-08-05 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2004-08-05 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2004-08-05 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll - 2004-08-05 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2007-08-13 16:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe - 2004-08-05 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll + 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll - 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll - 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2004-08-05 12:00:00 63,488 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll + 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll - 2004-08-05 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2004-08-05 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll + 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll - 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll + 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-08-05 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll + 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll - 2004-08-05 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe + 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe - 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2004-08-05 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll + 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll - 2004-08-05 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll + 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll - 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll - 2004-08-05 12:00:00 97,280 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2004-08-05 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll + 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll - 2007-06-26 13:56:54 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll + 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll - 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll + 2006-03-24 04:37:52 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll - 2004-08-05 12:00:00 281,600 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-02-16 09:02:39 663,552 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-02-16 09:02:34 357,888 -c--a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\system32\dxtmsft.dll - 2008-02-16 09:02:35 205,312 -c--a-w C:\WINDOWS\system32\dxtrans.dll + 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dxtrans.dll - 2008-02-16 09:02:35 55,808 -c--a-w C:\WINDOWS\system32\extmgr.dll + 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\extmgr.dll - 2008-04-09 19:27:58 1,405,648 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-21 09:07:38 1,401,128 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-03-01 12:58:06 63,488 -c--a-w C:\WINDOWS\system32\icardie.dll + 2006-06-29 06:05:44 26,112 -c----w C:\WINDOWS\system32\idndl.dll - 2004-08-05 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\ie4uinit.exe - 2004-08-05 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\ieakeng.dll + 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\ieakeng.dll - 2004-08-05 12:00:00 221,696 -c--a-w C:\WINDOWS\system32\ieaksie.dll + 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\ieaksie.dll - 2004-08-05 12:00:00 245,760 -c--a-w C:\WINDOWS\system32\ieakui.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\ieakui.dll + 2007-04-17 09:32:38 2,455,488 -c--a-w C:\WINDOWS\system32\ieapfltr.dat + 2008-03-01 12:58:07 383,488 -c--a-w C:\WINDOWS\system32\ieapfltr.dll - 2004-08-05 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\iedkcs32.dll - 2004-08-05 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\ieencode.dll + 2007-08-13 16:45:18 78,336 -c--a-w C:\WINDOWS\system32\ieencode.dll + 2008-03-01 12:58:08 6,066,176 -c--a-w C:\WINDOWS\system32\ieframe.dll - 2008-02-16 09:02:35 251,392 -c--a-w C:\WINDOWS\system32\iepeers.dll + 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\iepeers.dll - 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\iernonce.dll + 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\iernonce.dll + 2008-03-01 12:58:08 267,776 -c--a-w C:\WINDOWS\system32\iertutil.dll - 2004-08-05 12:00:00 63,488 -c--a-w C:\WINDOWS\system32\iesetup.dll + 2007-08-13 16:39:12 55,296 -c--a-w C:\WINDOWS\system32\iesetup.dll + 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\system32\ieudinit.exe + 2007-08-13 16:54:10 180,736 -c----w C:\WINDOWS\system32\ieui.dll - 2004-08-05 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\imgutil.dll + 