ordi lent, fenetres intempestives, erreursRésolu/Fermé

Question

Bonjour,
Depuis quelques temps mon ordi rame, l'acces à internet est long et fastidieux. Des messages d'erreur se multiplient et des fenetres de pubs s'ouvrent à tout va dont certaines me proposent d'analyser gratuitement mon pc.
Comment faire?

verni29 · Answer

Bonjour,
télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

A+

ritchy · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:46, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\xvwtuovf.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\fxtvhuac.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

ritchy · Answer

Username "RYCHIE" - 09/07/2008 10:38:24 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.3 85.255.112.127" <Value cleared.

Cache de résolution DNS vidé.


System was rebooted successfully. 
 
~~~~~ Postrun check 
....
....
~~~~~ Misc files. 
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"PRISMSTA.EXE"="PRISMSTA.EXE START"
"DownloadAccelerator"="\"C:\Program Files\DAP\DAP.EXE\" /STARTUP"
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE -s "
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
"NBKeyScan"="\"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe\""
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\Program Files\iTunes\iTunesHelper.exe\""
"BMb760cbaf"="Rundll32.exe \"C:\WINDOWS\system32\xvwtuovf.dll\",s"
"b453f833"="rundll32.exe \"C:\WINDOWS\system32\fxtvhuac.dll\",b"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"MsnMsgr"="\"C:\Program Files\MSN Messenger\MsnMsgr.Exe\" /background"
"Shareaza"="\"C:\Program Files\Shareaza\Shareaza.exe\" -tray"
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU \"C:\WINDOWS\TEMP\E_S145.tmp\" /EF \"HKCU\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

ritchy · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:28, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\qqmyqcnw.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\rfkkkunn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

ritchy · Answer

j'ai installée antiniv mais je n'arive pas à virer le fichier TR/Crypt.XPACK.Gen la fenetre revient sans cesse , il est logé dans system32\rfkkunn.dll
comment faire??

ritchy · Answer

bon, j'y suis mais ça fuse de partout, ya des messages qui ne cessent de s'afficher, c'est pénible, ça vient d'antivir et de sunbelt

ritchy · Answer

je nettoie l'ordi de mon copain...qui voulait jamais m'écouter et installer tout ce qu'il fallait!

Est-ce normal que ce soient tjs les mêmes fichiers qu'antivir m'indique???

ritchy · Answer

oui, c'est un peu gênant...les fenetres s'affichent et me bloquent dans ce que je fais

ritchy · Answer

rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:06, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

ritchy · Answer

après plus de 4h, on y est!


Malwarebytes' Anti-Malware 1.20
Version de la base de données: 934
Windows 5.1.2600 Service Pack 2

08:36:03 10/07/2008
mbam-log-7-10-2008 (08-36-03).txt

Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 133106
Temps écoulé: 4 hour(s), 8 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrklfu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098436.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098454.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098471.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP920\A0100492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP923\A0100525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP924\A0100550.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100571.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101619.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101649.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101650.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP933\A0101671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101694.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP937\A0102746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP938\A0102772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP939\A0102794.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP940\A0102845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102869.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP944\A0102911.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP946\A0102979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP947\A0103979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP948\A0103998.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP950\A0104043.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP951\A0104063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109266.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109272.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109275.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109276.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109278.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109283.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109285.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIaywv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

ritchy · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:04, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

