Sujet Précédent Sujet Suivant

Mon pc est devenu tres lent...heeeelp!!

Résolu/Fermé
badraux - 9 juil. 2008 à 19:07
 marion62000 - 23 nov. 2010 à 19:54
Bonjour,
mon pc est devenu insupportable :s...des pages de pub qui s'ouvrent toutes seules ...des programmes qui se lancent et qui commencent à analyser le pc ..;connexion très lente..bref ..mon pc est foutu et e sais plus quoi faire :(....aidez moi svp
Merci d'avance.
A voir également:

14 réponses

Réponse 1 / 14
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 juil. 2008 à 19:28
Bonjour ;

telecharge malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware a l'intallation verifie que mise a jour et lançer program et scan complet sont bien cocher

A la fin du scan clique sur Afficher les résultats

Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le raport generer


poste un rapport hijackthis


http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

mode d'emploi pour creer un rapport :

http://pageperso.aol.fr/balltrap34/demohijack.htm

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en Cçm.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

1
Réponse 2 / 14
badraux
9 juil. 2008 à 21:00
voila le rapport de malwarbyte:
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 935
Windows 5.1.2600 Service Pack 2

20:38:56 09/07/2008
mbam-log-7-9-2008 (20-38-18).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 145267
Temps écoulé: 1 hour(s), 1 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 40
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 18
Fichier(s) infecté(s): 8529