2007-08-13 16:36:06 36,352 -c--a-w C:\WINDOWS\system32\imgutil.dll - 2008-02-16 09:02:35 96,768 -c--a-w C:\WINDOWS\system32\inseng.dll + 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\inseng.dll - 2007-09-24 21:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe + 2008-03-24 23:28:39 135,168 -c--a-w C:\WINDOWS\system32\java.exe - 2007-09-24 21:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe + 2008-03-24 23:28:43 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe - 2007-09-24 22:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe + 2008-03-25 00:37:01 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe - 2007-12-18 14:41:58 450,560 -c--a-w C:\WINDOWS\system32\jscript.dll + 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\jscript.dll - 2008-02-16 09:02:35 16,384 -c--a-w C:\WINDOWS\system32\jsproxy.dll + 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\jsproxy.dll - 2004-08-05 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\licmgr10.dll + 2007-08-13 16:44:18 40,960 -c--a-w C:\WINDOWS\system32\licmgr10.dll + 2008-03-24 18:21:00 2,889,088 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-24 18:21:00 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-01 12:58:08 459,264 -c--a-w C:\WINDOWS\system32\msfeeds.dll + 2008-03-01 12:58:08 52,224 -c--a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-08-13 16:36:40 12,288 -c----w C:\WINDOWS\system32\msfeedssync.exe - 2004-08-05 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\mshta.exe + 2007-08-13 16:32:30 45,568 -c--a-w C:\WINDOWS\system32\mshta.exe - 2008-02-16 22:32:38 3,080,704 -c--a-w C:\WINDOWS\system32\mshtml.dll + 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\mshtml.dll - 2008-02-16 09:02:36 449,024 -c--a-w C:\WINDOWS\system32\mshtmled.dll + 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\mshtmled.dll - 2004-08-05 12:00:00 57,344 -c--a-w C:\WINDOWS\system32\mshtmler.dll + 2007-08-13 16:01:12 48,128 -c--a-w C:\WINDOWS\system32\mshtmler.dll - 2004-08-05 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\msls31.dll + 2007-08-13 16:54:10 156,160 -c--a-w C:\WINDOWS\system32\msls31.dll - 2008-02-16 09:02:37 146,432 -c--a-w C:\WINDOWS\system32\msrating.dll + 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\msrating.dll - 2008-02-16 09:02:37 532,480 -c--a-w C:\WINDOWS\system32\mstime.dll + 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\mstime.dll + 2006-06-28 15:59:26 24,576 -c----w C:\WINDOWS\system32\nlsdl.dll + 2006-06-29 06:05:44 23,552 -c----w C:\WINDOWS\system32\normaliz.dll - 2004-08-05 12:00:00 97,280 -c--a-w C:\WINDOWS\system32\occache.dll + 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\occache.dll - 2008-02-16 09:02:37 39,424 -c--a-w C:\WINDOWS\system32\pngfilt.dll + 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\system32\pngfilt.dll - 2004-08-05 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\url.dll + 2008-03-01 12:58:10 105,984 -c--a-w C:\WINDOWS\system32\url.dll - 2008-02-16 09:02:39 617,984 -c--a-w C:\WINDOWS\system32\urlmon.dll + 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\urlmon.dll - 2007-12-18 14:41:59 417,792 -c--a-w C:\WINDOWS\system32\vbscript.dll + 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\vbscript.dll - 2004-08-05 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\wdigest.dll + 2006-03-24 04:37:52 49,152 -c--a-w C:\WINDOWS\system32\wdigest.dll - 2004-08-05 12:00:00 281,600 -c--a-w C:\WINDOWS\system32\webcheck.dll + 2008-03-01 12:58:11 233,472 -c--a-w C:\WINDOWS\system32\webcheck.dll + 2007-08-13 16:45:16 206,336 -c----w C:\WINDOWS\system32\WinFXDocObj.exe + 2006-07-14 15:51:51 121,856 -c----w C:\WINDOWS\system32\xmllite.dll + 2008-05-22 10:10:55 16,384 -c--atw C:\WINDOWS\TEMP\Perflib_Perfdata_49c.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08d87000-1359-47b7-bdac-94aaab6ac353}] 2008-05-21 21:42 107392 --a--c--- C:\WINDOWS\system32\oolklarj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}] 2008-05-21 21:29 29312 --a--c--- C:\WINDOWS\system32\geBqQJBu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2731AFA8-5455-490D-9525-509CEA608CC8}] 2008-05-21 21:34 318848 --a--c--- C:\WINDOWS\system32\khfFuuuS.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AB0CA27-95E4-437A-8093-FADF3A2FAC42}] 2008-05-21 17:43 217088 --a--c--- C:\WINDOWS\nldfmtapnvb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64CC964B-770D-4168-A36F-3C9B6EF0A454}] 2008-05-22 12:29 318336 --a--c--- C:\WINDOWS\system32\yayaXPig.