ritchy · Answer

ComboFix 08-07-09.5 - RYCHIE 2008-07-10 12:43:19.1 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.369 [GMT 2:00] Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMb760cbaf.txt C:\WINDOWS\system32\aefmnewx.dll C:\WINDOWS\system32\ajbgdjgk.ini C:\WINDOWS\system32\alhuipxv.ini C:\WINDOWS\system32\awtRkLFu.dll C:\WINDOWS\system32\ayupca.dll C:\WINDOWS\system32\bbwyeasx.dll C:\WINDOWS\system32\bhvtfhkp.dll C:\WINDOWS\system32\bkyylpnr.ini C:\WINDOWS\system32\bnprqcyw.ini C:\WINDOWS\system32\bnzxct.dll C:\WINDOWS\system32\btuytagc.ini C:\WINDOWS\system32\byoilrdg.ini C:\WINDOWS\system32\cauhvtxf.ini C:\WINDOWS\system32\cdzrht.dll C:\WINDOWS\system32\cpmbuqix.dll C:\WINDOWS\system32\dcdwhwgq.dll C:\WINDOWS\system32\dfhnpsku.ini C:\WINDOWS\system32\dgbblz.dll C:\WINDOWS\system32\dstptrvy.ini C:\WINDOWS\system32\dwojbw.dll C:\WINDOWS\system32\dxphvxgi.ini C:\WINDOWS\system32\eamxqfoc.dll C:\WINDOWS\system32\eqjikbiy.ini C:\WINDOWS\system32\eufixndj.dll C:\WINDOWS\system32\faenehwx.ini C:\WINDOWS\system32\fcepdrgs.ini C:\WINDOWS\system32\ffntwpsf.dll C:\WINDOWS\system32\fghqccdm.dll C:\WINDOWS\system32\fgjccetq.dll C:\WINDOWS\system32\fqivalnn.ini C:\WINDOWS\system32\fueddkhq.dll C:\WINDOWS\system32\gcsncfty.dll C:\WINDOWS\system32\gvvpfiwt.dll C:\WINDOWS\system32\gyvtmycj.ini C:\WINDOWS\system32\hgGxUNeb.dll C:\WINDOWS\system32\hikcqbui.dll C:\WINDOWS\system32\hniggnbb.dll C:\WINDOWS\system32\hrnmerwm.dll C:\WINDOWS\system32\hshtyvne.dll C:\WINDOWS\system32\htadxrfq.ini C:\WINDOWS\system32\hvsouada.dll C:\WINDOWS\system32\igegvfxo.dll C:\WINDOWS\system32\ikywfn.dll C:\WINDOWS\system32\imdokg.dll C:\WINDOWS\system32\iojimpoh.dll C:\WINDOWS\system32\isqogjrw.ini C:\WINDOWS\system32\iwwvbx.dll C:\WINDOWS\system32\jdpdxyvy.dll C:\WINDOWS\system32\jdudysrs.ini C:\WINDOWS\system32\jletxm.dll C:\WINDOWS\system32\joymojbm.ini C:\WINDOWS\system32\jvjqbluj.ini C:\WINDOWS\system32\jwkcifqf.ini C:\WINDOWS\system32\kdfrptiy.dll C:\WINDOWS\system32\kerkoblt.dll C:\WINDOWS\system32\knlfqswv.dll C:\WINDOWS\system32\lcawgdbd.dll C:\WINDOWS\system32\liwegggf.ini C:\WINDOWS\system32\ljsfcbum.ini C:\WINDOWS\system32\lpnnyo.dll C:\WINDOWS\system32\lqzkol.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mohbayvy.dll C:\WINDOWS\system32\mpxvixfb.ini C:\WINDOWS\system32\neccbvik.ini C:\WINDOWS\system32\nfbmbufj.ini C:\WINDOWS\system32\nhrpvq.dll C:\WINDOWS\system32\nmeoqsla.ini C:\WINDOWS\system32\nnukkkfr.ini C:\WINDOWS\system32\nrwbfa.dll C:\WINDOWS\system32\ntasmkws.dll C:\WINDOWS\system32\ntiyup.dll C:\WINDOWS\system32\ntwajfmt.dll C:\WINDOWS\system32\oenkrbos.ini C:\WINDOWS\system32\ofcdbxvu.ini C:\WINDOWS\system32\orgtiddw.dll C:\WINDOWS\system32\panrkued.dll C:\WINDOWS\system32\pcvcpoqo.ini C:\WINDOWS\system32\pmnljJBq.dll C:\WINDOWS\system32\poaxqmfr.dll C:\WINDOWS\system32\qbiplfbr.ini C:\WINDOWS\system32\qfxjylim.dll C:\WINDOWS\system32\qhptngjh.ini C:\WINDOWS\system32\qnpkcolv.ini C:\WINDOWS\system32\qqmyqcnw.dll C:\WINDOWS\system32\qrbdtkas.dll C:\WINDOWS\system32\qsyqhdns.dll C:\WINDOWS\system32\rldcyojm.dll C:\WINDOWS\system32\rllugcxg.dll C:\WINDOWS\system32\rqofhrxc.ini C:\WINDOWS\system32\rvhpejva.dll C:\WINDOWS\system32\sknnichm.dll C:\WINDOWS\system32\snujvurx.dll C:\WINDOWS\system32\swcaviuj.dll C:\WINDOWS\system32\tduiddck.ini C:\WINDOWS\system32\tikaulcm.ini C:\WINDOWS\system32\toccsabk.ini C:\WINDOWS\system32\tttuuutw.ini C:\WINDOWS\system32\tylruy.dll C:\WINDOWS\system32\ukqvejkk.dll C:\WINDOWS\system32\uqrzdo.dll C:\WINDOWS\system32\vkqgwmjr.dll C:\WINDOWS\system32\vufqhoka.ini C:\WINDOWS\system32\vuqmopsn.dll C:\WINDOWS\system32\vzzapt.dll C:\WINDOWS\system32\wfbwnqqu.ini C:\WINDOWS\system32\whddmowa.dll C:\WINDOWS\system32\wienum.dll C:\WINDOWS\system32\WinSpooler.exe C:\WINDOWS\system32\wqhtlucj.ini C:\WINDOWS\system32\wqkwjakv.dll C:\WINDOWS\system32\xexvetss.dll C:\WINDOWS\system32\xhjuihpg.ini C:\WINDOWS\system32\xijiypuv.dll C:\WINDOWS\system32\xrtukt.dll C:\WINDOWS\system32\xvwtuovf.dll C:\WINDOWS\system32\xwudasgu.dll C:\WINDOWS\system32\yacydfeg.ini C:\WINDOWS\system32\yiupiqte.ini C:\WINDOWS\system32\yqokekvx.dll C:\WINDOWS\system32\YyIlkRqr.ini C:\WINDOWS\system32\YyIlkRqr.ini2 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))))))) . 2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 17:26 . 2008-07-09 17:26 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-09 17:26 . 2008-07-09 17:26 d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes 2008-07-09 17:26 . 2008-07-09 17:26 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-09 16:58 . 2008-07-09 17:02 d-------- C:\Toolbar SD 2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini 2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys 2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys 2008-07-09 14:02 . 2008-07-09 14:02 d-------- C:\Program Files\Sunbelt Software 2008-07-09 14:00 . 2008-07-09 14:00 d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-09 14:00 . 2008-07-09 16:23 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-09 13:19 . 2008-07-09 13:19 d-------- C:\Program Files\Avira 2008-07-09 13:19 . 2008-07-09 13:19 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-09 10:36 . 2008-07-09 10:45 d-------- C:\fixwareout 2008-07-09 10:22 . 2008-07-09 10:22 d-------- C:\Program Files\Trend Micro 2008-07-01 19:23 . 2008-07-01 19:23 1,713,713 --ahs---- C:\WINDOWS\system32\pwjwqucf.tmp 2008-07-01 19:23 . 2008-07-01 19:23 294 --ahs---- C:\WINDOWS\system32\pwjwqucf.ini 2008-06-30 19:11 . 2008-06-30 19:11 1,733,619 --ahs---- C:\WINDOWS\system32\joymojbm.tmp 2008-06-28 10:18 . 2008-06-28 10:17 294 --ahs---- C:\WINDOWS\system32\jkfoolas.ini 2008-06-28 10:17 . 2008-06-28 10:17 1,733,640 --ahs---- C:\WINDOWS\system32\jkfoolas.tmp 2008-06-26 19:14 . 2008-06-26 19:14 1,706,852 ---hs---- C:\WINDOWS\system32\dxphvxgi.tmp 2008-06-24 20:56 . 2008-06-25 20:33 1,126 ---hs---- C:\WINDOWS\system32\pomenrob.ini 2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-09 14:24 --------- d-----w C:\Program Files\Safari 2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update 2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat 2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes 2008-05-17 09:14 --------- d-----w C:\Program Files\iPod 2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe 2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys 2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip3_1.mpg 2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip2_1.mpg 2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip1_1.mpg 2006-06-15 18:00 2,193,412 ----a-w C:\Program Files\((dream2_1.mpg 2006-06-15 18:00 2,134,020 ----a-w C:\Program Files\((dream1_1.mpg 2006-06-15 17:58 1,984,516 ----a-w C:\Program Files\gonzo1.mpg 2006-06-15 17:58 1,959,940 ----a-w C:\Program Files\gonzo2.mpg 2006-06-15 17:48 1,700,047 ----a-w C:\Program Files\$$003.mpg 2006-06-15 17:48 1,699,852 ----a-w C:\Program Files\$$002_3.mpg 2006-06-15 17:48 1,698,143 ----a-w C:\Program Files\$$001.mpg 2006-05-21 09:20 1,030,213 ----a-w C:\Program Files\3.mpg 2006-05-16 21:46 2,234,372 ----a-w C:\Program Files\magic1.mpg 2006-05-16 21:46 2,146,308 ----a-w C:\Program Files\magic2.mpg 2006-05-13 12:36 2,379,780 ----a-w C:\Program Files\dream2.mpg 2006-05-13 12:36 2,373,636 ----a-w C:\Program Files\dream1.mpg 2006-05-07 19:04 700,420 ----a-w C:\Program Files\2.mpg 2006-05-06 09:27 736,206 ----a-w C:\Program Files\4_9.wmv 2006-05-06 09:27 705,882 ----a-w C:\Program Files\3_10.wmv 2006-05-06 09:26 731,874 ----a-w C:\Program Files\2_11.wmv 2006-05-06 09:26 702,994 ----a-w C:\Program Files\1_11.wmv 2006-05-06 08:59 1,395,843 ----a-w C:\Program Files\3_12.mpg 2006-05-06 08:59 1,395,759 ----a-w C:\Program Files\4_2.mpg 2006-05-06 08:57 1,394,424 ----a-w C:\Program Files\1_16.mpg 2006-05-06 08:57 1,393,645 ----a-w C:\Program Files\2_17.mpg 2006-05-06 08:55 933,892 ----a-w C:\Program Files\3_11.mpg 2006-05-06 08:55 860,164 ----a-w C:\Program Files\2_16.mpg 2006-05-06 08:55 860,164 ----a-w C:\Program Files\1_15.mpg 2006-04-30 12:43 782,340 ----a-w C:\Program Files\2_15.mpg 2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0[/u]003.mpg 2006-04-24 19:14 1,437,700 ----a-w C:\Program Files\2_14.mpg 2006-04-24 19:14 1,368,068 ----a-w C:\Program Files\3_10.mpg 2006-04-24 19:08 1,290,894 ----a-w C:\Program Files\1_14.mpg 2006-04-24 19:03 735,236 ----a-w C:\Program Files\1_13.mpg 2006-04-24 19:03 700,420 ----a-w C:\Program Files\2_13.mpg 2006-04-19 05:42 1,395,843 ----a-w C:\Program Files\3_9.mpg 2006-04-19 05:42 1,395,759 ----a-w C:\Program Files\4_1.mpg 2006-04-19 05:41 1,394,424 ----a-w C:\Program Files\1_12.mpg 2006-04-19 05:41 1,393,645 ----a-w C:\Program Files\2_12.mpg 2006-04-15 09:07 1,291,124 ----a-w C:\Program Files\3_8.mpg 2006-04-15 09:07 1,284,546 ----a-w C:\Program Files\2_11.mpg 2006-04-15 09:07 1,279,776 ----a-w C:\Program Files\1_11.mpg 2006-04-15 08:54 1,599,492 ----a-w C:\Program Files\2_10.mpg 2006-04-15 08:54 1,597,444 ----a-w C:\Program Files\1_10.mpg 2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0[/u]3_9.mpg 2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0[/u]1_10.mpg 2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0[/u]2_10.mpg 2006-04-11 21:07 521,350 ----a-w C:\Program Files\2_10.wmv 2006-04-11 21:07 493,920 ----a-w C:\Program Files\3_9.wmv 2006-04-11 21:07 492,470 ----a-w C:\Program Files\1_10.wmv 2006-04-11 21:07 460,702 ----a-w C:\Program Files\4_8.wmv 2006-04-11 21:05 1,269,637 ----a-w C:\Program Files\3_7.mpg 2006-04-11 18:46 1,260,693 ----a-w C:\Program Files\1_9.mpg 2006-04-11 18:46 1,252,854 ----a-w C:\Program Files\2_9.mpg 2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\2_8.mpg 2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\1_8.mpg 2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0[/u]2_9.mpg 2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0[/u]3_8.mpg 2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0[/u]2_8.mpg 2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0[/u]001_2.mpg 2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0[/u]002_2.mpg 2006-04-09 11:58 804,868 ----a-w C:\Program Files\2_7.mpg 2006-04-09 11:58 802,820 ----a-w C:\Program Files\1_7.mpg 2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0[/u]3_6.mpg 2006-04-08 12:15 983,075 ----a-w C:\Program Files\4_7.wmv 2006-04-08 12:15 983,075 ----a-w C:\Program Files\3_8.wmv 2006-04-08 12:15 977,275 ----a-w C:\Program Files\1_9.wmv 2006-04-08 12:15 1,029,475 ----a-w C:\Program Files\2_9.wmv 2006-04-08 12:14 2,034,885 ----a-w C:\Program Files\1_8.wmv 2006-04-08 12:14 1,986,885 ----a-w C:\Program Files\2_8.wmv 2006-04-08 12:14 1,978,885 ----a-w C:\Program Files\4_6.wmv 2006-04-08 12:14 1,930,885 ----a-w C:\Program Files\3_7.wmv 2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]3_5.mpg 2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]2_6.mpg 2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]1_6.mpg 2006-04-06 18:39 1,710,564 ----a-w C:\Program Files\3_6.mpg 2006-04-06 18:38 1,637,533 ----a-w C:\Program Files\2_6.mpg 2006-04-06 18:38 1,637,407 ----a-w C:\Program Files\1_6.mpg 2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0[/u]3_4.mpg 2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0[/u]4_2.mpg 2006-04-06 18:11 2,166,788 ----a-w C:\Program Files\3_5.mpg 2006-04-06 18:10 2,222,084 ----a-w C:\Program Files\2_5.mpg 2006-04-06 18:10 2,166,788 ----a-w C:\Program Files\1_5.mpg 2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0[/u]3_3.mpg 2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0[/u]2_4.mpg 2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0[/u]1_4.mpg . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064] "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944] "SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=pxxkiixs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.DIV3"= DIVXc32.dll "vidc.DIV4"= DIVXc32f.dll "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Shareaza\Shareaza.exe"= "C:\Program Files\DAP\DAP.exe"= R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24] R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03] R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54] R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54] R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51] R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54] S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . - - - - ORPHANS REMOVED - - - - BHO-{0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll BHO-{487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file) BHO-{eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll HKLM-Run-PRISMSTA.EXE - PRISMSTA.EXE Notify-awtRkLFu - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-10 12:50:54 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-10 12:57:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-10 10:56:03 Pre-Run: 5,848,817,664 octets libres Post-Run: 5,878,308,864 octets libres 361 --- E O F --- 2008-07-10 10:25:56