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cfavsays.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awtuuVLb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnnKbCS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{68950839-2675-49e2-b6a5-442e0b0d1ba4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68950839-2675-49e2-b6a5-442e0b0d1ba4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnnkbcs (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/setup.dll (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{3ef7fa5e-710f-47b2-b78a-45778177aee0} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\plate.platebho (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\plate.platebho.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{15a05114-eeb9-401d-8dc0-9f21b12996ac} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{407e6b1c-1579-4a00-ac78-7854133e0a71} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{551b0e74-b796-4c1e-a321-59e4672f9614} (Adware.Startware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551b0e74-b796-4c1e-a321-59e4672f9614} (Adware.Startware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{76fbb79c-2ec6-4962-a324-fd4362588e1c} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d8e05b48-5b26-7901-2e9c-ea0e9a86ec33} (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\banneradsgalore (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Plate.DLL (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plate (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plate (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Plate (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Plate (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b85e68a-3644-2829-6e2c-feaf85ed7e2b} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b85e68a-3644-2829-6e2c-feaf85ed7e2b} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SpyWatchE (Rogue.SpyWatchE) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6b77a172-eaba-4322-9548-79a3cb653ed4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6450e499 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{68950839-2675-49e2-b6a5-442e0b0d1ba4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{fd8759bc-a5b9-62b9-8ac4-9bdb39a7460e} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm6763d705 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtuuvlb -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtuuvlb -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\ISM (Adware.ISM) -> No action taken.
C:\Program Files\SpyWatchE (Rogue.SpyWatchE) -> No action taken.
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\' (Trojan.Agent) -> No action taken.
C:\Program Files\Plate (Adware.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware381 (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate (Adware.Starware) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381 (Adware.Starware) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_Info_Search (Adware.Starware) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_News (Adware.Starware) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB4 (Adware.Starware) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB5 (Adware.Starware) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB6 (Adware.Starware) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB7 (Adware.Starware) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\awtuuVLb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bLVuutwa.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cfavsays.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\syasvafc.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xaiqlpou.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uoplqiax.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnnKbCS.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Downloaded Program Files\setup.dll (Rogue.Installer) -> No action taken.
C:\Program Files\Plate\Plate.dll (Adware.BHO) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Films\serie\BS.Player.Pro.v2.21.950.Multilingual\BS.Player.Pro.v2.21.950.Multilingual\CORE10k.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Local Settings\Temporary Internet Files\Content.IE5\90KURQF6\issnb1[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\EL KHAOUDI\Local Settings\Temporary Internet Files\Content.IE5\90KURQF6\Sp6x[1].exe (Backdoor.Bot) -> No action taken.
C:\Program Files\ISM\Uninstall.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Plate\platerg.dll (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP409\A0226678.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP409\A0226679.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP409\A0226680.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP409\A0226682.exe (Adware.Rabio) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0232158.exe (Trojan.DownLoader) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0232159.exe (Backdoor.Bot) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0232788.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0235914.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0238004.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\ism611.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\g63.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\tpwwbxcwsb.dll-uninst.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\cTMO\dvsid140.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\SpyWatchE\SpyWatchE.lic (Rogue.SpyWatchE) -> No action taken.
C:\Program Files\SpyWatchE\SpyWatchE0.se (Rogue.SpyWatchE) -> No action taken.
C:\Program Files\SpyWatchE\Spywatche1.se (Rogue.SpyWatchE) -> No action taken.
C:\Program Files\SpyWatchE\Uninstall.exe (Rogue.SpyWatchE) -> No action taken.
C:\WINDOWS\Fonts\'\#1 DVD Audio Ripper 1.2.54.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\1 Click Copy DVD 5.1.1.5.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\100 Girls Dvd Rip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\1941 (1979).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\1Click DVD Movie 3.x.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\1Click DVDToiPod 1.1.7.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\321 Video Converter 1.2.19.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\3D wallpapers II.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\70 Script fonts.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\A1Click Ultra PC Cleaner 1.01.56.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AAA Logo 2008 v2.10.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Abdio PDF Creator 5.4.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Acala DVD Creator 3.0.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\ACD See Photo Manager 10.0.2382.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\ACD Systems FotoSlate v4.0.22.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Acronis OS Selector 8.0.914.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Active Boot Disk 3.0.81.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Active Desktop Calendar 7.53.080630.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Active Desktop Calendar v7.4.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Active Share Monitor 1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Actual Title Buttons v5.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AD Stream Recorder v2.6.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ad-Aware 2007 Pro 7.0.2.6.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ad-Aware 2008 Professional v7.1.0.8.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ad-Aware 7.1.0.10.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AddingSubtracting 1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Adobe Acrobat 9.0 Pro Extended.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Adobe ColdFusion 8.0(Enterprise).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Adobe Photoshop 8.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Adrosoft AD Stream Recorder 2.6.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Advanced Host Monitor 7.42.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Advanced Rar Repair 1.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Advanced Uninstaller Pro 9.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Advanced Vista Codec Package v4.7.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Aglare DVD Ripper Platinum 6.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ahead Nero Burning ROM v6 6 0 16 Ultra.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AI RoboForm 6.4.7 Pro Beta.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AIMP 2.5 Build 244 RC1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Airheads (1994).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AirRadar 1.0.2 (Mac).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AKVIS Retoucher 3.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Alcohol 120 v1.9.7.6221.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.5.3105.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Alias Motion Builder v7.0 Professional.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Alien Skin Xenofex v2.1.2 retail.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Aliens VS Predator 2 Expansion iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\All My Movies 4.9.1255.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\All the Boys Love Mandy Lane (2006).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\ALLCapture Enterprise 3.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Alldj DVD Ripper Platinum 4.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Alldj Video Converter Platinum 4.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\American Girl Kit A Tree House of My Own.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Angels vs Devils.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Antiporn 9.1.3.29.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AnyDVD amp; AnyDVD HD 6.4.4.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Apollo No1 DVD Audio Ripper 1.2.55.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Aqua Teen Hunger Force (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AquaCade.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ashampoo Burning Studio 8.01 Portable.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ashampoo Burning Studio 8.02.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ashampoo ClipFinder 1.40.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ashampoo ClipFisher 1.0.9.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Astrogemini screensaver 1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AudialHub 1.0.4 (Mac).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Audio Edit Magic v9.2.21.821.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Audio Hijack Pro 2.8.0 (Mac).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Audition (1999).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\August Rush (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Aurora Media Workshop 3.4.7.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Auto Desk 3D Studio Max 2009.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AutoImager 3.06.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Automate Enterprise Edition v6.1.0.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Autorun Virus Remover 2.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\avast! 4.8.1201.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AVG Anti-Virus v7.5.472.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AVG Internet Security 8.0.93.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AVG Internet Security v8.0.93.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Avira Anti Vir Premium Edition 8.1.00.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AVPSoft TimeToPhoto 2.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AVS Video Editor 3.5.1.346.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\AVS Video Tools 5.6.1.715.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Baby#039;s Day Out (1994).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Batman Gotham Knight (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Battle Royale (2000).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Beauty Shop Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Becky! Internet Mail 2.22.01.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Billy Madison (1995).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\BioStat 2007 Professional 3.8.4.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Birdman and Lil Wayne - Like Father Like Son (2006).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Bitdefender Antivirus 2008 11.0.16.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\BitDefender Total Security 2008.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Black Hawk Down (2001).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Blank amp; Jones - The Logic of Pleasure.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Blaze Video Magic v2.0.0.6.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Blood amp; Chocolate (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\BloodMonkey (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Boris FX v9.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Bridge to Terabithia (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Business Card Designer.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Camfrog Video Chat Pro 3.92.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Captain Tsubasa J Get In the Tomorrow (PSP).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Captivity (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Cassidy-I#039;m a Hustla (2005).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Cats Don#039;t Dance (1997).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CD Label Designer 3.5.387.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CDBurnerXP Pro 4.1.2.678.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\cFosSpeed 4.21.1406.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Charlie and the Chocolate Factory Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Cherry Crush (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CleanMyPC Registry Cleaner (2008) 4.03.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\ClickPic v1.7.0.5.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Clone DVD 2.8.9.9.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Codelock v2.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Coldplay - Viva La Vida (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Collateral DVD Rip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Complex Evolution 4.0.7.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\ConvertXtoDVD 3.1.1.31.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CopyToDVD v3.0.60 Retail.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Core FTP Server v1.0.267.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CrackServer v1.02 WinMacLinux.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CrossOver Office Professional v5.0 Linux.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CSS Improver 2.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CuteFTP Pro v7.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CXB-Soft DVD Products 2008.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CyberLink LabelPrint 2.00.502.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CyberLink PowerDVD 8.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\CyberLink PowerDVD v6.0.0.1424.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Dark Floors (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Dark Water Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Day of the Dead 2 Contagium DVD Rip XViD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\De Taali (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Dead and Gone (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Dead Silence (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Dear Wendy Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Death Defying Acts (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DeskCAD CAD to PDF Professional v4.6.8.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DeskShare WebCam Monitor 5.02.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Deskshare WebCam Monitor v3.66.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DeskTop Author Professional 5.6.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Deuce Bigalow European Gigolo Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DFX Audio Enhancement v8.500.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Digital Anarchy Backdrop Designer 1.2.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Directory Opus 9.1.0.6.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Diskeeper Pro Premier 2008 12.0.781.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DivX 6.8.3.18 Pro.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DivX Create Bundle 6.02.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DivX PRO 6.8.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DivX Pro 6.8.3.9.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DJ Music Mixer 3.6.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DJOP DJRC Poobs - Freestyle-P Part 2 (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Doctor Who - S04E13.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Drillbit Taylor (2008) 1080p Bluray.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Drillbit Taylor (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Drive Snapshot 1.38.0.13657.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Driver Genius Professional 2005 5.1.915.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Driver Magician v3.28.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Driver Updater Pro 2.2.8.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Driver Updater Pro 2.3.2.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DriverGuide Toolkit 2.0.16.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Dungeon Siege 2 - RELOADED.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DvbViewer Pro v3.9.4.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVD Copy Ripper 9.0.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVD X ripper 6.0.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVDfab Platinum 5.0.2.5.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVDFab Platinum 5.0.4.5 Beta.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVDFab Platinum 5.0.4.5.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVDFab Platinum v5.0.4.5.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVDInfoPro HD 5.06.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVDInfoPro HD 5.100.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVDInfoPro HD v5.100.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\DVFilm Raylight Encoder Pro v1.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\EarMaster Pro 5.612P.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Easy Desktop Keeper 2.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Easy DVD Clone v3.0.5.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Easy Rapidshare points v.3.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\EAZ-Fix Pro v8.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Edirol Hyper Canvas 1.6.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Elf Bowling 7 17 The Last Insult.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Emergency Heroes.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\End of Days (1999).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Enigma (2001).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Enter The Matrix.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Eragon.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\ESET NOD32 Antivirus 3.0.667.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\ESET Smart Security 3.0.667 Business.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Everest 4.50.1330 Ultimate.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\EVIL DEAD II - Dead By Dawn DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Exe Icon Changer 4.7.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\eXPert PDF Pro v5.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fable The Lost Chapters.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fabolous, Red Cafe amp; DJ Antalive - Brooklyn Boys (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fantastic Four Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Farenheit Indigo Prophecy iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fast Photo Renamer 3.01.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fast Track No Limits (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fedora Transformation Pack 1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\File Anti-Copy 3.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\File Renamer Deluxe 4.0.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\File Scavenger 3.2 (Portable).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\File Scavenger 3.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\FileSplit v2.34.424.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Firefox Ultimate Optimizer 1.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\First Class Flurry.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fission 1.5 (Mac).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fl Studio 8 Xxl Producer.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Flash Demo Builder 1.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Flash EXE Builder 1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Flash Slideshow Maker Professional 4.77.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\FontLab Studio 5 (winmac).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Forget Me Not Palette (PS1).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Four Brothers (2005).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Foxit PDF Editor 2.0.1011.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Frieve Music Studio Independence v1.25.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fruity Loops Studio V. 8.0.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Fruity Loops Studio v8.0.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\FTP Now 2.6.91.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\FTPRush Ansi v1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\FunPhotor 2008 v10.11 (Portable).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Futurama - The Beast With a Billion Backs (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\G.I. Jane (1997).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Game Maker 7.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Gamehouse Aloha Tripeaks v1.01.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Gene6 FTP Server Professional v3.6.0.23.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Genie Backup Manager Pro 6.0.25 Build 1674.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Ghost Whisperer.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Gloop Zero 1.0 pocket pc.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Goldwave 5.20.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Good Keywords v2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Goodsync 7.2.8.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Google Earth Pro Gold 2008.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Graffiti Studio 2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Graphic Workshop Professional 3.031.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Guitar Pro 5.0 with RMS iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\H264 WebCam Pro 2.43.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Halloween Avatars.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hardrock 2006 NTSC DVDR-FUA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hardtruck Apocalypse Rise of Clans iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hardware 1990 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hare 1.5.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harley Davidson and the Marlboro Man 1991 DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harms Way 2007 DVDRip XviD-PreVail.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold amp; Kumar Escape From Guantanamo Bay (2008).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold and Kumar Escape From Guantanamo Bay 2008 TS Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold and Kumar Escape from Guantanamo Bay CAM Divx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold and Kumar Escape from Guantanamo Bay CAM XViD-PreVail.