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{AE7C2D7A-58B4-4DDD-904F-E089A9514E0F}"= "C:\WINDOWS\gktxaspm.dll" [2008-05-21 17:43 151552] [HKEY_CLASSES_ROOT\clsid\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f}] [HKEY_CLASSES_ROOT\gktxaspm.1] [HKEY_CLASSES_ROOT\TypeLib\{6A219592-3D06-46A5-B3FF-CBC8EB6FFF2B}] [HKEY_CLASSES_ROOT\gktxaspm] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "LVCOMSX"=":C:\WINDOWS\system32\LVCOMSX.EXE" [ ] "LogitechVideoRepair"=":C:\Program Files\Logitech\Video\ISStart.exe" [ ] "LogitechVideoTray"=":C:\Program Files\Logitech\Video\LogiTray.exe" [ ] "SynTPLpr"=":C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ] "SynTPEnh"=":C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 22:35 262401] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "BM7f644ff9"="C:\WINDOWS\system32\pdjatriy.dll" [2008-05-21 21:36 95488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{09A78B33-C7F6-465D-9CCA-98D5B98B78CB}"= C:\WINDOWS\system32\geBqQJBu.dll [2008-05-21 21:29 29312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "pxgdslro"= {E8233276-14FB-43D4-A0FC-12E5BEA58779} - C:\WINDOWS\pxgdslro.dll [2008-05-21 17:43 217088] "gnowmebk"= {0DDE9F1D-FEAE-4D41-8461-B4FBAD4FB66C} - C:\WINDOWS\gnowmebk.dll [2008-05-21 17:43 176128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqQJBu] geBqQJBu.dll 2008-05-21 21:29 29312 C:\WINDOWS\system32\geBqQJBu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.MJPG"= pvmjpg21.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayaXPig [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\mshta.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-06-23 08:04] R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys [2006-09-27 12:47] R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-29 16:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-10-06 13:04] R3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-05-07 13:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe09f87-c44c-11dc-9c4f-00c09f737e07}] \Shell\AutoRun\command - E:\LaunchU3.exe -a *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 12:25:34 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\geBqQJBu.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-22 12:31:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-22 10:31:29 ComboFix2.txt 2008-05-21 10:23:39 ComboFix3.txt 2008-05-17 11:56:59 ComboFix4.txt 2008-05-15 17:30:50 ComboFix5.txt 2008-05-15 17:06:40 Pre-Run: 23,628,754,944 octets libres Post-Run: 23,619,321,856 octets libres 536 --- E O F --- 2008-05-16 09:38:10 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2) Rapport MBAM n°3: Malwarebytes' Anti-Malware 1.12 Version de la base de données: 775 Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 103098 Temps écoulé: 26 minute(s), 58 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 5 Clé(s) du Registre infectée(s): 24 Valeur(s) du Registre infectée(s): 7 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 19 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\yayaXPig.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\geBqQJBu.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\khfFuuuS.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Unloaded module successfully. C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> Unloaded module successfully. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91cdf3b5-e9be-4c4a-ac96-f5c0a1995b04} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{91cdf3b5-e9be-4c4a-ac96-f5c0a1995b04} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3f8febf0-4a50-4420-904c-52b90054223e} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a825b3f7-6d09-4e4b-89a3-0dc05c0121fe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{46633232-ceae-4e9d-a0b7-37dcecbb97c6} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9b19a112-5f7e-4549-bdc1-9462ddc7d0b9} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{6a219592-3d06-46a5-b3ff-cbc8eb6fff2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebqqjbu (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e8233276-14fb-43d4-a0fc-12e5bea58779} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ab0ca27-95e4-437a-8093-fadf3a2fac42} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0dde9f1d-feae-4d41-8461-b4fbad4fb66c} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\gktxaspm.bpew (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\gktxaspm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09a78b33-c7f6-465d-9cca-98d5b98b78cb} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7c577c65 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM7f644ff9 (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pxgdslro (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gnowmebk (Trojan.FakeAlert) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae7c2d7a-58b4-4ddd-904f-e089a9514e0f} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayaxpig -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayaxpig -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\yayaXPig.