ritchy · Answer

HKEY_CLASSES_ROOT\Applications\regedit.exe


si je me suis pas trompée c ça!

ritchy · Answer

trouve pas le fichier........

antivir se calme, y'a moins de fenetres qui s'affichent, enfin pour l'instant!

ritchy · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

verni29 · Answer

1)  fermes ton navigateur.
Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime     
O20 - AppInit_DLLs: pxxkiixs.dll 

Tu choisis l'option " Fixchecked" en bas de la page.

2) Ouvre le bloc-notes et sélectionne le texte suivant.
Copie/colle ce texte dans le bloc-notes.
Enregistre le fichier sur le bureau et nomme-le CFScript.txt.

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

File::

C:\WINDOWS\system32\WinUpdating.exe
C:\WINDOWS\system32\pwjwqucf.tmp
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\Program Files\^^clip3_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\$$003.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$001.mpg
C:\Program Files\3.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\Program Files\dream2.mpg
C:\Program Files\dream1.mpg
C:\Program Files\2.mpg
C:\Program Files\4_9.wmv
C:\Program Files\3_10.wmv
C:\Program Files\2_11.wmv
C:\Program Files\1_11.wmv
C:\Program Files\3_12.mpg
C:\Program Files\4_2.mpg
C:\Program Files\1_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\3_11.mpg
C:\Program Files\2_16.mpg
C:\Program Files\1_15.mpg
C:\Program Files\2_15.mpg
C:\Program Files\[u]0/u003.mpg
C:\Program Files\2_14.mpg
C:\Program Files\3_10.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_13.mpg
C:\Program Files\2_13.mpg
C:\Program Files\3_9.mpg
C:\Program Files\4_1.mpg
C:\Program Files\1_12.mpg
C:\Program Files\2_12.mpg
C:\Program Files\3_8.mpg
C:\Program Files\2_11.mpg
C:\Program Files\1_11.mpg
C:\Program Files\2_10.mpg
C:\Program Files\1_10.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\3_9.wmv
C:\Program Files\1_10.wmv
C:\Program Files\4_8.wmv
C:\Program Files\3_7.mpg
C:\Program Files\1_9.mpg
C:\Program Files\2_9.mpg
C:\Program Files\2_8.mpg
C:\Program Files\1_8.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\2_7.mpg
C:\Program Files\1_7.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\4_7.wmv
C:\Program Files\3_8.wmv
C:\Program Files\1_9.wmv
C:\Program Files\2_9.wmv
C:\Program Files\1_8.wmv
C:\Program Files\2_8.wmv
C:\Program Files\4_6.wmv
C:\Program Files\3_7.wmv
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\3_6.mpg
C:\Program Files\2_6.mpg
C:\Program Files\1_6.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\3_5.mpg
C:\Program Files\2_5.mpg
C:\Program Files\1_5.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u1_4.mpg

Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.
Glisse/dépose le script sur ComBoFix. Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport et tu le postes avec un rapport Hijackthis.