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold and Kumar Escape From Guantanamo Bay TS XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold and Kumar Go To White Castle DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold and Maude 1971 DVDRip XviD AC3-PTR.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harold and Maude 1971 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and Order of Phoenix-REVELATiON RiP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Chamber of Secrets iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and The Chamber Of Secrets the Game iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Goblet Of Fire 2005 DVDRip XviD-NeDiVx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Goblet Of Fire DVDRip XviD-NeDiVx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Goblet of Fire iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Goblet of Fire RIP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Goblet of Fire.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and The Order of The Phoenix (2007) DVDSCR.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Order of the Phoenix (2007) TELESYNC VCD-FuZeVcD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix 2007 CAM RMVB INTERNAL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix 2007 DVDRip XviD-FLAiTE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Order of the Phoenix 2007 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix 2007 TS XViD-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix CAM Xvid INTERNAL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix CAM XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Order of the Phoenix DVDRip XviD-aXXo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix HQ TS RMVB.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Order of the Phoenix iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix PROPER TS RMVB-PUKKA PL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix PROPER TS XViD-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and The Order of The Phoenix PROPER TS.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and The Order Of The Phoenix R5 LiNE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and the Order of the Phoenix RiP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix TS PROPER.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix TS VCD-FuZeVcD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix TS XViD-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter And The Order Of The Phoenix TS Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter and The Philosophers Stone iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry potter and the sorcerers stone iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter Order of the Phoenix 2007 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter Order Of The Phoenix CAM XviD-CANALSTREET.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter Quidditch World Cup iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harry Potter The Order Of The Phoenix R5 LiNE XViD-20th.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times (2005) DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times 2005 DVDRip Xvid-aXXo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times 2005 WS DVDRiP XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times 2006 DVDRiP Xvid-aXXo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times 2006 DVDRiP XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times FS DVDSCR XViD-xV.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harsh Times WS DVDRiP XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harts War 2002 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Harvey 1950 INTERNAL DVDRip XviD-PARTiCLE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Haseena DVDRip Xvid (Anti-Leech).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hatchet (2006) DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hatchet DVDRip XviD-BeStDiVx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HatTrick 2007 PreDVD Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Haunted Forest 2007 DVDRip Xvid-TFE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Haunted Forest DVDRip XviD-CANALSTREET.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Haunted Highway 2006 DVDRip XviD-ReMotE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Haushaltsplaner 1.0.x German.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Haute tension 2003 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hayawaza Kanji Kyoiku 1.1.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HDClonePro v3.2.5.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\He Got Game 1998 DVDRip Divx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hearts of Iron 2 Doomsday-RELOADED iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heaven and Hell iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heavenly Creatures DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heavens Prisoners 1996 DVDrip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heavy Metal Rebellion 2002 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heidi 1937 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heights (2005).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heima 2007 DVDRip Xvid-TNAN.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helexis Site Publisher v2.5.80.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helium Music Manager 2007 build 5445.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helium Music Manager 2007.0.0 Build 5425.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helium Music Manager 2007.0.0 Build 5710.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helium Music Manager 2007.0.0.5630.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helium Music Manager 2008.0.0.6000.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helium Music Manager 2008.0.0.6106.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helium Music Manager v2008.0.0.6114.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hell Ride 2008 DVDRip XviD-DOMiNO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hellboy 2004 DVDRip XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hellboy Sword Of Storms 2006 DVDRip XviD HNR.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hellboy Sword of Storms Animation DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helldorado iSO DVD German.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helldorado iSO German.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Helldorado PC DVD iSO German.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hellforces iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HellGate London Collectors Edition iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hellgate London iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hellgate London-ViTALiTY iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hellgate London-ViTALiTY MULTI 8 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hells Kitchen.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Help And Manual 4.5.1.1371.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Help And Manual v4.2.0.1062.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Help And Manual v4.32.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HelpBlocks v1.20.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Henry Fool DVDRip XviD WTURKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Her Majesty Mrs Brown 1997 UK DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Her Minor Thing 2005 DVDRip XviD-VoMiT.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Her Minor Thing 2005 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heracles Battle With The Gods iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Herb 2007 DVDRip XviD-PosTX.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Herb navigator.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Herbie Goes to Monte Carlo 1977 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hercules iNTERNAL DVDRip XviD-WHoRe.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heretic II iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hero 2002 PROPER DVDRip XviD-PRECiOUS.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hero Wanted (2008) DvdRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hero Wanted 2008 LiMiTED DVDSCR PROPER XviD-nDn.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hero Wanted LiMiTED DVDRip XviD-ARiSCO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes II of Might and Magic iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Annihilated Empires iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Hellas iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes Of Hellas v1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic 3 Exapansions iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic 5 and Hammers of fate Expansion iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic III iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic IV All Expansions iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic IV iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic V iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic V the hammers of fate iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of Might and Magic V Tribes of the East iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes Of Might And Magic V Tribes Of The East-PROCYON iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes Of Might And Magic VTribes Of The East iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes of the Pacific iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Heroes V iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hex Comparison v1.90.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hex Workshop v5.1.1.3963.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HexAssistant v2.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HexAssistant v2.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HexDataEdit v1.21.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexen II iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexprobe Hex Editor 3.01.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexprobe Hex Editor 3.4.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexprobe Hex Editor 4.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexprobe Hex Editor 4.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexprobe Hex Editor v3.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexprobe Hex Editor v3.6.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hexprobe System Hpsetool Storage Encryption Tool v2.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hextran v9.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hey Baby 2007 Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hidden and Dangerous 2 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hidden Camera 250x1 v2.25.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hidden Camera 250x1 v2.27.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hidden Recorder 1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide and Protect any Drives v2.5.460.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide and Seek 2005 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\hide files and folders v2.7.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide Folders XP 2.9.8.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide IP 1.1.8.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide IP Platinum 4.02.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide IP Platinum v3.4.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide My Windows 1.7.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide The IP v2.1.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide-IP Platinum 3.xx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hide-Ip-Browser 1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HidesFiles v1.2.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HiFi MP3 Audio Splitter Joiner 1.2x.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HiFi MP3 Splitter Joiner 1.2x.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HiFi-Soft MP3 Audio Recorder Joiner v1.10.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Higglytown Heroes Heroes On The Move 2007 DVDRip XViD-SAM.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\High and Low 1963 DVDRip XviD-CTS.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\High School Musical 2 (2007) TVRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\High School Musical 2 2007 EXTENDED DVDRip XviD-VoMiT.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\High Seas The Family Fortune v1.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\High Tension 2005 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Higher Learning 1995 WS iNTERNAL DVDRip XviD-DoggPo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Highlander The Search for Vengeance (2007) DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Highlander The Source (2007) R5 XviD-RUSH.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Highlander The Source 2007 DVDRiP XviD-DvF.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Highlander The Source 2007 PL DVDRiP XviD-BEER FTP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HighSchool Musical Concert Extreme Access Pass 2007 NTSC DVDR-JKR.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\History Boys 2006 DVDRip Xvid-aXXo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\History Boys 2006 DVDRip XviD-ORiGiNAL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\History Channel Battle For The Pacific-SKIDROW iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\History Sweeper 2.82.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitch 2005 DVD5 720p BluRay x264-REVEiLLE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitch 2005 m-HD x264-uSk.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitch DVDRip DivX-FiNEST.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitch DVDRip Xvid (Anti-leech).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitchhikers Guide to the Galaxy BBC Series 1981 DVDRip Divx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitler The Rise of Evil (2003) DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman (2007).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman - Codename 47 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 1 Codename 47 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 2 Silent Assasin iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 2 Silent Assassin iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 2 Silent Assassin RIP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 2007 CAMSCR XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 2007 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 2007 TSXviD-THS SUBBED ES.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 3 Contracts RiP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 3 Contracts.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman 4 Blood Money iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman Blood Money iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman Blood money RiP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman Blood Money-RELOADED iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman Blood Money.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman CAM XViD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman Contracts iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman Contracts Razor1911 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman Contracts-Razor1911 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hitman TS XviD-THS.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HL2 The Orange Box PC DVD iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Holiday Gift v1.0.0.1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Holy Smoke DVDRip DX50-HYENA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Home Cinema Solutions Chipmunk AV Controller v2.0.2687.24109.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Home Of The Brave DVDSCR Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Home of the Brave LIMITED PROPER DVDRip XviD-FlowQuality.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Home Of The Brave XViD DVDScreener-Distill.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Home on the Range (2004) DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Home Plan Pro 5.1.76.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HomeBuh 4.4.0.9.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Homeworld 2 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Homeworld iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Honestech VHS to DVD v2.0.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Honey DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Honeydripper 2007 LIMITED DVDRip XViD-BaLD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Honeydripper LIMITED DVDRip XViD-BaLD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Honeymoon with Mom R5 xVID-UNiVERSAL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hong Kong Mahjong 1024.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hoo WinTail 3.4 build 621.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hoodwinked (2005) DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hoodwinked! 2005 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hook 1991 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hooligans Thugs - Soccers Most Violent Fan Fights 2003 DVDrip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hoppet (2007) DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hoppet 2007 DVDRip XviD-PRESSU.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hopscotch 1980 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horas v5.0.11115.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hormonal Forecaster v5.1a.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears A Who 2008 DVDRip XVID-SSF.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears a Who 2008 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears A Who 2008 R5 LINE XviD-iNQONTROL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears A Who 2008 R5 LINE-x264.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears a Who DVDRip XviD AC3-FXG.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears a Who R5 LINE XviD-iNQONTROL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears a Who! 2008 DVDRip AC3-FXG.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears a Who! 2008 DVDRip Xvid-FXG.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Horton Hears a Who! 2008 R5 LINE XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hospital Tycoon 2007 iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hospital Tycoon 2007-HATRED iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hospital Tycoon-HATRED iSO FTP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostage DVD Rip XviD.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel - Directors Cut 2005 x264 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel - Part II DVDrip Xvid-FLAiTE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel 2 2007 DVD WORKPRINT XViD-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel 2 2007 DVDRip XviD-WaRP.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel 2 DVD WORKPRINT XViD-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel 2 REPACK DVD SCREENER XViD-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel 2 Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel DVDRip Xvid (Anti-leech).zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel II DVDRip R5 XVid-Universal.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostel Part 2 DVDSCR Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hostile Waters Antaeus Rising iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot CPU Tester 4.3.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Dog King-RiTUEL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 DVDRip Eng-FxM.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 DVDRip R5 Xvid-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 DVDRip Xvid-aXXo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 DVDRip Xvid-FxM.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 DVDRip.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 High Quality DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz 2007 PROPER DVDRip XviD-ORiGiNAL.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz CAM XviD-CAMERA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz DVDRip R5 RMVB.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz DVDRip Xvid-aXXo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz DVDRip XviD-TG1.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz HQ TS Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Fuzz R5 LINE XViD-PUKKA.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Potatoes v6.24.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Rod (2007) CAM.XViD-FuZe.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Rod 2007 DVDRip Xvid-aXXo.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Rod 2007 DVDRip XviD-FLAiTE.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Rod 2007 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Rod CAM XViD-FuZe.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Wheels - Velocity X iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Wheels MechaniX iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hot Wheels Velocity X iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HotDogs HotGirls iSO German.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\HotDoor MultiPage v4.0 for Adobe Illustrator.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hotel Booking System v2.4.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hotel Giant iSO.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hotel Rwanda 2004 DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\Hotel Rwanda DVDRip XviD-DEiTY.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\House 1986 DVDRip Divx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\House II The Second Story 1987 DVDRip Divx.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\House of 1000 Corpses 2003 DVDR.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\House of 1000 Corpses DVDRip Xvid.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\House of Games 1987 DVDRip XviD-CTS.zip (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\'\House of Sand and Fog 2003 DVDrip
1
Réponse 3 / 14
badraux
9 juil. 2008 à 21:08
et voila celui de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:20, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mysidesearch search enhancer - {1171ee1a-ad84-0867-34cf-520d2e50bc34} - C:\WINDOWS\system32\tpwwbxcwsb.dll
O2 - BHO: banneradsgalore browser optimizer - {2b85e68a-3644-2829-6e2c-feaf85ed7e2b} - C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {551b0e74-b796-4c1e-a321-59e4672f9614} - C:\Program Files\Starware381\bin\Starware381.dll (file missing)
O2 - BHO: {b1b4b93c-e9e7-8c5a-b744-0fe1b061c9c5} - {5c9c160b-1ef0-447b-a5c8-7e9ec39b4b1b} - C:\WINDOWS\system32\mzldrz.dll
O2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\system32\nnnnKbCS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ieup] C:\Program Files\ieup\inetsvr.exe
O4 - HKLM\..\Run: [hrddgynimy] C:\WINDOWS\system32\hrddgynimy.exe
O4 - HKLM\..\Run: [pnosljcmvrv] C:\WINDOWS\system32\pnosljcmvrv.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSn Client Cfg] msnclicfg.exe
O4 - HKLM\..\Run: [{fd8759bc-a5b9-62b9-8ac4-9bdb39a7460e}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll" DllStart
O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\cfavsays.dll",b
O4 - HKLM\..\Run: [BM6763d705] Rundll32.exe "C:\WINDOWS\system32\skucrdsm.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Wengo] "C:/Program Files/Wengo/wengophone.exe" -background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [UMService] C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OLYMPUS Studio.lnk = C:\Program Files\OLYMPUS\OLYMPUS Studio\Os_Monitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Access Internet Keyword - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - http://scanner.vav-scanner.com/setup/setup.cab
O20 - Winlogon Notify: efcCropn - efcCropn.dll (file missing)
O20 - Winlogon Notify: nnnnKbCS - C:\WINDOWS\SYSTEM32\nnnnKbCS.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler Service (ootvowneo9g0aei) - Unknown owner - C:\WINDOWS\system32\hrddgynimy.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
1
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 juil. 2008 à 22:18
re salut tu n'a pas suivie les consignes car je voit no action taken tout simplement c que tu n'a pas suprimer tout se qui etait infecter pourtant c 'etait en gras je ne peut pas faire plus gros