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\giPXayay.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\giPXayay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\geBqQJBu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\elsq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tbabjykk.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\qxvnogvr.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\khfFuuuS.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\nldfmtapnvb.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\mdtgkswr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\gnowmebk.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\gktxaspm.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\lagarde\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\lagarde\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\lagarde\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\lagarde\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\lagarde\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\lagarde\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 3) Rapport MBAM n°4: Malwarebytes' Anti-Malware 1.12 Version de la base de données: 775 Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 103167 Temps écoulé: 24 minute(s), 3 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 13 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9b84a87-ef1a-4540-8421-432261cb6852} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e9b84a87-ef1a-4540-8421-432261cb6852} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\KvmSecure (Rogue.KVMSecure) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KvmSecure.exe (Rogue.KVMSecure) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\KvmSecure (Rogue.KVMSecure) -> Quarantined and deleted successfully. C:\Program Files\KvmSecure\Infected (Rogue.KVMSecure) -> Quarantined and deleted successfully. C:\Program Files\KvmSecure\Suspicious (Rogue.KVMSecure) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\khfFuuuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SuuuFfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SuuuFfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tbabjykk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kkyjbabt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BB616C19-9308-4AEE-AE53-7E9CBAFF6409}\RP14\A0004412.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{BB616C19-9308-4AEE-AE53-7E9CBAFF6409}\RP14\A0004422.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\KvmSecure\vscan.tsi (Rogue.KVMSecure) -> Quarantined and deleted successfully. C:\Program Files\KvmSecure\zlib.dll (Rogue.KVMSecure) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayaXPig.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\pxgdslro.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\lagarde\Application Data\Microsoft\Internet Explorer\Quick Launch\KvmSecure.lnk (Rogue.KVMSecure) -> Quarantined and deleted successfully. C:\Documents and Settings\lagarde\Local Settings\Tempboome20.exe (Trojan.Agent) -> Quarantined and deleted successfully. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4) Rapport Antivir n°2: Avira AntiVir Personal Report file date: jeudi 22 mai 2008 15:46 Scanning for 1282124 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: lagarde Computer name: LAGARDE-F08F9D5 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/04/2008 20:35:00 AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/04/2008 20:35:00 LUKE.DLL : 8.1.2.9 151809 Bytes 27/04/2008 20:35:01 LUKERES.DLL : 8.1.2.1 12033 Bytes 27/04/2008 20:35:01 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 08:26:36 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:19:02 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 21:35:00 ANTIVIR3.VDF : 7.0.4.76 102400 Bytes 21/05/2008 16:48:42 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 27/04/2008 20:35:03 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 15/05/2008 20:41:20 AESCN.DLL : 8.1.0.18 119156 Bytes 15/05/2008 20:41:12 AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 20:35:03 AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 20:41:07 