A+

ritchy · Answer

ComboFix 08-07-09.5 - RYCHIE 2008-07-10 19:40:47.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00] Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe Command switches used :: C:\Documents and Settings\RYCHIE\Bureau\CFScript.txt..txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\Program Files\$$001.mpg C:\Program Files\$$002_3.mpg C:\Program Files\$$003.mpg C:\Program Files\((dream1_1.mpg C:\Program Files\((dream2_1.mpg C:\Program Files\[u]0/u001_2.mpg C:\Program Files\[u]0/u002_2.mpg C:\Program Files\[u]0/u003.mpg C:\Program Files\[u]0/u1_10.mpg C:\Program Files\[u]0/u1_4.mpg C:\Program Files\[u]0/u1_6.mpg C:\Program Files\[u]0/u2_10.mpg C:\Program Files\[u]0/u2_4.mpg C:\Program Files\[u]0/u2_6.mpg C:\Program Files\[u]0/u2_8.mpg C:\Program Files\[u]0/u2_9.mpg C:\Program Files\[u]0/u3_3.mpg C:\Program Files\[u]0/u3_4.mpg C:\Program Files\[u]0/u3_5.mpg C:\Program Files\[u]0/u3_6.mpg C:\Program Files\[u]0/u3_8.mpg C:\Program Files\[u]0/u3_9.mpg C:\Program Files\[u]0/u4_2.mpg C:\Program Files\^^clip1_1.mpg C:\Program Files\^^clip2_1.mpg C:\Program Files\^^clip3_1.mpg C:\Program Files\1_10.mpg C:\Program Files\1_10.wmv C:\Program Files\1_11.mpg C:\Program Files\1_11.wmv C:\Program Files\1_12.mpg C:\Program Files\1_13.mpg C:\Program Files\1_14.mpg C:\Program Files\1_15.mpg C:\Program Files\1_16.mpg C:\Program Files\1_5.mpg C:\Program Files\1_6.mpg C:\Program Files\1_7.mpg C:\Program Files\1_8.mpg C:\Program Files\1_8.wmv C:\Program Files\1_9.mpg C:\Program Files\1_9.wmv C:\Program Files\2.mpg C:\Program Files\2_10.mpg C:\Program Files\2_10.wmv C:\Program Files\2_11.mpg C:\Program Files\2_11.wmv C:\Program Files\2_12.mpg C:\Program Files\2_13.mpg C:\Program Files\2_14.mpg C:\Program Files\2_15.mpg C:\Program Files\2_16.mpg C:\Program Files\2_17.mpg C:\Program Files\2_5.mpg C:\Program Files\2_6.mpg C:\Program Files\2_7.mpg C:\Program Files\2_8.mpg C:\Program Files\2_8.wmv C:\Program Files\2_9.mpg C:\Program Files\2_9.wmv C:\Program Files\3.mpg C:\Program Files\3_10.mpg C:\Program Files\3_10.wmv C:\Program Files\3_11.mpg C:\Program Files\3_12.mpg C:\Program Files\3_5.mpg C:\Program Files\3_6.mpg C:\Program Files\3_7.mpg C:\Program Files\3_7.wmv C:\Program Files\3_8.mpg C:\Program Files\3_8.wmv C:\Program Files\3_9.mpg C:\Program Files\3_9.wmv C:\Program Files\4_1.mpg C:\Program Files\4_2.mpg C:\Program Files\4_6.wmv C:\Program Files\4_7.wmv C:\Program Files\4_8.wmv C:\Program Files\4_9.wmv C:\Program Files\dream1.mpg C:\Program Files\dream2.mpg C:\Program Files\gonzo1.mpg C:\Program Files\gonzo2.mpg C:\Program Files\magic1.mpg C:\Program Files\magic2.mpg C:\WINDOWS\system32\dxphvxgi.tmp C:\WINDOWS\system32\jkfoolas.ini C:\WINDOWS\system32\jkfoolas.tmp C:\WINDOWS\system32\joymojbm.tmp C:\WINDOWS\system32\pomenrob.ini C:\WINDOWS\system32\pwjwqucf.ini C:\WINDOWS\system32\pwjwqucf.tmp C:\WINDOWS\system32\WinUpdating.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\$$001.mpg C:\Program Files\$$002_3.mpg C:\Program Files\$$003.mpg C:\Program Files\((dream1_1.mpg C:\Program Files\((dream2_1.mpg C:\Program Files\^^clip1_1.mpg C:\Program Files\^^clip2_1.mpg C:\Program Files\^^clip3_1.mpg C:\Program Files\1_10.mpg C:\Program Files\1_10.wmv C:\Program Files\1_11.mpg C:\Program Files\1_11.wmv C:\Program Files\1_12.mpg C:\Program Files\1_13.mpg C:\Program Files\1_14.mpg C:\Program Files\1_15.mpg C:\Program Files\1_16.mpg C:\Program Files\1_5.mpg C:\Program Files\1_6.mpg C:\Program Files\1_7.mpg C:\Program Files\1_8.mpg C:\Program Files\1_8.wmv C:\Program Files\1_9.mpg C:\Program Files\1_9.wmv C:\Program Files\2.mpg C:\Program Files\2_10.mpg C:\Program Files\2_10.wmv C:\Program Files\2_11.mpg C:\Program Files\2_11.wmv C:\Program Files\2_12.mpg C:\Program Files\2_13.mpg C:\Program Files\2_14.mpg C:\Program Files\2_15.mpg C:\Program Files\2_16.mpg C:\Program Files\2_17.mpg C:\Program Files\2_5.mpg C:\Program Files\2_6.mpg C:\Program Files\2_7.mpg C:\Program Files\2_8.mpg C:\Program Files\2_8.wmv C:\Program Files\2_9.mpg C:\Program Files\2_9.wmv C:\Program Files\3.mpg C:\Program Files\3_10.mpg C:\Program Files\3_10.wmv C:\Program Files\3_11.mpg C:\Program Files\3_12.mpg C:\Program Files\3_5.mpg C:\Program Files\3_6.mpg C:\Program Files\3_7.mpg C:\Program Files\3_7.wmv C:\Program Files\3_8.mpg C:\Program Files\3_8.wmv C:\Program Files\3_9.mpg C:\Program Files\3_9.wmv C:\Program Files\4_1.mpg C:\Program Files\4_2.mpg C:\Program Files\4_6.wmv C:\Program Files\4_7.wmv C:\Program Files\4_8.wmv C:\Program Files\4_9.wmv C:\Program Files\dream1.mpg C:\Program Files\dream2.mpg C:\Program Files\gonzo1.mpg C:\Program Files\gonzo2.mpg C:\Program Files\magic1.mpg C:\Program Files\magic2.mpg C:\WINDOWS\BMb760cbaf.xml C:\WINDOWS\system32\dxphvxgi.tmp C:\WINDOWS\system32\jkfoolas.ini C:\WINDOWS\system32\jkfoolas.tmp C:\WINDOWS\system32\joymojbm.tmp C:\WINDOWS\system32\pomenrob.ini C:\WINDOWS\system32\pwjwqucf.ini C:\WINDOWS\system32\pwjwqucf.tmp . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))))))) . 2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-09 17:26 . 2008-07-09 17:26 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-09 17:26 . 2008-07-09 17:26 d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes 2008-07-09 17:26 . 2008-07-09 17:26 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-09 16:58 . 2008-07-09 17:02 d-------- C:\Toolbar SD 2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini 2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys 2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys 2008-07-09 14:02 . 2008-07-09 14:02 d-------- C:\Program Files\Sunbelt Software 2008-07-09 14:00 . 2008-07-09 14:00 d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-09 14:00 . 2008-07-09 16:23 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-09 13:19 . 2008-07-09 13:19 d-------- C:\Program Files\Avira 2008-07-09 13:19 . 2008-07-09 13:19 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-09 10:36 . 2008-07-09 10:45 d-------- C:\fixwareout 2008-07-09 10:22 . 2008-07-09 10:22 d-------- C:\Program Files\Trend Micro 2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-09 14:24 --------- d-----w C:\Program Files\Safari 2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update 2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat 2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes 2008-05-17 09:14 --------- d-----w C:\Program Files\iPod 2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe 2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys 2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0[/u]003.mpg 2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0[/u]3_9.mpg 2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0[/u]1_10.mpg 2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0[/u]2_10.mpg 2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0[/u]2_9.mpg 2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0[/u]3_8.mpg 2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0[/u]2_8.mpg 2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0[/u]001_2.mpg 2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0[/u]002_2.mpg 2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0[/u]3_6.mpg 2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]3_5.mpg 2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]2_6.mpg 2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]1_6.mpg 2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0[/u]3_4.mpg 2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0[/u]4_2.mpg 2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0[/u]3_3.mpg 2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0[/u]2_4.mpg 2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0[/u]1_4.mpg 2006-04-04 18:27 1,719,391 ----a-w C:\Program Files\[u]0[/u]03_1.mpg 2006-04-04 18:27 1,699,359 ----a-w C:\Program Files\[u]0[/u]02_2.mpg 2006-04-04 18:26 1,699,924 ----a-w C:\Program Files\[u]0[/u]01_2.mpg 2006-04-02 16:16 950,858 ----a-w C:\Program Files\[u]0[/u]1_3.wmv 2006-04-02 16:16 921,864 ----a-w C:\Program Files\[u]0[/u]2_3.wmv 2006-04-02 16:16 829,058 ----a-w C:\Program Files\[u]0[/u]3_3.wmv 2006-04-02 16:16 782,652 ----a-w C:\Program Files\[u]0[/u]4_3.wmv 2006-04-02 16:13 921,953 ----a-w C:\Program Files\2_4.mpg 2006-04-02 16:13 921,937 ----a-w C:\Program Files\1_4.mpg 2006-04-02 16:13 857,128 ----a-w C:\Program Files\4.mpg 2006-04-02 16:13 857,007 ----a-w C:\Program Files\3_4.mpg 2006-03-31 20:48 1,507,072 ----a-w C:\Program Files\1_7.wmv 2006-03-31 20:48 1,491,072 ----a-w C:\Program Files\2_7.wmv 2006-03-31 18:56 1,783,209 ----a-w C:\Program Files\[u]0[/u]3_2.mpg 2006-03-31 18:55 1,895,578 ----a-w C:\Program Files\[u]0[/u]2_3.mpg 2006-03-31 18:55 1,820,407 ----a-w C:\Program Files\[u]0[/u]1_3.mpg 2006-03-31 18:55 1,769,544 ----a-w C:\Program Files\[u]0[/u]4_1.mpg 2006-03-31 18:46 564,676 ----a-w C:\Program Files\2_6.wmv 2006-03-31 18:46 545,904 ----a-w C:\Program Files\3_6.wmv 2006-03-31 18:46 525,682 ----a-w C:\Program Files\1_6.wmv 2006-03-31 18:46 514,136 ----a-w C:\Program Files\4_5.wmv 2006-03-31 18:44 2,381,564 ----a-w C:\Program Files\4_4.wmv 2006-03-31 18:44 2,373,564 ----a-w C:\Program Files\3_5.wmv 2006-03-31 18:43 2,389,564 ----a-w C:\Program Files\2_5.wmv 2006-03-31 18:43 2,373,564 ----a-w C:\Program Files\1_5.wmv 2006-03-31 18:41 1,564,254 ----a-w C:\Program Files\2_3.mpg 2006-03-31 18:41 1,557,429 ----a-w C:\Program Files\3_3.mpg 2006-03-31 18:39 1,563,655 ----a-w C:\Program Files\1_3.mpg 2006-03-31 18:27 1,669,124 ----a-w C:\Program Files\[u]0[/u]3_1.mpg 2006-03-31 18:27 1,626,116 ----a-w C:\Program Files\[u]0[/u]4.mpg 2006-03-31 18:27 1,601,540 ----a-w C:\Program Files\[u]0[/u]2_2.mpg 2006-03-31 18:27 1,568,772 ----a-w C:\Program Files\[u]0[/u]1_2.mpg 2006-03-30 19:37 1,378,374 ----a-w C:\Program Files\2_4.wmv 2006-03-30 19:37 1,072,274 ----a-w C:\Program Files\4_3.wmv 2006-03-30 19:37 1,057,792 ----a-w C:\Program Files\3_4.wmv 2006-03-30 19:37 1,052,072 ----a-w C:\Program Files\1_4.wmv 2006-03-30 19:06 884,463 ----a-w C:\Program Files\1_3.wmv 2006-03-30 19:05 872,863 ----a-w C:\Program Files\4_2.wmv 2006-03-30 19:05 872,863 ----a-w C:\Program Files\3_3.wmv 2006-03-30 19:05 1,035,263 ----a-w C:\Program Files\2_3.wmv 2006-03-30 18:46 939,270 ----a-w C:\Program Files\[u]0[/u]3_2.wmv 2006-03-30 18:46 921,864 ----a-w C:\Program Files\[u]0[/u]4_2.wmv 2006-03-30 18:46 916,064 ----a-w C:\Program Files\[u]0[/u]1_2.wmv 2006-03-30 18:46 852,264 ----a-w C:\Program Files\[u]0[/u]2_2.wmv 2006-03-30 18:21 1,552,388 ----a-w C:\Program Files\1_2.mpg 2006-03-30 18:20 1,546,244 ----a-w C:\Program Files\2_2.mpg 2006-03-30 18:20 1,333,252 ----a-w C:\Program Files\3_2.mpg 2006-03-30 18:01 1,081,685 ----a-w C:\Program Files\1_2.wmv 2006-03-30 18:01 1,075,885 ----a-w C:\Program Files\4_1.wmv 2006-03-30 18:01 1,064,285 ----a-w C:\Program Files\3_2.wmv 2006-03-30 18:00 1,035,285 ----a-w C:\Program Files\2_2.wmv 2006-03-30 17:47 884,740 ----a-w C:\Program Files\3_1.mpg 2006-03-30 17:41 1,099,075 ----a-w C:\Program Files\4.wmv 2006-03-30 17:40 1,000,475 ----a-w C:\Program Files\3_1.wmv 2006-03-30 17:39 988,875 ----a-w C:\Program Files\1_1.wmv 2006-03-30 17:39 2,241,075 ----a-w C:\Program Files\[u]0[/u]02_1.mpg 2006-03-30 17:39 1,000,475 ----a-w C:\Program Files\2_1.wmv 2006-03-30 17:29 1,841,156 ----a-w C:\Program Files\[u]0[/u]02.mpg 2006-03-28 18:57 962,470 ----a-w C:\Program Files\[u]0[/u]4_1.wmv 2006-03-24 19:33 2,054,148 ----a-w C:\Program Files\1.mpg . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352] "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072] "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064] "DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944] "SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "vidc.DIV3"= DIVXc32.dll "vidc.DIV4"= DIVXc32f.dll "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Shareaza\Shareaza.exe"= "C:\Program Files\DAP\DAP.exe"= R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24] R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03] R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54] R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54] R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51] R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54] S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-10 19:46:54 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-07-10 19:50:14 ComboFix-quarantined-files.txt 2008-07-10 17:49:07 ComboFix2.txt 2008-07-10 10:57:17 Pre-Run: 5,727,092,736 octets libres Post-Run: 5,736,017,920 octets libres 368 --- E O F --- 2008-07-10 10:25:56 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:54, on 10/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\DAP\DAP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