tu recommence stp et cette fois ci tu suprime parce que la il y'on a

telecharge malwarbyte http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware a l'intallation verifie que mise a jour et lançer program et scan complet sont bien cocher

A la fin du scan clique sur Afficher les résultats

Suppression des éléments détectés >>>> clique sur Supprimer la sélection ou supprimer tout
S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le raport generer

0
Réponse 4 / 14
badraux
10 juil. 2008 à 15:09
re
g fait comme vous m'avez dit mais des que le scan a commencé en mode sans echec le programme a afficher ce message(impossible de charger le support ipx/spx) :s mais quand g redemarré mon ordi en mode normal le programme a commencé le scan et il a créé le rapport suivant:
Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 14:23:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:6d61dbea
"s1"=dword:290bcd21
"s2"=dword:41ed2b71
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0c,ea,24,e6,3a,95,70,37,d8,85,28,e8,09,4c,b4,eb,df,5f,1d,29,f6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,6f,67,64,0a,de,64,1c,95,19,c9,9c,6b,b8,32,5d,c3,..
"khjeh"=hex:fb,b0,22,11,10,67,51,60,78,eb,41,1a,4f,a0,b5,20,d5,5d,23,12,f4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c5,19,50,a7,4b,7a,51,28,da,b3,6c,f1,99,27,65,ad,34,9a,36,f2,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:0c,ea,24,e6,3a,95,70,37,d8,85,28,e8,09,4c,b4,eb,df,5f,1d,29,f6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,6f,67,64,0a,de,64,1c,95,19,c9,9c,6b,b8,32,5d,c3,..
"khjeh"=hex:fb,b0,22,11,10,67,51,60,78,eb,41,1a,4f,a0,b5,20,d5,5d,23,12,f4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c5,19,50,a7,4b,7a,51,28,da,b3,6c,f1,99,27,65,ad,34,9a,36,f2,ed,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"="C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"
"C:\\Program Files\\Wengo\\wengophone.exe"="C:\\Program Files\\Wengo\\wengophone.exe:*:Disabled:WengoPhone"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Disabled:Wish Application"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"="C:\\cygwin\\usr\\X11R6\\bin\\XWin.exe:*:Enabled:XWin"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\WINDOWS\\AdobeR.exe"="C:\\WINDOWS\\AdobeR.exe:*:Enabled:AdobeR"
"G:\\AdobeR.exe"="G:\\AdobeR.exe:*:Enabled:AdobeR"
"F:\\AdobeR.exe"="F:\\AdobeR.exe:*:Enabled:AdobeR"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Fri 4 Jul 2008 112,824 ..SHR --- "C:\00hoeav.com"
Fri 4 Jul 2008 112,824 ..SHR --- "C:\WINDOWS\system32\amvo.exe"
Thu 10 Jul 2008 77,312 ..SHR --- "C:\WINDOWS\system32\amvo0.dll"
Fri 4 Jul 2008 77,312 ..SHR --- "C:\WINDOWS\system32\amvo1.dll"
Tue 17 Jun 2008 41,472 ..SHR --- "C:\WINDOWS\system32\msnclicfg.exe"
Sun 5 Nov 2006 24,064 ...H. --- "C:\Documents and Settings\EL KHAOUDI\Mes documents\~WRL3574.tmp"
Fri 4 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP407\A0225505.sys"
Fri 4 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP407\A0225576.sys"
Sat 5 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP407\A0226577.sys"
Sat 5 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP407\A0226601.sys"
Sat 5 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP407\A0226617.sys"
Sat 5 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP410\A0228741.sys"
Sat 5 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP412\A0229741.sys"
Sun 6 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP412\A0229756.sys"
Sun 6 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP412\A0229776.sys"
Sun 6 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP412\A0230776.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP412\A0231776.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP412\A0231792.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0232794.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0233792.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0233809.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0234809.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0234822.sys"
Mon 7 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0234864.sys"
Tue 8 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP416\A0234884.sys"
Tue 8 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0235883.sys"
Tue 8 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0235903.sys"
Wed 9 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0235939.sys"
Wed 9 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0236939.sys"
Wed 9 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0236952.sys"
Wed 9 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0237971.sys"
Wed 9 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0238972.sys"
Thu 10 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0238989.sys"
Thu 10 Jul 2008 168 A..H. --- "C:\System Volume Information\_restore{626D9BD5-11D8-49A1-B657-D272D1F6275E}\RP417\A0242007.sys"
Thu 10 Jul 2008 29,184 A..H. --- "C:\Documents and Settings\EL KHAOUDI\Local Settings\Temp\t.dll"
Fri 4 Jul 2008 29,184 A..H. --- "C:\Documents and Settings\EL KHAOUDI\Local Settings\Temp\yut.dll"
Thu 10 Jul 2008 168 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys"
Wed 9 Apr 2008 8,348,280 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d73c5f11656cfb2872f8f4bb0b3a716\BIT23.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT2.tmp"
Sun 5 Nov 2006 20,992 ...H. --- "C:\Documents and Settings\EL KHAOUDI\Application Data\Microsoft\Word\~WRL2853.tmp"
Sat 28 Apr 2007 11,116 A.SH. --- "C:\Documents and Settings\EL KHAOUDI\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 20 Oct 2006 28,672 A..H. --- "C:\Documents and Settings\EL KHAOUDI\Atwach\kichk\Nouveau dossier\Nouveau dossier (2)\~WRL0698.tmp"
Fri 20 Oct 2006 21,504 A..H. --- "C:\Documents and Settings\EL KHAOUDI\Atwach\kichk\Nouveau dossier\Nouveau dossier (2)\~WRL0788.tmp"
Fri 20 Oct 2006 34,816 A..H. --- "C:\Documents and Settings\EL KHAOUDI\Atwach\kichk\Nouveau dossier\Nouveau dossier (2)\~WRL2691.tmp"

[b]Finished![/b]

Merci
1
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
10 juil. 2008 à 19:40
Ok
tu va telecharger Ccleaner http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."

. Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
. Tu refais tous ca 4-5 fois (le nettoyage et le registre).

Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".


et ceci :

Télécharge Clean.zip de Malekal.

Comment l'utiliser : http://mickael.barroux.free.fr/securite/clean.php
https://www.malekal.com/supprimer-virus-desinfecter-pc/#mozTocId711944

Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Choisis l'option 1 puis patiente

Poste le rapport obtenu

S’il te demande d’uploader un fichier, tu le fais…
pour retrouver le rapport : double clique sur => C => double clique sur " rapport_clean txt.
et copie/colle le sur ta prochaine réponse

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Daniel
8 août 2009 à 01:54
J'ai un bon site qui fait un scan gratuit et ily a un spyware qui se nomme Plate HBO qui ralenti mon ordi.
Voici le site en question .... Stopzilla .
C'est un antispam.
1
Réponse 6 / 14
badraux
9 juil. 2008 à 22:25
si g ts supprimé ..ca figure pas sur le rapport parceque le rapport est donné avant que je supprime..mais c pas grave je recommence et je vous envoie le rapport...merci
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
9 juil. 2008 à 22:30
va voir dans quarantaine si y'a quelque chose tu suprime et tu refait qu'on meme un scan y'on a tellement qu'il a du on zapper si tu peut le faire on mode sans echec il est encore plus efficaçe
0
Réponse 7 / 14
badraux
10 juil. 2008 à 00:05
re
g recommencé l analyse ,et apres g mis supprimer mais apres avoir terminé la supression il m'a mis un message d'erreur(dépassement de capacité) :s et je sais pas koi faire
Merci
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
10 juil. 2008 à 12:52
salut on va faire autrement on va le soulager

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié dans C:\. Redémarre ton ordinateur en mode sans échec

• Choisis ton compte.