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/04/2008 20:35:03 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 20:41:01 AEHELP.DLL : 8.1.0.14 115063 Bytes 27/04/2008 20:35:03 AEGEN.DLL : 8.1.0.21 303477 Bytes 15/05/2008 20:40:37 AEEMU.DLL : 8.1.0.6 430451 Bytes 07/05/2008 20:29:22 AECORE.DLL : 8.1.0.29 168311 Bytes 15/05/2008 20:40:27 AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/04/2008 20:35:00 AVPREF.DLL : 8.0.0.1 25857 Bytes 27/04/2008 20:35:00 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 27/04/2008 20:35:00 AVARKT.DLL : 1.0.0.23 307457 Bytes 27/04/2008 20:35:00 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/04/2008 20:35:00 SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/04/2008 20:35:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/04/2008 20:35:01 NETNT.DLL : 8.0.0.1 7937 Bytes 27/04/2008 20:35:01 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/04/2008 20:34:48 RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/04/2008 20:34:49 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: jeudi 22 mai 2008 15:46 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '28' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users.WINDOWS\Documents\Mes vidéos\ZENSOFT_300 (D)\Adobe Acrobat\Reader\Japanese\ar405jpn.exe [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Documents and Settings\lagarde\Bureau\ComboFix.exe [DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 [DETECTION] Contains detection pattern of the SPR/Tool.PV program [WARNING] The file was ignored! C:\Documents and Settings\lagarde\Bureau\Flash_Disinfector.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.2 [WARNING] The file was ignored! C:\Documents and Settings\lagarde\Bureau\SmitfraudFix.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.92 C:\Documents and Settings\lagarde\Bureau\SmitfraudFix.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\Reboot.exe [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program --> SmitfraudFix\restart.exe [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program [WARNING] The file was ignored! C:\Documents and Settings\lagarde\Local Settings\Temp\nircmd.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.2 [NOTE] The file was moved to '48a78480.qua'! End of the scan: jeudi 22 mai 2008 19:49 Used time: 4:02:51 min The scan has been done completely. 7366 Scanning directories 260091 Files were scanned 8 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 260083 Files not concerned 1783 Archives were scanned 5 Warnings 1 Notes --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 5) Rapport de HijackThis n°6: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:03:29, on 22/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Wireless 802.11g Monitor\WLService.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {28538e90-63a6-37fb-a334-e6f7b2abcf3b} - {b3fcba2b-7f6e-433a-bf73-6a3609e83582} - C:\WINDOWS\system32\juewnenf.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] :C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] :C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [synTPLpr] :C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] :C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe -- End of file - 7084 bytes
  19. je-rom
    Salut oGu! Oui pour te dire aussi en ce moment c'est la m.... sur mon pc encore ! Avec Firefox et IE7 tous ramé et après une pub pour du poker est venu, puis 15 minutes après ce satané MalWarrior 2008 qui est réaparu et qui veut pas se supprimer facilement. J'ai aussi toujours Anti-vir qui me détecte un trojan que je met en quarantaine puis qui réaparait automatiquement 1 secondes après. Je peux plus du tout aller sur Internet, je t'écris depuis un autre poste là. J'ai lancé ComboFix tout seul, ça n'a rien donné. Là je suis en train de lancer MALWAREBYTES ANTIMALWARE (MBAM) qui m'a déjà détecté 18 éléments infectés! Je crois que j'étais plus tranquille avec mon vieux IE6, j'ai l'impression que IE7 et Firefox sont plus sensibles et vulnérables aux infections. AU SECOURS AIDE MOI S'IL TE PLAIT
  20. je-rom
    1) J'ai téléchargé Firefox 2 et le Java update 6 que tu m'a passé. Je voudrais le gardé OK. Par contre j'ai beaucoup de choses inutiles sur mon pc tel que IE 6 et 7 je crois que j'ai Firefox 1 et 2. J'ai pas mal d'icônes, de fichiers et logiciels inutiles sur mon pc. Je voudrais m'en débarrasser mais je ne sais pas trop lesquels garder et supprimer., tu pourrais m'aider pour ça aussi? 2) Au fait j'ai voulu garder la page d'accueil de IE (durant l'installation de Firefox ils le demande) et je me retrouve avec le même souci que tout à l'heure. Toujours http://fr.msn.com/ en page d'accueil au lieu de Google. 3) En aparté: J'ai lu aussi dans un article de Zébulon écrit par Megataupe, dans la session " le grenier à astuce":