verni29 · Answer

Ritchy,

Tous les fichiers n'ont pas été supprimés.
Je vais te demander, provisoirement ( après tu fais ce que tu veux ) de ne surtout pas télécharger via le P2P.
Tu désactives Shareaza le temps qu'on termine le travail.

J'ai une autre analyse à faire.

Pendant ce temps, on va s'occuper des barres d'outils.

Télécharge Toolbar-S&D sur ton Bureau : 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue puis valide. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Copie/colle le contenu du rapport situé dans C:\TB.txt .

A+

ritchy · Answer

-----------\  ToolBar S&D 1.0.3  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : RYCHIE ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
   [ 10/07/2008 | 21:21:23,79 ] [ PC : RWIFI ]
   [ MAJ : 08-07-2008 | 22:24 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskTBar
   C:\Program Files\AskTBar\bar
   C:\Program Files\AskTBar\PopSwatr
   C:\Program Files\AskTBar\SrchAstt
   C:\DOCUME~1\RYCHIE\LOCALS~1\TEMPOR~1\content.IE5\MYQGPFTT\B2884847[1].htm

   -----------\  [HKCU\..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


   -----------\  Fin du rapport a 21:22:53,45

ritchy · Answer

-----------\  ToolBar S&D 1.0.3  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : RYCHIE ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
   [ 10/07/2008 | 21:37:48,29 ] [ PC : RWIFI ]
   [ MAJ : 08-07-2008 | 22:24 ]

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\AskTBar\bar
   Supprime! - C:\Program Files\AskTBar\PopSwatr
   Supprime! - C:\Program Files\AskTBar\SrchAstt
   Supprime! - C:\DOCUME~1\RYCHIE\LOCALS~1\TEMPOR~1\content.IE5\MYQGPFTT\B2884847[1].htm
   Supprime! - C:\Program Files\AskTBar

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [HKCU\..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


   -----------\  Fin du rapport a 21:40:11,39

ritchy · Answer

j'ai un message d'erreur qui apparait, ds le cadre result, on note  < C:\Program Files\[u]0/u003.mpg  >

ritchy · Answer

le logiciel s'arrête apres le message d'erreur et y'a pas de rapport apres avoir fait exit
je poste le rapport hijackthis qd mm!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

ritchy · Answer

je ferai ça demain matin, je vais alller dormir
merci pour ton aide, à demain

ritchy · Answer

bonjour!

ce matin, aucune alarme antivir ou sunbelt

voici le rapport que tu m'as demandé

Fichier 2_4.mpg reçu le 2008.07.11 08:30:37 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE 


Résultat: 0/33 (0%)
en train de charger les informations du serveur... 
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse. 
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. 
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération. 
 Formaté Impression des résultats  
Votre fichier a expiré ou n'existe pas. 
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. 
 Email:  
  

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.7.11.0 2008.07.10 - 
AntiVir 7.8.0.64 2008.07.11 - 
Authentium 5.1.0.4 2008.07.10 - 
Avast 4.8.1195.0 2008.07.11 - 
AVG 7.5.0.516 2008.07.10 - 
BitDefender 7.2 2008.07.11 - 
CAT-QuickHeal 9.50 2008.07.10 - 
ClamAV 0.93.1 2008.07.11 - 
DrWeb 4.44.0.09170 2008.07.10 - 
eSafe 7.0.17.0 2008.07.10 - 
eTrust-Vet 31.6.5946 2008.07.11 - 
Ewido 4.0 2008.07.10 - 
F-Prot 4.4.4.56 2008.07.10 - 
F-Secure 7.60.13501.0 2008.07.10 - 
Fortinet 3.14.0.0 2008.07.11 - 
GData 2.0.7306.1023 2008.07.11 - 
Ikarus T3.1.1.26.0 2008.07.11 - 
Kaspersky 7.0.0.125 2008.07.11 - 
McAfee 5336 2008.07.10 - 
Microsoft 1.3704 2008.07.11 - 
NOD32v2 3260 2008.07.10 - 
Norman 5.80.02 2008.07.10 - 
Panda 9.0.0.4 2008.07.10 - 
Prevx1 V2 2008.07.11 - 
Rising 20.52.40.00 2008.07.11 - 
Sophos 4.31.0 2008.07.11 - 
Sunbelt 3.1.1509.1 2008.07.04 - 
Symantec 10 2008.07.11 - 
TheHacker 6.2.96.376 2008.07.10 - 
TrendMicro 8.700.0.1004 2008.07.11 - 
VBA32 3.12.6.9 2008.07.11 - 
VirusBuster 4.5.11.0 2008.07.10 - 
Webwasher-Gateway 6.6.2 2008.07.11 - 
Information additionnelle 
File size: 921953 bytes 
MD5...: a39dd6eab9555aa600779f6085c18897 
SHA1..: c6545b492e656b1995012a826263c63d691d5714 
SHA256: fe36354c6d8dff8cbcbc0c110055b0ee7d17d1fa5a950337054bab32500ff69a 
SHA512: 2c65c04fd032754446dd8573dfcef98b5ece546e463bd3f8326e97e7d1a01848
3320a8afb3b03384c1a2c07564fe22a3b414f167fe6a0af22d4f82e501454278 
PEiD..: - 
PEInfo: -

ritchy · Answer

je ne trouve pas ce fichier

ritchy · Answer

C:\Program Files\2_4.mpg moved successfully.
C:\Program Files\1_4.mpg moved successfully.
C:\Program Files\4.mpg moved successfully.
C:\Program Files\3_4.mpg moved successfully.
C:\Program Files\1_7.wmv moved successfully.
C:\Program Files\2_7.wmv moved successfully.
C:\Program Files\2_6.wmv moved successfully.
C:\Program Files\3_6.wmv moved successfully.
C:\Program Files\1_6.wmv moved successfully.
C:\Program Files\4_5.wmv moved successfully.
C:\Program Files\4_4.wmv moved successfully.
C:\Program Files\3_5.wmv moved successfully.
C:\Program Files\2_5.wmv moved successfully.
C:\Program Files\1_5.wmv moved successfully.
C:\Program Files\2_3.mpg moved successfully.
C:\Program Files\3_3.mpg moved successfully.
C:\Program Files\1_3.mpg moved successfully.
C:\Program Files\2_4.wmv moved successfully.
C:\Program Files\4_3.wmv moved successfully.
C:\Program Files\3_4.wmv moved successfully.
C:\Program Files\1_4.wmv moved successfully.
C:\Program Files\1_3.wmv moved successfully.
C:\Program Files\4_2.wmv moved successfully.
C:\Program Files\3_3.wmv moved successfully.
C:\Program Files\2_3.wmv moved successfully.
C:\Program Files\1_2.mpg moved successfully.
C:\Program Files\2_2.mpg moved successfully.
C:\Program Files\3_2.mpg moved successfully.
C:\Program Files\1_2.wmv moved successfully.
C:\Program Files\4_1.wmv moved successfully.
C:\Program Files\3_2.wmv moved successfully.
C:\Program Files\2_2.wmv moved successfully.
C:\Program Files\3_1.mpg moved successfully.
C:\Program Files\4.wmv moved successfully.
C:\Program Files\3_1.wmv moved successfully.
C:\Program Files\1_1.wmv moved successfully.
C:\Program Files\2_1.wmv moved successfully.
C:\Program Files\1.mpg moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_090825

ritchy · Answer

j'ai bien des fichier .mpg ou .wmv  mais tjs aucune trace de celui que tu m'avais demandé de modifier

je lance le scan

verni29 · Answer

Est-ce que ce sont uniquement des fichiers du genre :

C:\Program Files\[u]x/xxx_x.mpg 

A+

ritchy · Answer

pas du tout, uniquement des fichiers avec des numéros de piste
 01_02.mpg par exemple


je m'absente qq minutes

ritchy · Answer

week end chargé, désolée!
je te poste le rapprt demandé  c long!