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour le lancer

• Appuie sur Y pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

0
Réponse 8 / 14
badraux
10 juil. 2008 à 20:55
voila le rapport demandé:
10/07/2008 a 20:51:35,04

*** Recherche des fichiers dans C:
C:\autorun.inf FOUND

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\internet.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Mercii
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
10 juil. 2008 à 21:22
ok

tu redemarre on mode sans echec et tu relançe clean et tu choisie l'option 2
0
Réponse 9 / 14
badraux
10 juil. 2008 à 21:52
c fait mais il a l'air de ne pas terminer le nettoyage prk il affiche fichier does not exist et en fichier supprimé il n a mis qu'un seul fichier ...et les pages pub sont diminué mais elles existent toujours qu est ce que vous en pensez?
Merci
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
10 juil. 2008 à 21:54
il a generer un raport envoie le stp
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107 > benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012
10 juil. 2008 à 23:03
re

on passe a l'aremement lourd


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe


-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

-Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

merci a chiquitine

0
Réponse 10 / 14
badraux
10 juil. 2008 à 23:23
voila le rapport du nettoyage et je ferai ts ce que vs dites ;):
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 10/07/2008 a 23:05:10,93

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
10 juil. 2008 à 23:57
et maintenant tu fait le poste 15 clean a bien travailler

comme sa chiquitine te preparera un script
0
Réponse 11 / 14
badraux
11 juil. 2008 à 02:16
voila g fait tous ce que m'avez conseillé( ca a l'air de bien marcher ...il y a plus de pages pub merciii beaucoup)
et voila le rapport:
ComboFix 08-07-10.1 - EL KHAOUDI 2008-07-11 0:03:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.504 [GMT 2:00]
Endroit: C:\Documents and Settings\EL KHAOUDI\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\All Users\Application Data\Starware381
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1317_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB40.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB50.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB60.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB70.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_News\Music_NewsOptions.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_News\Music_NewsOptions.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB4\TMB4Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB4\TMB4Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB5\TMB5Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB5\TMB5Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB6\TMB6Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB6\TMB6Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB7\TMB7Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB7\TMB7Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Menu Démarrer\Programmes\Internet Speed Monitor
C:\Documents and Settings\EL KHAOUDI\Menu Démarrer\Programmes\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\OCINS
C:\Program Files\OCINS\austr.dll
C:\Program Files\OCINS\cndsv.dll
C:\Program Files\OCINS\cnprovh.dll
C:\Program Files\OCINS\cnstc.ini
C:\Program Files\OCINS\config.exe
C:\Program Files\OCINS\convf.dll
C:\Program Files\OCINS\convs.dll
C:\Program Files\OCINS\ctrcfg.ini
C:\Program Files\OCINS\cuscfg.dat
C:\Program Files\OCINS\idnaux.dat
C:\Program Files\OCINS\idnsvr.dll
C:\Program Files\OCINS\idnsvr.exe
C:\Program Files\OCINS\ieaux.dll
C:\Program Files\OCINS\kwacs.dat
C:\Program Files\OCINS\kwrep.dat
C:\Program Files\OCINS\ocinfo.dat
C:\Program Files\OCINS\path.dat
C:\Program Files\OCINS\uninstall.exe
C:\Program Files\OCINS\update\cnprov.dat
C:\Program Files\OCINS\update\cnstc.ini
C:\Program Files\OCINS\update\cuscfg.dat
C:\Program Files\OCINS\update\idnaux.dat
C:\Program Files\OCINS\update\kwacs.dat
C:\Program Files\OCINS\update\kwrep.dat
C:\Program Files\OCINS\update\ocinfo.dat
C:\Program Files\OCINS\update\path.dat
C:\Program Files\OCINS\update\update.exe
C:\Program Files\OCINS\update\version.dat
C:\Program Files\OCINS\usrcfg.ini
C:\Program Files\OCINS\version.dat
C:\WINDOWS\BM6763d705.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\setup.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\ocinfo.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\bwplbf.dll
C:\WINDOWS\system32\cnprov.dat
C:\WINDOWS\system32\drivers\cnprov.sys
C:\WINDOWS\system32\eaqjwyak.dll
C:\WINDOWS\system32\FLTuCfhk.ini
C:\WINDOWS\system32\FLTuCfhk.ini2
C:\WINDOWS\system32\g63.exe
C:\WINDOWS\system32\gbiggdtb.dll
C:\WINDOWS\system32\geBqQIbb.dll
C:\WINDOWS\system32\hafqhv.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hqbiin.dll
C:\WINDOWS\system32\ikxgqj.dll
C:\WINDOWS\system32\iqnnkpkr.ini
C:\WINDOWS\system32\khfCuTLF.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\muanurty.dll
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\mzldrz.dll
C:\WINDOWS\system32\nnnnKbCS.dll
C:\WINDOWS\system32\nrcmvjiu.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qjjbsuak.dll
C:\WINDOWS\system32\ryssotfw.dll
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\skucrdsm.dll
C:\WINDOWS\system32\syasvafc.ini
C:\WINDOWS\system32\teqpvnnm.ini
C:\WINDOWS\system32\tmuwhmqr.dll
C:\WINDOWS\system32\uoplqiax.ini
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\verbhgxi.dll
C:\WINDOWS\system32\vqunrfux.ini
C:\WINDOWS\system32\wgneig.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xaiqlpou.dll
C:\WINDOWS\system32\yakhkayn.dll
C:\WINDOWS\system32\yayxxyAt.dll
C:\WINDOWS\system32\ytrunaum.ini
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CNPROV
-------\Service_cnprov