  21. je-rom
    Hey oGu! 1) Mon pc fait bien les mises à jours Windows automatiquement, donc je le laisse faire à chaque fois. Cela dit il était arrivé auparavent 3 ou 4 fois qu'il me propose Internet Explorer 7. Je l'avais donc téléchargé la première fois mais je l'ai désinstallé car je trouvais que les textes devenaient un peu flou et aussi qu'il mettait plus de temps à ouvrir les pages Internet. (Ce qui est bien toujours le cas) NB: J'ai quand même installé ce que tu m'a dis car je te fais confiance. 2) Au sujet de Java, j'avais déjà effectué les mises à jour lors de la précédente procédure. J'ai quand même vérifié et je reçois un message me disant:" Vous disposez déjà de la Plateforme Java la plus récente sur ce système". 3) Depuis quelques jours, j'ai toujours comme page d'accueil Internet: http://fr.msn.com/. Moi je veux Google, mais quand je vais le chercher dans mes favoris, ils ne me propose plus comme avant de l"afficher toujours comme page d'accueil... c'est pénible . 4) AU fait, tu voulais pas que je télécharge plutot Firefox? 5) OUI!!!!!!!!!! s'il te plaît
  22. je-rom
    Salut oGu! Je t'envois les 3 rapports suivant: SMITFRAUD, ComboFix et HijackThis. Voici le rapport de SMITFRAUDFIX: SmitFraudFix v2.320 Rapport fait à 21:44:52,10, 20/05/2008 Executé à partir de C:\Documents and Settings\lagarde\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{2FECA8BB-D493-4C52-8AA3-752BB58B984F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{2FECA8BB-D493-4C52-8AA3-752BB58B984F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{2FECA8BB-D493-4C52-8AA3-752BB58B984F}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Voici le rapport de ComboFix n°6: ComboFix 08-05-12.1 - lagarde 2008-05-21 12:12:41.10 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.164 [GMT 2:00] Endroit: C:\Documents and Settings\lagarde\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\lagarde\Bureau\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_NPF -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))))))) . 2008-05-20 22:15 . 2008-05-20 22:16 153,144 --a--c--- C:\ewido_micro.exe 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\lagarde\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-18 01:28 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-05-18 01:28 . 2008-05-05 20:46 27,048 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-18 01:28 . 2008-05-05 20:46 15,864 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys 2008-05-17 17:30 . 2008-05-20 20:18 <REP> d----c--- C:\Program Files\Mozilla Thunderbird 2008-05-17 17:14 . 2004-08-05 14:00 3,440 --a--c--- C:\sysoc.inf 2008-05-17 15:50 . 2008-05-17 16:24 <REP> d----c--- C:\Documents and Settings\Administrateur.LAGARDE-F08F9D5 2008-05-17 15:47 . 2008-05-17 15:47 <REP> d----c--- C:\Program Files\CCleaner 2008-05-17 14:59 . 2008-05-17 14:59 <REP> d----c--- C:\WINDOWS\ERUNT 2008-05-17 14:09 . 2008-05-17 15:24 <REP> d----c--- C:\SDFix 2008-05-17 14:03 . 2008-05-20 21:52 2,958 --a--c--- C:\WINDOWS\system32\tmp.reg 2008-05-17 14:02 . 2007-09-06 00:22 289,144 --a--c--- C:\WINDOWS\system32\VCCLSID.exe 2008-05-17 14:02 . 2006-04-27 17:49 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe 2008-05-17 14:02 . 2008-05-15 23:22 86,528 --a--c--- C:\WINDOWS\system32\VACFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\IEDFix.exe 2008-05-17 14:02 . 2008-04-28 08:03 82,944 --a--c--- C:\WINDOWS\system32\404Fix.exe 2008-05-17 14:02 . 2003-06-05 21:13 53,248 --a--c--- C:\WINDOWS\system32\Process.exe 2008-05-17 14:02 . 2004-07-31 18:50 51,200 --a--c--- C:\WINDOWS\system32\dumphive.exe 2008-05-17 14:02 . 2007-10-04 00:36 25,600 --a--c--- C:\WINDOWS\system32\WS2Fix.exe 2008-05-14 19:59 . 2008-05-14 19:59 <REP> d----c--- C:\Documents and Settings\Propriétaire 2008-05-14 19:59 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings 2008-05-14 13:48 . 2008-05-14 13:48 <REP> d----c--- C:\Program Files\Trend Micro 2008-05-09 17:57 . 2008-05-09 17:57 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2008-05-08 18:55 . 2008-05-08 18:55 <REP> d----c--- C:\backups 2008-05-07 20:44 . 2008-05-07 20:44 <REP> d----c--- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents 2008-04-23 22:15 . 2008-04-23 22:15 268 --ah-c--- C:\sqmdata01.sqm 2008-04-23 22:15 . 2008-04-23 22:15 244 --ah-c--- C:\sqmnoopt01.sqm 2008-04-23 21:51 . 