Statistiques de l'analyse 
Total d'objets analysés 101920 
Nombre de virus trouvés 33 
Nombre d'objets infectés 3697 / 0 
Nombre d'objets suspects 0 
Durée de l'analyse 01:23:47 

Nom de l'objet infecté Nom du virus Dernière action 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica CD DVD Label Maker v3.14.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica CD DVD Label Maker v3.14.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica CDDVD Label Maker v2.33 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica CDDVD Label Maker v2.33 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica Mixcraft v3.1 b41.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica Mixcraft v3.1 b41.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica MP3 Audio Mixer v2.4xx serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica MP3 Audio Mixer v2.4xx serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica MP3 CD Burner v3.01 build 64 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acoustica MP3 CD Burner v3.01 build 64 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acronis Disk Director Server 10.0.216.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acronis Disk Director Server 10.0.216.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acronis Disk Director Server 10.0.2169 Keygenerator Working.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acronis Disk Director Server 10.0.2169 Keygenerator Working.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acronis True Image 11 Build 8053 Home..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Acronis True Image 11 Build 8053 Home..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat 7.0 Full with crack Multilanguage.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat 7.0 Full with crack Multilanguage.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat 8 Professional Incl keygen..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat 8 Professional Incl keygen..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat 8 Professional Serial Crack (Acrobat Dll,Adobelm Dll) Updated-Fixed 03-2007.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat 8 Professional Serial Crack (Acrobat Dll,Adobelm Dll) Updated-Fixed 03-2007.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat Professional 8.1 - Latest Version -.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat Professional 8.1 - Latest Version -.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat Professional 8.1 keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Acrobat Professional 8.1 keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe After Effects 7.0 crack version Tryout.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe After Effects 7.0 crack version Tryout.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe After Effects 7.0 crack versioni Tryout.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe After Effects 7.0 crack versioni Tryout.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Creative Suite 3.01 crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Creative Suite 3.01 crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Creative suite design Premium (Include Crack).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Creative suite design Premium (Include Crack).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Corporate Final +Keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Corporate Final +Keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Corporate ISO. .rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Corporate ISO. .rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Full Version + Keygen ..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe CS3 Master Collection Full Version + Keygen ..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe GoLive v9.0.0.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe GoLive v9.0.0.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Illustrator 11.0 CS serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Illustrator 11.0 CS serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Illustrator CS3 with plugins (Thinstalled) .rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Illustrator CS3 with plugins (Thinstalled) .rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop 10 (Cs3) New! Full Crack(1).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop 10 (Cs3) New! Full Crack(1).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe PhotoShop 9 CS serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe PhotoShop 9 CS serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 + Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 + Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Extended Version Full + .Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Extended Version Full + .Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Extended+ Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Extended+ Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Ita + Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Ita + Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Lite crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Lite crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Plugins Collection..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 Plugins Collection..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 v10 Extended Keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 v10 Extended Keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 with Crack..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop CS3 with Crack..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v2.0 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v2.0 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0(Full Version with Keygen).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0(Full Version with Keygen).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0a Keygenerator.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Elements v6.0a Keygenerator.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom 1.3..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom 1.3..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom 1.4 crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom 1.4 crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom v1.2 MacOSX UB.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Lightroom v1.2 MacOSX UB.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Plugin - Digimarc Watermark Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Photoshop Plugin - Digimarc Watermark Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe PhotoShop v5.0x78 Code serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe PhotoShop v5.0x78 Code serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Premiere CS3 Pro Keygenerator.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Premiere CS3 Pro Keygenerator.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\adobe premiere pro cs3 full cd crack + serial.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\adobe premiere pro cs3 full cd crack + serial.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Premiere Pro CS3 Multi-language Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Premiere Pro CS3 Multi-language Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Primeier v7.0 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Primeier v7.0 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Type Manager v40 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Type Manager v40 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Type Manager v40 for Windows 95 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe Type Manager v40 for Windows 95 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe.Audition.v3.WinAll.Cracked-NoPE+.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe.Audition.v3.WinAll.Cracked-NoPE+.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe.Dreamweaver CS3 9.0.0.345 Latest Patched-RETAiL.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe.Dreamweaver CS3 9.0.0.345 Latest Patched-RETAiL.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe_Photoshop_9_CS2 (Crack).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adobe_Photoshop_9_CS2 (Crack).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adrosoft Sound Recorder v1.1 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adrosoft Sound Recorder v1.1 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AdsGone Popup Killer 2007 v7.0.8.1.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AdsGone Popup Killer 2007 v7.0.8.1.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adult PDF Password Recovery v2.3.0 datecode 20051115 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adult PDF Password Recovery v2.3.0 datecode 20051115 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adusoft PSP Video Converter v2.46.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adusoft PSP Video Converter v2.46.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advance Registry War v0.9 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advance Registry War v0.9 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advance System Optimizer Reg. v2.0.0.1 Systwaek Inc serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advance System Optimizer Reg. v2.0.0.1 Systwaek Inc serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advance Windows Passwordvery v.3.5.1.390 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advance Windows Passwordvery v.3.5.1.390 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced ACT Password Recovery v2.30.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced ACT Password Recovery v2.30.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Archive Password Recovery v2.20 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Archive Password Recovery v2.20 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced ARJ Password Recovery serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced ARJ Password Recovery serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced ARJ Password Recovery v2.0 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced ARJ Password Recovery v2.0 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Batch Converter v3.9.76 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Batch Converter v3.9.76 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced File Worker v2.32.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced File Worker v2.32.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced GIF Optimizer v4.0.12 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced GIF Optimizer v4.0.12 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Keylogger serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Keylogger serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Keylogger v1.4 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Keylogger v1.4 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Mailbox Password Recovery v1.9.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Mailbox Password Recovery v1.9.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced MP3 Converter v3.00.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced MP3 Converter v3.00.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Net Monitor for Classroom v4.6.7.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Net Monitor for Classroom v4.6.7.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Office XP Password Recovery v2.x serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Office XP Password Recovery v2.x serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Outlook Password Recovery serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Outlook Password Recovery serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Popup Killer 2007 by iNTENSiON serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Popup Killer 2007 by iNTENSiON serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced RAR Password Recovery v1.5x serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced RAR Password Recovery v1.5x serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Registry Tracer v2.1 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Registry Tracer v2.1 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Spyware Remover v1.81 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Spyware Remover v1.81 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced System Optimizer 2.20.4.747 keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced System Optimizer 2.20.4.747 keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Pro 8.54 Keygenerator.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Pro 8.54 Keygenerator.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Pro v6.72 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Pro v6.72 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Professional 8.5.2 + Working crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Professional 8.5.2 + Working crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Special Edition v4.0 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Uninstaller Special Edition v4.0 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced X Video Converter v3.9.35.1 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced X Video Converter v3.9.35.1 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Zip Password Recovery v3.54 Private Sniper serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Advanced Zip Password Recovery v3.54 Private Sniper serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adware Agent v4.81 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Adware Agent v4.81 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120 1.9.7.602 with KeyMaker v3.6 (BetaMaster-24.Dec.2007).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120 1.9.7.602 with KeyMaker v3.6 (BetaMaster-24.Dec.2007).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120 v.1.9.7 crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120 v.1.9.7 crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120% 1.9.2.1705 Multilanguage + Serial + Crack + Di.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120% 1.9.2.1705 Multilanguage + Serial + Crack + Di.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120% 1.9.6.471 Activation Key + Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120% 1.9.6.471 Activation Key + Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120% v1.9.5.3105 Ita Keygen Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alcohol 120% v1.9.5.3105 Ita Keygen Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alive YouTube Video Converter 1.2.7.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Alive YouTube Video Converter 1.2.7.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\All Antivirus Keygenerator Pack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\All Antivirus Keygenerator Pack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ALL.Adobe.Products.Keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ALL.Adobe.Products.Keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\All.MicroSoft.Products.Keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\All.MicroSoft.Products.Keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Allok 3GP PSP MP4 iPod Video Converter 2.7.2 Keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Allok 3GP PSP MP4 iPod Video Converter 2.7.2 Keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\All_ADOBE_Products_Crack+Keygen_2008-ReLEASE.