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-10 20:20 . 2008-07-10 20:20 <REP> d-------- C:\Program Files\CCleaner
2008-07-10 00:54 . 2008-07-10 00:54 493,568 --a------ C:\WINDOWS\ibd.exe
2008-07-09 19:15 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-09 14:06 . 2008-07-09 14:06 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-09 11:47 . 2008-07-10 14:48 <REP> d-------- C:\SDFix
2008-07-08 00:45 . 2008-07-08 00:45 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\Application Data\DivX
2008-07-07 17:48 . 2008-07-07 18:17 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\amsn
2008-07-07 17:24 . 2008-07-10 23:55 110,448 --a------ C:\WINDOWS\BM6763d705.xml
2008-07-06 17:30 . 2008-07-10 21:16 <REP> d-------- C:\Program Files\adslTV
2008-07-05 16:23 . 2008-07-05 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 03:28 . 2008-07-05 03:28 <REP> d-------- C:\Program Files\Trend Micro
2008-07-05 01:48 . 2008-07-09 19:17 <REP> d-------- C:\Program Files\Navilog1
2008-07-05 01:19 . 2008-07-05 01:19 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\Application Data\Malwarebytes
2008-07-05 01:18 . 2008-07-10 17:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 01:18 . 2008-07-05 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 01:18 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 01:18 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 19:16 . 2008-07-05 18:03 <REP> d-------- C:\Program Files\SpyWatchE
2008-07-04 15:24 . 2008-07-04 15:43 112,824 -r-hs---- C:\[u]0[/u]0hoeav.com
2008-07-04 14:58 . 2008-06-17 00:37 41,472 -r-hs---- C:\WINDOWS\system32\msnclicfg.exe
2008-07-03 19:14 . 2008-07-03 19:14 90,922 --a------ C:\WINDOWS\system32\tpwwbxcwsb.dll-uninst.exe
2008-07-03 16:45 . 2008-07-03 16:45 364,544 --a------ C:\WINDOWS\system32\tpwwbxcwsb.dll
2008-07-03 03:13 . 2008-07-03 03:13 5,416 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-03 03:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-03 03:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-03 03:07 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-03 03:07 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-03 03:07 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-03 03:07 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-03 03:07 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-03 03:07 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-03 00:40 . 2008-07-03 00:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-02 21:16 . 2008-07-02 21:16 355 --a------ C:\243.bat
2008-07-02 20:43 . 2008-07-02 20:43 <REP> d-------- C:\Program Files\Alwil Software
2008-07-02 20:32 . 2008-07-02 20:32 355 --a------ C:\519.bat
2008-07-02 20:24 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-07-02 20:16 . 2008-07-03 00:58 <REP> d-------- C:\Program Files\Symantec
2008-07-02 20:16 . 2008-07-02 20:16 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\Application Data\Symantec
2008-07-02 20:05 . 2008-07-02 20:05 0 --a------ C:\WINDOWS\system32\3nI8LiMU.exe.a_a
2008-07-02 19:59 . 2008-07-02 22:44 <REP> d-------- C:\Program Files\Plate
2008-07-02 19:59 . 2008-07-02 20:02 223,076 --a------ C:\WINDOWS\ism611.exe
2008-07-02 19:58 . 2008-07-02 19:58 805,992 --a------ C:\Avast-4.8.1169-Professional-Edition--2-NEW-WORKING-Keygens.zip
2008-07-02 19:57 . 2008-07-02 19:59 805,964 --a------ C:\avast-4-Home-Edition-4-7-1043--LegalTorrents.zip
2008-07-02 19:56 . 2008-07-02 19:56 15,231 --a------ C:\Antivirus Avast! Professional v4.7 871 Skins Serial EspaÇñol.zip
2008-07-02 19:55 . 2008-07-02 19:55 1,125,749 --a------ C:\Avast Antivirus Pro 4.7 Licensed till 2009.rar
2008-07-02 19:48 . 2008-07-02 19:48 355 --a------ C:\911.bat
2008-07-02 14:55 . 2008-07-02 14:55 355 --a------ C:\359.bat
2008-07-02 12:56 . 2008-07-09 18:33 345 --ahs---- C:\WINDOWS\system32\bLVuutwa.ini
2008-07-02 12:51 . 2008-07-02 23:14 <REP> d-------- C:\WINDOWS\system32\yrt
2008-07-02 12:51 . 2008-07-02 23:13 <REP> d-------- C:\WINDOWS\system32\pRI
2008-07-02 12:51 . 2008-07-02 23:13 <REP> d-------- C:\WINDOWS\system32\modtrux18
2008-07-02 12:51 . 2008-07-02 12:51 <REP> d-------- C:\WINDOWS\system32\cTMO
2008-07-02 12:51 . 2008-07-02 12:52 <REP> d-------- C:\Temp\syschk3
2008-07-02 12:51 . 2008-07-02 21:15 35,840 --a------ C:\Documents and Settings\EL KHAOUDI\services.exe
2008-07-02 12:51 . 2008-07-02 12:51 355 --a------ C:\128.bat
2008-07-01 17:17 . 2008-07-01 17:17 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-06-10 20:09 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:09 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 19:16 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\vlc
2008-07-07 22:45 --------- d-----w C:\Program Files\DivX
2008-07-07 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 16:06 --------- d-----w C:\Program Files\War Chess
2008-07-07 15:58 --------- d-----w C:\Program Files\ALCATEL PC Suite
2008-07-04 21:58 --------- d-----w C:\Program Files\FlashGet
2008-07-02 22:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-02 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-02 20:31 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-02 19:25 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\LimeWire
2008-07-02 19:24 --------- d-----w C:\Program Files\LimeWire
2008-07-02 17:56 15,231 ----a-w C:\Antivirus Avast! Professional v4.7 871 Skins Serial Español.zip
2008-06-27 23:56 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\Skype
2008-06-27 23:54 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\AdobeUM
2007-11-13 00:56 390,144 ----a-w C:\Documents and Settings\EL KHAOUDI\icsetup.exe
2007-11-11 17:14 212,291 ----a-w C:\Documents and Settings\EL KHAOUDI\sdd.exe
2006-11-27 20:29 3,978,535 ----a-w C:\Program Files\amsn_amsn_0.96_francais_18489.exe
2006-11-23 22:30 37,472 ----a-w C:\Documents and Settings\EL KHAOUDI\Application Data\GDIPFONTCACHEV1.DAT
2006-11-18 21:27 12,841,064 -c--a-w C:\Program Files\SkypeSetup.exe
2006-11-04 20:14 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1171ee1a-ad84-0867-34cf-520d2e50bc34}]
2008-07-03 16:45 364544 --a------ C:\WINDOWS\system32\tpwwbxcwsb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b85e68a-3644-2829-6e2c-feaf85ed7e2b}]
2008-05-26 14:21 364544 --a------ C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 23:54 961536]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 13:53 3497984]
"UMService"="C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe" [2007-09-04 21:22 20992]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-06-25 15:58 1209584]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 14:16 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04 7557120]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 12:37 184320]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"ieup"="C:\Program Files\ieup\inetsvr.exe" [2007-09-29 08:55 109752]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"{fd8759bc-a5b9-62b9-8ac4-9bdb39a7460e}"="C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll" [2008-05-26 14:21 364544]
"nwiz"="nwiz.exe" [2006-05-01 22:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"MSn Client Cfg"="msnclicfg.exe" [2008-06-17 00:37 41472 C:\WINDOWS\system32\msnclicfg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\aMSN\\bin\\wish.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"13171:TCP"= 13171:TCP:NortonAV
"13640:TCP"= 13640:TCP:NortonAV
"12869:TCP"= 12869:TCP:NortonAV
"15847:TCP"= 15847:TCP:NortonAV
"18453:TCP"= 18453:TCP:NortonAV
"16065:TCP"= 16065:TCP:NortonAV
"14399:TCP"= 14399:TCP:NortonAV
"17833:TCP"= 17833:TCP:NortonAV
"16648:TCP"= 16648:TCP:NortonAV
"17238:TCP"= 17238:TCP:NortonAV
"18440:TCP"= 18440:TCP:NortonAV
"18758:TCP"= 18758:TCP:NortonAV
"15860:TCP"= 15860:TCP:NortonAV
"18394:TCP"= 18394:TCP:NortonAV
"18509:TCP"= 18509:TCP:NortonAV
"16307:TCP"= 16307:TCP:NortonAV
"17647:TCP"= 17647:TCP:NortonAV
"17193:TCP"= 17193:TCP:NortonAV
"16406:TCP"= 16406:TCP:NortonAV
"17184:TCP"= 17184:TCP:NortonAV
"17993:TCP"= 17993:TCP:NortonAV
"16587:TCP"= 16587:TCP:NortonAV
"16075:TCP"= 16075:TCP:NortonAV
"17150:TCP"= 17150:TCP:NortonAV
"18931:TCP"= 18931:TCP:NortonAV
"15099:TCP"= 15099:TCP:NortonAV
"16293:TCP"= 16293:TCP:NortonAV
"13185:TCP"= 13185:TCP:NortonAV
"17513:TCP"= 17513:TCP:NortonAV
"13324:TCP"= 13324:TCP:NortonAV
"12704:TCP"= 12704:TCP:NortonAV
"17835:TCP"= 17835:TCP:NortonAV
"13652:TCP"= 13652:TCP:NortonAV
"13019:TCP"= 13019:TCP:NortonAV
"12382:TCP"= 12382:TCP:NortonAV
"18601:TCP"= 18601:TCP:NortonAV
"17080:TCP"= 17080:TCP:NortonAV
"15842:TCP"= 15842:TCP:NortonAV
"18722:TCP"= 18722:TCP:NortonAV
"14598:TCP"= 14598:TCP:NortonAV
"15275:TCP"= 15275:TCP:NortonAV
"13901:TCP"= 13901:TCP:NortonAV
"16314:TCP"= 16314:TCP:NortonAV
"14365:TCP"= 14365:TCP:NortonAV
"17563:TCP"= 17563:TCP:NortonAV
"16291:TCP"= 16291:TCP:NortonAV

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S2 ootvowneo9g0aei;Print Spooler Service;C:\WINDOWS\system32\hrddgynimy.exe []
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-07-07 17:35]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
S3 UsbEvdoAtc;LGE EVDO USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgevdoatc.sys [2007-08-28 15:17]
S3 usbevdobus;LGE EVDO Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgevdobus.sys [2007-08-28 15:17]
S3 UsbEvdoDiag;LGE EVDO USB Serial DM Port;C:\WINDOWS\system32\DRIVERS\lgevdodiag.sys [2007-08-28 15:17]
S3 USBEVDOModem;LGE EVDO USB Modem;C:\WINDOWS\system32\DRIVERS\lgevdomodem.sys [2007-08-28 15:17]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4428b64-58e1-11dc-9e9c-0018de246c30}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-19 09:31:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-02 18:23:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Wengo - C:/Program Files/Wengo/wengophone.exe
HKLM-Run-6450e499 - C:\WINDOWS\system32\muanurty.dll
HKLM-Run-BM6763d705 - C:\WINDOWS\system32\gbiggdtb.dll
HKLM-Run-NDSTray.exe - NDSTray.exe
HKLM-Run-TFncKy - TFncKy.exe
HKLM-Run-CFSServ.exe - CFSServ.exe
Notify-efcCropn - efcCropn.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 00:25:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

C:\WINDOWS\system32\msnclicfg.exe [2028] 0x863FA808

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
C:\Program Files\Toshiba\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-11 0:41:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 22:41:19

Pre-Run: 4,252,229,632 octets libres
Post-Run: 5,062,811,648 octets libres

464
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
11 juil. 2008 à 21:48
salut

sa va il a bien bosser poste un nouveau rapport hijackthis--
0
Réponse 12 / 14
badraux
12 juil. 2008 à 17:24
ttes les pages pub sont revenues :s....voila le rapport :ComboFix 08-07-10.1 - EL KHAOUDI 2008-07-11 0:03:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.504 [GMT 2:00]
Endroit: C:\Documents and Settings\EL KHAOUDI\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\All Users\Application Data\Starware381
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1317_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB40.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB50.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB60.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB70.bmp
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_News\Music_NewsOptions.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\Music_News\Music_NewsOptions.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB4\TMB4Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB4\TMB4Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB5\TMB5Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB5\TMB5Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB6\TMB6Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB6\TMB6Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB7\TMB7Options.xml
C:\Documents and Settings\EL KHAOUDI\Application Data\Starware381\TMB7\TMB7Options.xml.backup
C:\Documents and Settings\EL KHAOUDI\Menu Démarrer\Programmes\Internet Speed Monitor
C:\Documents and Settings\EL KHAOUDI\Menu Démarrer\Programmes\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\OCINS
C:\Program Files\OCINS\austr.dll
C:\Program Files\OCINS\cndsv.dll
C:\Program Files\OCINS\cnprovh.dll
C:\Program Files\OCINS\cnstc.ini
C:\Program Files\OCINS\config.exe
C:\Program Files\OCINS\convf.dll
C:\Program Files\OCINS\convs.dll
C:\Program Files\OCINS\ctrcfg.ini
C:\Program Files\OCINS\cuscfg.dat
C:\Program Files\OCINS\idnaux.dat
C:\Program Files\OCINS\idnsvr.dll
C:\Program Files\OCINS\idnsvr.exe
C:\Program Files\OCINS\ieaux.dll
C:\Program Files\OCINS\kwacs.dat
C:\Program Files\OCINS\kwrep.dat
C:\Program Files\OCINS\ocinfo.dat
C:\Program Files\OCINS\path.dat
C:\Program Files\OCINS\uninstall.exe
C:\Program Files\OCINS\update\cnprov.dat
C:\Program Files\OCINS\update\cnstc.ini
C:\Program Files\OCINS\update\cuscfg.dat
C:\Program Files\OCINS\update\idnaux.dat
C:\Program Files\OCINS\update\kwacs.dat
C:\Program Files\OCINS\update\kwrep.dat
C:\Program Files\OCINS\update\ocinfo.dat
C:\Program Files\OCINS\update\path.dat
C:\Program Files\OCINS\update\update.exe
C:\Program Files\OCINS\update\version.dat
C:\Program Files\OCINS\usrcfg.ini
C:\Program Files\OCINS\version.dat
C:\WINDOWS\BM6763d705.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\setup.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\ocinfo.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\bwplbf.dll
C:\WINDOWS\system32\cnprov.dat
C:\WINDOWS\system32\drivers\cnprov.sys
C:\WINDOWS\system32\eaqjwyak.dll
C:\WINDOWS\system32\FLTuCfhk.ini
C:\WINDOWS\system32\FLTuCfhk.ini2
C:\WINDOWS\system32\g63.exe
C:\WINDOWS\system32\gbiggdtb.dll
C:\WINDOWS\system32\geBqQIbb.dll
C:\WINDOWS\system32\hafqhv.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hqbiin.dll
C:\WINDOWS\system32\ikxgqj.dll
C:\WINDOWS\system32\iqnnkpkr.ini
C:\WINDOWS\system32\khfCuTLF.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\muanurty.dll
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\mzldrz.dll
C:\WINDOWS\system32\nnnnKbCS.dll
C:\WINDOWS\system32\nrcmvjiu.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qjjbsuak.dll
C:\WINDOWS\system32\ryssotfw.dll
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\skucrdsm.dll
C:\WINDOWS\system32\syasvafc.ini
C:\WINDOWS\system32\teqpvnnm.ini
C:\WINDOWS\system32\tmuwhmqr.dll
C:\WINDOWS\system32\uoplqiax.ini
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\verbhgxi.dll
C:\WINDOWS\system32\vqunrfux.ini
C:\WINDOWS\system32\wgneig.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xaiqlpou.dll
C:\WINDOWS\system32\yakhkayn.dll
C:\WINDOWS\system32\yayxxyAt.dll
C:\WINDOWS\system32\ytrunaum.ini
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CNPROV
-------\Service_cnprov