2008-04-23 21:51 268 --ah-c--- C:\sqmdata00.sqm 2008-04-23 21:51 . 2008-04-23 21:51 244 --ah-c--- C:\sqmnoopt00.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 09:23 --------- dc----w C:\Program Files\Google 2008-05-21 09:22 --------- dc----w C:\Program Files\Java 2008-05-20 23:59 --------- dc----w C:\Program Files\Fichiers communs\Adobe 2008-05-17 23:27 --------- dc----w C:\Program Files\Common files 2008-05-17 15:34 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-03-23 11:27 --------- dc----w C:\Documents and Settings\lagarde\Application Data\ItsLabel 2008-03-22 17:32 --------- dc----w C:\Program Files\FreebieSMS 2007-10-20 07:38 108 -c--a-w C:\Program Files\output54.png 2007-10-20 07:37 2,118 -c--a-w C:\Program Files\photoshop.bmp 2007-10-20 07:33 2,118 -c--a-w C:\Program Files\Sans titre.bmp . ((((((((((((((((((((((((((((( snapshot_2008-05-17_13.56.33.18 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-17 11:50:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-21 10:17:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-17 00:22:37 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-05-17 13:00:13 4,780,032 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-05-17 13:00:13 163,840 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-05-17 00:22:37 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-05-17 12:59:57 4,780,032 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-05-17 12:59:57 163,840 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-05-17 10:06:21 29,371 -c--a-w C:\WINDOWS\hpoins03.dat + 2008-05-21 10:19:28 29,371 -c--a-w C:\WINDOWS\hpoins03.dat - 2008-04-09 19:27:58 1,405,648 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-21 09:07:38 1,401,128 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2007-09-24 21:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe + 2008-02-21 23:23:35 135,168 -c--a-w C:\WINDOWS\system32\java.exe - 2007-09-24 21:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe + 2008-02-21 23:23:39 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe - 2007-09-24 22:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 00:33:32 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe + 2008-05-21 10:17:59 16,384 -c--atw C:\WINDOWS\TEMP\Perflib_Perfdata_3a8.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=":C:\WINDOWS\system32\ctfmon.exe" [ ] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "LVCOMSX"=":C:\WINDOWS\system32\LVCOMSX.EXE" [ ] "LogitechVideoRepair"=":C:\Program Files\Logitech\Video\ISStart.exe" [ ] "LogitechVideoTray"=":C:\Program Files\Logitech\Video\LogiTray.exe" [ ] "SynTPLpr"=":C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ] "SynTPEnh"=":C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 22:35 262401] "OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.MJPG"= pvmjpg21.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\mshta.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2004-06-23 08:04] R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.291\ATI Tray Tools\atitray.sys [2006-09-27 12:47] R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-29 16:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-10-06 13:04] R3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-05-07 13:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe09f87-c44c-11dc-9c4f-00c09f737e07}] \Shell\AutoRun\command - E:\LaunchU3.exe -a *Newly Created Service* - GTNDIS5 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-21 12:19:32 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\msiexec.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-21 12:23:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-21 10:23:29 ComboFix2.txt 2008-05-17 11:56:59 ComboFix3.txt 2008-05-15 17:30:50 ComboFix4.txt 2008-05-15 17:06:40 ComboFix5.txt 2008-05-14 18:22:26 Pre-Run: 23,848,263,680 octets libres Post-Run: 23,884,124,160 octets libres 165 --- E O F --- 2008-05-16 09:38:10 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Voici le rapport de HijackThis n°5: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:10, on 21/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Wireless 802.11g Monitor\WLService.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] :C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] :C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [synTPLpr] :C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] :C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] :C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe -- End of file - 6704 bytes A+ !