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\All_ADOBE_Products_Crack+Keygen_2008-ReLEASE.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Anti Hacker Expert 2008 working License Key + Patch _.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Anti Hacker Expert 2008 working License Key + Patch _.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Anti Hacker Expert 2008 working License Key and Patch.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Anti Hacker Expert 2008 working License Key and Patch.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Any DVD Converter Professional 3.5.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Any DVD Converter Professional 3.5.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.1.3.5 + Crack [April 13 2007].rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.1.3.5 + Crack [April 13 2007].rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.3.0 - Final.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.3.0 - Final.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.4 keygen.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD & AnyDVD HD 6.4 keygen.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD 6.1.0.2 It + CloneDVD 2.9.0.3 It + CloneDVDmobile 1.1.4.0 It + Clone CD 5.3.0.1 It + Virtual CloneDrive 5.1.4.5 It + Crack By Ipparius.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD 6.1.0.2 It + CloneDVD 2.9.0.3 It + CloneDVDmobile 1.1.4.0 It + Clone CD 5.3.0.1 It + Virtual CloneDrive 5.1.4.5 It + Crack By Ipparius.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD 6.3.0.6 +Activation Key.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD 6.3.0.6 +Activation Key.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD.HD.6.3.0.3.Incl.Crack-RES.By.GGW.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AnyDVD.HD.6.3.0.3.Incl.Crack-RES.By.GGW.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Apollo No1 DVD Ripper 6.2.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Apollo No1 DVD Ripper 6.2.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ArcGis 9 (CD1 CD2 CD3) with Crack-funziona!istruzioni in ita.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ArcGis 9 (CD1 CD2 CD3) with Crack-funziona!istruzioni in ita.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ArcGis 9 (CD1 CD2 CD3) with Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ArcGis 9 (CD1 CD2 CD3) with Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Arquitectura -3D Home Floor Plan Design Suite V 9 Key & Patch.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Arquitectura -3D Home Floor Plan Design Suite V 9 Key & Patch.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Ashampoo Office 2008 3.01 + crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Ashampoo Office 2008 3.01 + crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Atomix Virtual DJ Professional 5 rev6 -.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Atomix Virtual DJ Professional 5 rev6 -.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autocad 2007 Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autocad 2007 Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autocad 2007 Español Spanish + Serial + Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autocad 2007 Español Spanish + Serial + Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AutoCAD.2007.Crack.Only.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AutoCAD.2007.Crack.Only.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodata 2007 v2.18 2Cd Crack Updated-Fixed 02-2007.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodata 2007 v2.18 2Cd Crack Updated-Fixed 02-2007.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodata v3.18 2 CDs Full +.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodata v3.18 2 CDs Full +.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk 3DS MAX 2008 crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk 3DS MAX 2008 crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk AutoCAD 2008 crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk AutoCAD 2008 crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk AutoCAD Architecture Version 2008 (Full Version with Key).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk AutoCAD Architecture Version 2008 (Full Version with Key).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk AutoCAD Architecture Version 2008..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk AutoCAD Architecture Version 2008..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk Inventor Suite 2008 .(Full Version with Crack).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk Inventor Suite 2008 .(Full Version with Crack).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk Inventor Suite 2008 crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Autodesk Inventor Suite 2008 crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast Antivirus Pro 4.7 Licensed till 2009.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast Antivirus Pro 4.7 Licensed till 2009.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast Antivirus Pro 4.7.109 working Key.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast Antivirus Pro 4.7.109 working Key.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast! Antivirus 4.6.691 Professional Edition Crack Licenza.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast! Antivirus 4.6.691 Professional Edition Crack Licenza.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast! Antivirus 4.6.691 Professional Edition + Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Avast! Antivirus 4.6.691 Professional Edition + Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG 7.5 antivirus + antispyware 7.5 + key and crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG 7.5 antivirus + antispyware 7.5 + key and crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG 7.5 Internet Security & Firewall _.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG 7.5 Internet Security & Firewall _.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Anti-Spyware Plus 7.5.1.43 con el key funcionante.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Anti-Spyware Plus 7.5.1.43 con el key funcionante.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Anti-Spyware Plus 7.5.1.43.333 Patched Multilingual-ReL.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Anti-Spyware Plus 7.5.1.43.333 Patched Multilingual-ReL.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Anti-Virus Professional Edition Latest v7.5.5 + Key..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Anti-Virus Professional Edition Latest v7.5.5 + Key..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Antivirus Latest Version 7.5 .Pro.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\AVG Antivirus Latest Version 7.5 .Pro.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon 7.0.2018 Keygen Serial Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon 7.0.2018 Keygen Serial Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon Pro v6.0.0.29 Ita + Dizionari + Crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon Pro v6.0.0.29 Ita + Dizionari + Crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon v6.0.1 r36 ENG SWE ENG Oxford Dictionary.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon v6.0.1 r36 ENG SWE ENG Oxford Dictionary.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon.v7.0.0.13.Pro.+.Oxford.dict.incl.patch-UnREal.by.ChingLiu.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Babylon.v7.0.0.13.Pro.+.Oxford.dict.incl.patch-UnREal.by.ChingLiu.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Backup DVD v8.8 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Backup DVD v8.8 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Ban Popup v2.60.082404 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Ban Popup v2.60.082404 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BayGenie eBay Auction Sniper Pro Edition 3.13 _.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BayGenie eBay Auction Sniper Pro Edition 3.13 _.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BE PAGEMAKER DELUXE V7.0 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BE PAGEMAKER DELUXE V7.0 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BIG CODEC Pack colleciòn by Neo.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BIG CODEC Pack colleciòn by Neo.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Bikini Girls Cute Screensaver v2.31 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Bikini Girls Cute Screensaver v2.31 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Biromsoft WebCam v4.0 Jun 6 2003 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Biromsoft WebCam v4.0 Jun 6 2003 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Bit Defender Antivirus Plus v10.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Bit Defender Antivirus Plus v10.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BitDefender Antivirus 10 LAST Working Crack .rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BitDefender Antivirus 10 LAST Working Crack .rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BitDefender Antivirus 2008 Patcheado ESP-ENG.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BitDefender Antivirus 2008 Patcheado ESP-ENG.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Bitdefender AntiVirus 32bit 2008 patcheado + license_key.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Bitdefender AntiVirus 32bit 2008 patcheado + license_key.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Black & White: Creature Isle serial number.rar:$DATA/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Black & White: Creature Isle serial number.rar:$DATA  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Black Ice PC Protection v3.6 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Black Ice PC Protection v3.6 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Black XP 5.1 DVD crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Black XP 5.1 DVD crack.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BLACK XP 6.0.0.1 ULTMATE DREAM PACK.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BLACK XP 6.0.0.1 ULTMATE DREAM PACK.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Blaze MediaConvert v3.2 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Blaze MediaConvert v3.2 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BlazingTools Perfect Keylogger .rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BlazingTools Perfect Keylogger .rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BlazingTools Perfect Keylogger v1.6.8.2.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BlazingTools Perfect Keylogger v1.6.8.2.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BSPlayer Pro 2.23 (player de DivX-XviD-MKV-RM-AVI-MPEG-MPG).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\BSPlayer Pro 2.23 (player de DivX-XviD-MKV-RM-AVI-MPEG-MPG).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\CA eTrust PestPatrol Anti-Spyware v8.0.0.7.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\CA eTrust PestPatrol Anti-Spyware v8.0.0.7.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Clone Download Killer v1.1 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Clone Download Killer v1.1 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Clone DVD net v3.5.4 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Clone DVD net v3.5.4 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\CloneCD 5.0.3.1 + Crack + Virtual Clone Drive(1).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\CloneCD 5.0.3.1 + Crack + Virtual Clone Drive(1).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\CloneDVD v1.2.8.4 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\CloneDVD v1.2.8.4 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Code Visualizer v3.38.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Code Visualizer v3.38.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Coding Workshop Ringtone Converter V5.0.3 by iMoA serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Coding Workshop Ringtone Converter V5.0.3 by iMoA serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Cogniview PDF2XL v3.4.4.110.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Cogniview PDF2XL v3.4.4.110.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Collage Maker v2.02 serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Collage Maker v2.02 serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Collection Studio v2.41.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Collection Studio v2.41.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color Schemer v1.51 by iPA serial number.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color Schemer v1.51 by iPA serial number.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color7 Music Fans Factory v9.2.9.478.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color7 Music Fans Factory v9.2.9.478.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color7 Video Converter v8.0.3.18.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color7 Video Converter v8.0.3.18.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color7 Video Studio v8.0.3.18.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Color7 Video Studio v8.0.3.18.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Computer FiX VoL1 [App][MULTI5]..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Computer FiX VoL1 [App][MULTI5]..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert DAA (PowerISO). or UIF (MagicISO) to ISO ..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert DAA (PowerISO). or UIF (MagicISO) to ISO ..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert.all.DivX.in.DVD.patched.+ guides.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert.all.DivX.in.DVD.patched.+ guides.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert.all.MP3.in.WAV.and.create.CDMusical.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert.all.MP3.in.WAV.and.create.CDMusical.rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert.All.your.AVI-MPEG-RM-RMVB-MKV-DIVX-XVID.in.DVD.for.home.theatre..rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\Convert.All.your.AVI-MPEG-RM-RMVB-MKV-DIVX-XVID.in.DVD.for.home.theatre..rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ConvertXtoDVD 2.2.3.258 And Keygen (20th November 2007).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ConvertXtoDVD 2.2.3.258 And Keygen (20th November 2007).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ConvertXtoDVD 2.2.3.258f And Keygen ( October 2007).rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ConvertXtoDVD 2.2.3.258f And Keygen ( October 2007).rar  CAB: infecté - 1  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaza\Collections\ConvertXtoDVD 2.2.3.3 crack.rar/Setup+Patch.exe  Infecté : P2P-Worm.Win32.Agent.bq  ignoré  
 