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-10 20:20 . 2008-07-10 20:20 <REP> d-------- C:\Program Files\CCleaner
2008-07-10 00:54 . 2008-07-10 00:54 493,568 --a------ C:\WINDOWS\ibd.exe
2008-07-09 19:15 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-09 14:06 . 2008-07-09 14:06 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-09 11:47 . 2008-07-10 14:48 <REP> d-------- C:\SDFix
2008-07-08 00:45 . 2008-07-08 00:45 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\Application Data\DivX
2008-07-07 17:48 . 2008-07-07 18:17 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\amsn
2008-07-07 17:24 . 2008-07-10 23:55 110,448 --a------ C:\WINDOWS\BM6763d705.xml
2008-07-06 17:30 . 2008-07-10 21:16 <REP> d-------- C:\Program Files\adslTV
2008-07-05 16:23 . 2008-07-05 16:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 03:28 . 2008-07-05 03:28 <REP> d-------- C:\Program Files\Trend Micro
2008-07-05 01:48 . 2008-07-09 19:17 <REP> d-------- C:\Program Files\Navilog1
2008-07-05 01:19 . 2008-07-05 01:19 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\Application Data\Malwarebytes
2008-07-05 01:18 . 2008-07-10 17:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 01:18 . 2008-07-05 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-05 01:18 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 01:18 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 19:16 . 2008-07-05 18:03 <REP> d-------- C:\Program Files\SpyWatchE
2008-07-04 15:24 . 2008-07-04 15:43 112,824 -r-hs---- C:\[u]0[/u]0hoeav.com
2008-07-04 14:58 . 2008-06-17 00:37 41,472 -r-hs---- C:\WINDOWS\system32\msnclicfg.exe
2008-07-03 19:14 . 2008-07-03 19:14 90,922 --a------ C:\WINDOWS\system32\tpwwbxcwsb.dll-uninst.exe
2008-07-03 16:45 . 2008-07-03 16:45 364,544 --a------ C:\WINDOWS\system32\tpwwbxcwsb.dll
2008-07-03 03:13 . 2008-07-03 03:13 5,416 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-03 03:07 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-03 03:07 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-03 03:07 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-03 03:07 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-03 03:07 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-03 03:07 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-03 03:07 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-03 03:07 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-03 00:40 . 2008-07-03 00:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-07-02 21:16 . 2008-07-02 21:16 355 --a------ C:\243.bat
2008-07-02 20:43 . 2008-07-02 20:43 <REP> d-------- C:\Program Files\Alwil Software
2008-07-02 20:32 . 2008-07-02 20:32 355 --a------ C:\519.bat
2008-07-02 20:24 . 2005-11-17 22:05 53,248 -ra------ C:\WINDOWS\UpdtNv28.exe
2008-07-02 20:16 . 2008-07-03 00:58 <REP> d-------- C:\Program Files\Symantec
2008-07-02 20:16 . 2008-07-02 20:16 <REP> d-------- C:\Documents and Settings\EL KHAOUDI\Application Data\Symantec
2008-07-02 20:05 . 2008-07-02 20:05 0 --a------ C:\WINDOWS\system32\3nI8LiMU.exe.a_a
2008-07-02 19:59 . 2008-07-02 22:44 <REP> d-------- C:\Program Files\Plate
2008-07-02 19:59 . 2008-07-02 20:02 223,076 --a------ C:\WINDOWS\ism611.exe
2008-07-02 19:58 . 2008-07-02 19:58 805,992 --a------ C:\Avast-4.8.1169-Professional-Edition--2-NEW-WORKING-Keygens.zip
2008-07-02 19:57 . 2008-07-02 19:59 805,964 --a------ C:\avast-4-Home-Edition-4-7-1043--LegalTorrents.zip
2008-07-02 19:56 . 2008-07-02 19:56 15,231 --a------ C:\Antivirus Avast! Professional v4.7 871 Skins Serial EspaÇñol.zip
2008-07-02 19:55 . 2008-07-02 19:55 1,125,749 --a------ C:\Avast Antivirus Pro 4.7 Licensed till 2009.rar
2008-07-02 19:48 . 2008-07-02 19:48 355 --a------ C:\911.bat
2008-07-02 14:55 . 2008-07-02 14:55 355 --a------ C:\359.bat
2008-07-02 12:56 . 2008-07-09 18:33 345 --ahs---- C:\WINDOWS\system32\bLVuutwa.ini
2008-07-02 12:51 . 2008-07-02 23:14 <REP> d-------- C:\WINDOWS\system32\yrt
2008-07-02 12:51 . 2008-07-02 23:13 <REP> d-------- C:\WINDOWS\system32\pRI
2008-07-02 12:51 . 2008-07-02 23:13 <REP> d-------- C:\WINDOWS\system32\modtrux18
2008-07-02 12:51 . 2008-07-02 12:51 <REP> d-------- C:\WINDOWS\system32\cTMO
2008-07-02 12:51 . 2008-07-02 12:52 <REP> d-------- C:\Temp\syschk3
2008-07-02 12:51 . 2008-07-02 21:15 35,840 --a------ C:\Documents and Settings\EL KHAOUDI\services.exe
2008-07-02 12:51 . 2008-07-02 12:51 355 --a------ C:\128.bat
2008-07-01 17:17 . 2008-07-01 17:17 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-11 02:04 . 2008-06-11 02:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 02:04 . 2008-06-11 02:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-06-10 20:09 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 20:09 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 19:16 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\vlc
2008-07-07 22:45 --------- d-----w C:\Program Files\DivX
2008-07-07 16:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 16:06 --------- d-----w C:\Program Files\War Chess
2008-07-07 15:58 --------- d-----w C:\Program Files\ALCATEL PC Suite
2008-07-04 21:58 --------- d-----w C:\Program Files\FlashGet
2008-07-02 22:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-02 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-02 20:31 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-02 19:25 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\LimeWire
2008-07-02 19:24 --------- d-----w C:\Program Files\LimeWire
2008-07-02 17:56 15,231 ----a-w C:\Antivirus Avast! Professional v4.7 871 Skins Serial Español.zip
2008-06-27 23:56 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\Skype
2008-06-27 23:54 --------- d-----w C:\Documents and Settings\EL KHAOUDI\Application Data\AdobeUM
2007-11-13 00:56 390,144 ----a-w C:\Documents and Settings\EL KHAOUDI\icsetup.exe
2007-11-11 17:14 212,291 ----a-w C:\Documents and Settings\EL KHAOUDI\sdd.exe
2006-11-27 20:29 3,978,535 ----a-w C:\Program Files\amsn_amsn_0.96_francais_18489.exe
2006-11-23 22:30 37,472 ----a-w C:\Documents and Settings\EL KHAOUDI\Application Data\GDIPFONTCACHEV1.DAT
2006-11-18 21:27 12,841,064 -c--a-w C:\Program Files\SkypeSetup.exe
2006-11-04 20:14 16,277,288 -c--a-w C:\Program Files\Install_Messenger.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1171ee1a-ad84-0867-34cf-520d2e50bc34}]
2008-07-03 16:45 364544 --a------ C:\WINDOWS\system32\tpwwbxcwsb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b85e68a-3644-2829-6e2c-feaf85ed7e2b}]
2008-05-26 14:21 364544 --a------ C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 23:54 961536]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-07 13:53 3497984]
"UMService"="C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe" [2007-09-04 21:22 20992]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-06-25 15:58 1209584]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 14:16 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 22:04 7557120]
"NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 22:04 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 01:02 761948]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 12:37 184320]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47 356352]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11 73728]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32 696320]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
"ieup"="C:\Program Files\ieup\inetsvr.exe" [2007-09-29 08:55 109752]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"{fd8759bc-a5b9-62b9-8ac4-9bdb39a7460e}"="C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll" [2008-05-26 14:21 364544]
"nwiz"="nwiz.exe" [2006-05-01 22:04 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 15:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 16:50 88204 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-08-03 16:09 266240 C:\WINDOWS\system32\TPSMain.exe]
"MSn Client Cfg"="msnclicfg.exe" [2008-06-17 00:37 41472 C:\WINDOWS\system32\msnclicfg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"VIDC.MJPG"= mtkjpeg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\aMSN\\bin\\wish.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"13171:TCP"= 13171:TCP:NortonAV
"13640:TCP"= 13640:TCP:NortonAV
"12869:TCP"= 12869:TCP:NortonAV
"15847:TCP"= 15847:TCP:NortonAV
"18453:TCP"= 18453:TCP:NortonAV
"16065:TCP"= 16065:TCP:NortonAV
"14399:TCP"= 14399:TCP:NortonAV
"17833:TCP"= 17833:TCP:NortonAV
"16648:TCP"= 16648:TCP:NortonAV
"17238:TCP"= 17238:TCP:NortonAV
"18440:TCP"= 18440:TCP:NortonAV
"18758:TCP"= 18758:TCP:NortonAV
"15860:TCP"= 15860:TCP:NortonAV
"18394:TCP"= 18394:TCP:NortonAV
"18509:TCP"= 18509:TCP:NortonAV
"16307:TCP"= 16307:TCP:NortonAV
"17647:TCP"= 17647:TCP:NortonAV
"17193:TCP"= 17193:TCP:NortonAV
"16406:TCP"= 16406:TCP:NortonAV
"17184:TCP"= 17184:TCP:NortonAV
"17993:TCP"= 17993:TCP:NortonAV
"16587:TCP"= 16587:TCP:NortonAV
"16075:TCP"= 16075:TCP:NortonAV
"17150:TCP"= 17150:TCP:NortonAV
"18931:TCP"= 18931:TCP:NortonAV
"15099:TCP"= 15099:TCP:NortonAV
"16293:TCP"= 16293:TCP:NortonAV
"13185:TCP"= 13185:TCP:NortonAV
"17513:TCP"= 17513:TCP:NortonAV
"13324:TCP"= 13324:TCP:NortonAV
"12704:TCP"= 12704:TCP:NortonAV
"17835:TCP"= 17835:TCP:NortonAV
"13652:TCP"= 13652:TCP:NortonAV
"13019:TCP"= 13019:TCP:NortonAV
"12382:TCP"= 12382:TCP:NortonAV
"18601:TCP"= 18601:TCP:NortonAV
"17080:TCP"= 17080:TCP:NortonAV
"15842:TCP"= 15842:TCP:NortonAV
"18722:TCP"= 18722:TCP:NortonAV
"14598:TCP"= 14598:TCP:NortonAV
"15275:TCP"= 15275:TCP:NortonAV
"13901:TCP"= 13901:TCP:NortonAV
"16314:TCP"= 16314:TCP:NortonAV
"14365:TCP"= 14365:TCP:NortonAV
"17563:TCP"= 17563:TCP:NortonAV
"16291:TCP"= 16291:TCP:NortonAV