  23. je-rom
    bien joué! C'est ça qu'il fallait faire! On ne peut que désactiver les toolbars Google sur mon IE. J'en avais 2 du même types mais pas exactement du même fichier. Je les ai désactivé tout les deux. Je vais commencer tranquilement la désinfection. @+
  24. je-rom
    Salut oGu! J'espère que tu vas bien et que j'en ai plus trop pour longtemps à t'embêter 1)Tu as raison, c'est pour ça que j'ai attendu aujourd'hui car je viens de finir les examens. 2)Là aussi tu as raison car j'imagine pas que des gens puissent être aussi pas cool de nous balançer des publicités pour de faux anti-virus, donc du coup j'arrivais plus à distinguer les vrais des faux. Mais je crois qu'ils étaient tous faux . Sinon je ne télécharge jamais rien films ou musiques illégalement, ta du t'en rendre comte dans certains rapports non? Bref le respect du travail est important pour moi. Tu m'a dit: 3)Ok mais déjà à partir de "Outils/Gestion des modules complémentaires", je ne vois pas la phrase. Est-tu sur de ne pas confondre ou t'être trompé? Du coup je reste toujours bloqué à la 1ère procédure . Sinon j'ai juste désinstallé AVG, c'était simple et rapide. A bientôt!
  25. je-rom
    Salut uGo! Je suis content que ça ait bien marché en général ce que j'ai fais. En ce moment, j'ai pas mal de boulot d'école (révisions) je commencerai les procédures plus tard. Pour répondre à ta question: "J'espère que tu n'as pas installé la Yahoo! Toolbar à l'installation de CCleaner". La réponse est non, t'inquiète pas, j'ai décoché cette case car le mec du post l'avait bien précisé. Ensuite, j'ai lu un peu ce que tu m'avais posté et j'ai des questions: 1) Pour Firefox, je pense que je vais pas très bien comprendre cette 1ère procédure car moi j'ai InternetExplorer. Certes, j'ai toujours entendu dire que Firefox était mieux que InternetExplorer , mais comme je ne m'en suis jamais servi, mieux vaut que je garde celui que j'ai en ce moment non? Si non, pourrais-tu m'envoyer le lien du Firefox en question s'il te plaît pour que je puisse appliquer la procédure, merci. 2) Tu me dis: "si tu as la version Free de AVG Antispyware, désinstalle-là: Ewido la remplacera (Ewido utilise les bases de données d'AVG !)". C'est le Cas, j'ai bien AVG, par contre je veux savoir si je dois désinstaller AVG définitivement ou temporairement le temps de la procédure de EWIDO? 3) J'ai lu rapidement les liens au sujets des toolbars, ça confirme mes inquiétudes. Je déteste être espionné, j'espère qu'on pourra protéger mon pc contre ça. Puis faudrais que tu me dises si ya un moyen de protéger mon pc avec un bon anti-virus ou autre chose gratuit, car malgrès avoir AntiVir et le mettre régulièrement à jour, ta vus tous ce que j'ai attrapé....
×
×
  • Créer...