C:\Documents and Settings\RYCHIE\Application Data\Shareaz

ritchy · Answer

je n'étais pas partie, j'étais de mariage!!!

je n'arrive pas à ouvrir la page http://perso.orange.fr/AceRothstein/ToolsCleaner2.exe    pasge introuvable!

ritchy · Answer

impossible de télécharger ccleaner!!

ritchy · Answer

ça y est pardon

ritchy · Answer

peux-tu me dire où trouver java???je ne vois pas où il s'est enregistré

ritchy · Answer

j'ai déjà vérifié, il y est bien mais je n'arrive pas à le trouver sur mon bureau et ds C je ne vois pas comment ouvrir l'application....

ritchy · Answer

j'ai téléchargé

ritchy · Answer

ok, je viens de comprendre, j'avais mal lu, excuse!

ritchy · Answer

bon, voilà, tout est fait!

ritchy · Answer

on peut continuer sur un rythme moins soutenu, il n'y a pas de soucis, en plus, si ça te forme!!!!
pendant que je suis en vacances en tous cas, apres, je ne serai pas toujours là

merci pour tout en tous cas, (même si mon copain râle parce qu'il croit qu'il ne va plus pouvoir télécharger...mais bon, c pas grave), je peux à nouveau naviguer tranquillement sur le net sans être embétée par les fenetres publicitaires.

A bientot, n'hésite pas

ritchy · Answer

comment indique-t-on le statut??

ritchy · Answer

pouvez-vous svp marquer ce problème comme résolu??? 
ne fermez pas la discussion pour autant si cela est possible, merci!

verni29 · Answer

Bonjour, Ritchie

Je regarde ca en fin d'après-midi.

A+

verni29 · Answer

Il y a ce fichier dans :
c:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe 

C'est un malware : Heuristics.Malware

Ce doit être un fichier caché. Vérifie si la visualisation de tous les fichiers cachés est activé.
Dans le poste de travail --> Outils --> Options des dossiers --> Afficher tous les fichiers

Vérifie que ce fichier est bien présent.
Tu vas aller vérifier qu'il est bien infectieux.

Tu vas sur le site de VirusTotal et tu vas pouvoir analyser le fichier.
https://www.virustotal.com/gui/
Tu cliques sur parcourir pour sélectionner ce fichier sur ton disque dur.
Tu cliques ensuite sur envoyer le fichier.
Tu postes le rapport de l'analyse ( sélectionne la partie résultat ).

A +

ritchy · Answer

bonjour, voilà le rapprt

c:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07172008_072054


juste une remarque: l'ordi a du mal à fermer, c'est iexplore.exe qui coince...

verni29 · Answer

Citation :
" juste une remarque: l'ordi a du mal à fermer, c'est iexplore.exe qui coince... "
Cela arrive. Pour IE, je préfère Firefox ( posssibilité de mettre des extensions pour le sécuriser : noscript et adblock ).
Il serait bon aussi de faire un scandisk et une défragmentation.

Pour le problème de fichiers .wmv et .mpg :
- il y avait ce fichier qui a été supprimé
- il y a un prog qui est chargé via une API ( interface de programmation ) .
Cela se voir dans un des deux rapports :

API HOOK
Entrypoint Error: CreateProcessA (Dangerous Level: High, Hooked by Module: 0x00140239)
Entrypoint Error: CreateProcessW (Dangerous Level: High, Hooked by Module: 0x001402C5)
Entrypoint Error: CreateRemoteThread (Dangerous Level: High, Hooked by Module: 0x001404F5)
Entrypoint Error: CreateThread (Dangerous Level: High, Hooked by Module: 0x00140581)
Entrypoint Error: WriteProcessMemory (Dangerous Level: High, Hooked by Module: 0x00140699)
Entrypoint Error: SetWindowsHookExA (Dangerous Level: High, Hooked by Module: 0x00140725)
Entrypoint Error: SetWindowsHookExW (Dangerous Level: High, Hooked by Module: 0x001407B1)

Hook ou Hameçonnage ou plishing.
Celui-la, c'est une autre histoire.

On va déjà voir pour les fichiers .mpg et .wmv. peux-tu les supprimer avec OTMoveIT2.
La liste des fichiers :

0001_2.mpg
0002_2.mpg
0003.mpg
001_2.mpg
002.mpg
002_1.mpg
002_2.mpg
003_1.mpg
01_10.mpg
01_2.mpg
01_2.wmv
01_3.mpg
01_3.wmv
01_4.mpg
01_6.mpg
02_10.mpg
02_2.mpg
02_2.wmv
02_3.mpg
02_3.wmv
02_4.mpg
02_6.mpg
02_8.mpg
02_9.mpg
03_1.mpg
03_2.mpg
03_2.wmv
03_3.mpg
03_3.wmv
03_4.mpg
03_5.mpg
03_6.mpg
03_8.mpg
03_9.mpg
04.mpg
04_1.mpg
04_1.wmv
04_2.mpg
04_2.wmv
04_3.wmv

Tu me diras si ils reviennent.

A+

ritchy · Answer

je pense que moveit ne les trouve pas:

File/Folder 01_4.mpg not found.
File/Folder 01_6.mpg not found.
File/Folder 02_10.mpg not found.
File/Folder 02_2.mpg not found.
File/Folder 02_2.wmv not found.
File/Folder 02_3.mpg not found.
File/Folder 02_3.wmv not found.
File/Folder 02_4.mpg not found.
File/Folder 02_6.mpg not found.
File/Folder 02_8.mpg not found.
File/Folder 02_9.mpg not found.
File/Folder 03_1.mpg not found.
File/Folder 03_2.mpg not found.
File/Folder 03_2.wmv not found.
File/Folder 03_3.mpg not found.
File/Folder 03_3.wmv not found.
File/Folder 03_4.mpg not found.
File/Folder 03_5.mpg not found.
File/Folder 03_6.mpg not found.
File/Folder 03_8.mpg not found.
File/Folder 03_9.mpg not found.
File/Folder 04.mpg not found.
File/Folder 04_1.mpg not found.
File/Folder 04_1.wmv not found.
File/Folder 04_2.mpg not found.
File/Folder 04_2.wmv not found.
File/Folder 04_3.wmv not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07172008_101539

verni29 · Answer

Lorsque tu vas redémarrer ton ordinateur, peux-tu retourner voir si ils ont été recrées ?

Merci.

ritchy · Answer

les fichiers étaient encore là, je les ai supprimés manuellement, ils n'étaient pas cachés mais ds program files

ça rame toujours au moment d'éteindre l'ordi..

verni29 · Answer

Bonjour, Ritchy

Le PC rame toujours lorsque tu éteinds l'ordi.
Envoie moi un rapport Hijackthis, STP ?

A+

ritchy · Answer

l'ordi rame toujours, il s'est même allumé en pleine nuit....c vraiment bizarre!!!

Il a encore du mal à ouvrir les pages internet explorer, même le courrier msn, il faut insister.

Voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

ritchy · Answer

j'ai fait un nettoyage de disque et je n'ai pas pu défragmenter car le dd est trop plein, le pc ne veut pas. Comme ce n'est pas mon pc mais celui de mon copain, je ne peux rien effacer. 
Il ne veut pas non plus firefox

verni29 · Answer

Il faudrait penser à un DD externe. 

Il serait intéressant que tu essaies avec Firefox3. 
C'est étonnant que tu n'arrives pas à l'installer.

Ordi lent, fenetres intempestives, erreurs

52 réponses

Discussions similaires

Newsletters