R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-10 14:00]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 10:45]
S2 ootvowneo9g0aei;Print Spooler Service;C:\WINDOWS\system32\hrddgynimy.exe []
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe []
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-07-07 17:35]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
S3 UsbEvdoAtc;LGE EVDO USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgevdoatc.sys [2007-08-28 15:17]
S3 usbevdobus;LGE EVDO Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgevdobus.sys [2007-08-28 15:17]
S3 UsbEvdoDiag;LGE EVDO USB Serial DM Port;C:\WINDOWS\system32\DRIVERS\lgevdodiag.sys [2007-08-28 15:17]
S3 USBEVDOModem;LGE EVDO USB Modem;C:\WINDOWS\system32\DRIVERS\lgevdomodem.sys [2007-08-28 15:17]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4428b64-58e1-11dc-9e9c-0018de246c30}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-19 09:31:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-02 18:23:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Wengo - C:/Program Files/Wengo/wengophone.exe
HKLM-Run-6450e499 - C:\WINDOWS\system32\muanurty.dll
HKLM-Run-BM6763d705 - C:\WINDOWS\system32\gbiggdtb.dll
HKLM-Run-NDSTray.exe - NDSTray.exe
HKLM-Run-TFncKy - TFncKy.exe
HKLM-Run-CFSServ.exe - CFSServ.exe
Notify-efcCropn - efcCropn.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 00:25:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

C:\WINDOWS\system32\msnclicfg.exe [2028] 0x863FA808

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
C:\Program Files\Toshiba\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-11 0:41:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 22:41:19

Pre-Run: 4,252,229,632 octets libres
Post-Run: 5,062,811,648 octets libres

464
Meci beaucoup
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
13 juil. 2008 à 10:32
salut c le rapport hijackthis qu'il faut envoyer pour pouvoir finaliser le script


Salut a Toute La Communautè Par Manque De Curiosité On Risque De Mourir Ignorant
j'ai un peu de connaissance mais je m'estime comme un debutant
0
Réponse 13 / 14
badraux
13 juil. 2008 à 17:33
bonjour
dsl g po bien compris ..;voila le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:36, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mysidesearch search enhancer - {1171ee1a-ad84-0867-34cf-520d2e50bc34} - C:\WINDOWS\system32\tpwwbxcwsb.dll
O2 - BHO: banneradsgalore browser optimizer - {2b85e68a-3644-2829-6e2c-feaf85ed7e2b} - C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: {3386029d-02a9-d95a-c4f4-ff983c605776} - {677506c3-89ff-4f4c-a59d-9a20d9206833} - C:\WINDOWS\system32\xxfzvo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {83DE8DE9-B517-44A4-BF71-F44E13C92D13} - C:\WINDOWS\system32\ssqRICUo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BC728C13-5691-4529-A1C2-E662A9AD1C87} - C:\WINDOWS\system32\cbXQkLCR.dll
O2 - BHO: (no name) - {DF430EC2-42ED-453D-B93B-D0A27DB1EFCC} - C:\WINDOWS\system32\urqOFuvu.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ieup] C:\Program Files\ieup\inetsvr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSn Client Cfg] msnclicfg.exe
O4 - HKLM\..\Run: [{fd8759bc-a5b9-62b9-8ac4-9bdb39a7460e}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll" DllStart
O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\xmysyjpq.dll",b
O4 - HKLM\..\Run: [BM6763d705] Rundll32.exe "C:\WINDOWS\system32\rkhqrlqy.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [UMService] C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DivXYIE7Tool] C:\Documents and Settings\EL KHAOUDI\Application Data\DivX\YIE7Tool\YIE7Tool.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - http://scanner.vav-scanner.com/setup/setup.cab
O20 - Winlogon Notify: cbXQkLCR - C:\WINDOWS\SYSTEM32\cbXQkLCR.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Print Spooler Service (ootvowneo9g0aei) - Unknown owner - C:\WINDOWS\system32\hrddgynimy.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
13 juil. 2008 à 20:57
Copie le texte ci-dessous :

File::
C:\WINDOWS\ibd.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\BM6763d705.xml
C:\WINDOWS\system32\tpwwbxcwsb.dll-uninst.exe
C:\WINDOWS\system32\tpwwbxcwsb.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll
C:\WINDOWS\system32\hrddgynimy.exe
C:\Temp\syschk3
C:\Documents and Settings\EL KHAOUDI\services.exe

Folder::
C:\SDFix
C:\Program Files\Navilog1
C:\Program Files\SpyWatchE

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1171ee1a-ad84-0867-34cf-520d2e50bc34}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b85e68a-3644-2829-6e2c-feaf85ed7e2b}]

Driver::
ootvowneo9g0aei



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
badraux > benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012
14 juil. 2008 à 19:33
bonjour
combofix a bien fait le scan et il a redemarrer le pc mais sans generer un rapport :s et voila le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30, on 2008-07-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ieup\inetsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ieup] C:\Program Files\ieup\inetsvr.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSn Client Cfg] msnclicfg.exe
O4 - HKLM\..\Run: [{fd8759bc-a5b9-62b9-8ac4-9bdb39a7460e}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{3495c42b-5d0c-8377-27fc-81869128972c}.dll" DllStart
O4 - HKLM\..\Run: [6450e499] rundll32.exe "C:\WINDOWS\system32\wrpfoome.dll",b
O4 - HKLM\..\Run: [BM6763d705] Rundll32.exe "C:\WINDOWS\system32\pxthyssc.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [UMService] C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DivXYIE7Tool] C:\Documents and Settings\EL KHAOUDI\Application Data\DivX\YIE7Tool\YIE7Tool.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61} - http://scanner.vav-scanner.com/setup/setup.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107 > badraux
15 juil. 2008 à 21:10
salut

demare on mode sans echec et fait un scan complet avec malwarbyte


Salut a Toute La Communautè Par Manque De Curiosité On Risque De Mourir Ignorant
j'ai un peu de connaissance mais je m'estime comme un debutant
0
DIABLO > badraux
10 mars 2009 à 03:01
LOL!!!
0
Réponse 14 / 14
marion62000
23 nov. 2010 à 19:54
je sais pas dsl
-1