Virus detecté au demarrage de IE
Résolu/Fermé
A voir également:
- Virus detecté au demarrage de IE
- Pc lent au démarrage - Guide
- Reinitialiser pc au demarrage - Guide
- Forcer demarrage pc - Guide
- Écran noir au démarrage - Guide
- Programme au démarrage windows 10 - Guide
45 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
22 sept. 2008 à 08:59
22 sept. 2008 à 08:59
Salut,
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
salut,
le rapport de combofix, mais apparement le virus ne revient plus après le lancement de combofix
ComboFix 08-09-20.05 - user 2008-09-22 10:59:35.2 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: F:\Documents and Settings\user\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Program Files\PCHealthCenter\sc.html . . . . impossible à supprimer
.
---- Previous Run -------
.
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
F:\Program Files\PCHealthCenter\[u]0[/u].gif
F:\Program Files\PCHealthCenter\1.gif
F:\Program Files\PCHealthCenter\1.ico
F:\Program Files\PCHealthCenter\2.gif
F:\Program Files\PCHealthCenter\2.ico
F:\Program Files\PCHealthCenter\3.gif
F:\Program Files\PCHealthCenter\5.exe
F:\WINDOWS\system32\byXPhfFy.dll
F:\WINDOWS\system32\cbXNEVmL.dll
F:\WINDOWS\system32\mcrh.tmp
F:\WINDOWS\system32\rqRIbxwX.dll
F:\WINDOWS\system32\XwxbIRqr.ini
F:\WINDOWS\system32\XwxbIRqr.ini2
F:\Program Files\PCHealthCenter\sc.html . . . . impossible à supprimer
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_SysLibrary
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
.
2008-09-22 10:10 . 2008-09-22 10:50 970,082 ---hs---- F:\WINDOWS\system32\qsipvibi.ini
2008-09-22 10:10 . 2008-09-22 10:10 103,552 --a------ F:\WINDOWS\system32\ibivpisq.dll
2008-09-19 14:22 . 2008-09-22 09:05 969,962 ---hs---- F:\WINDOWS\system32\fqjuvatn.ini
2008-09-18 13:44 . 2008-09-18 13:44 <REP> d-------- F:\Documents and Settings\user\Application Data\Radmin Communication Client
2008-09-18 10:02 . 2008-09-19 14:19 969,722 ---hs---- F:\WINDOWS\system32\yjcyrhba.ini
2008-09-18 09:54 . 2008-09-18 09:54 <REP> d-------- F:\Program Files\Runtime Software
2008-09-18 09:47 . 2008-09-18 09:47 <REP> d-------- F:\Program Files\PCHealthCenter
2008-09-16 16:59 . 2008-09-16 16:59 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\Radmin Communication Client
2008-09-16 16:58 . 2008-09-16 16:58 <REP> d-------- F:\Program Files\Radmin Communication Client 3.0
2008-09-16 16:42 . 2008-09-16 16:42 <REP> d-------- F:\Program Files\PCNetSoftware
2008-09-16 15:51 . 2007-10-18 20:48 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll
2008-09-16 15:51 . 2007-10-18 20:47 75,064 --a------ F:\WINDOWS\system32\LMIinit.dll
2008-09-16 15:51 . 2007-09-12 10:20 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-09-16 15:51 . 2007-10-18 20:47 21,496 --a------ F:\WINDOWS\system32\LMIport.dll
2008-09-16 15:50 . 2008-09-16 15:50 <REP> d-------- F:\Program Files\LogMeIn
2008-09-16 15:02 . 2008-09-16 15:02 <REP> d-------- F:\Program Files\UltraVNC
2008-09-11 08:56 . 2008-09-11 08:56 268 --ah----- F:\sqmdata13.sqm
2008-09-11 08:56 . 2008-09-11 08:56 244 --ah----- F:\sqmnoopt13.sqm
2008-09-09 15:31 . 2008-09-09 15:31 <REP> d-------- F:\Program Files\VirginMega
2008-09-09 15:11 . 2008-09-09 15:11 <REP> d-------- F:\Program Files\Windows Media Connect 2
2008-09-09 14:45 . 2008-09-09 14:45 <REP> d-------- F:\WINDOWS\system32\drivers\umdf
2008-09-09 10:34 . 2008-09-09 10:34 <REP> d--h----- F:\WINDOWS\$hf_mig$
2008-09-08 09:26 . 2008-09-08 09:26 <REP> d-------- F:\Program Files\Intelore
2008-09-05 16:08 . 2008-09-05 16:08 <REP> d--hs---- F:\FOUND.000
2008-09-05 16:02 . 2008-09-05 16:02 <REP> d-------- F:\Documents and Settings\user\Application Data\ZIP RAR ACE Password Recovery
2008-09-05 15:43 . 2008-09-05 15:43 <REP> d-------- F:\Program Files\RAR Password Cracker
2008-09-05 15:35 . 2008-09-05 15:35 <REP> d-------- F:\Program Files\Active Data Recovery Software
2008-09-04 15:18 . 2008-09-04 15:18 12 --a------ F:\WINDOWS\system32\usbsys.tmp
2008-09-03 16:50 . 2008-09-03 16:50 <REP> d--hs---- F:\Documents and Settings\Administrator\UserData
2008-09-03 16:46 . 2008-09-03 16:46 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\TopLang
2008-09-02 15:53 . 2008-09-02 15:53 <REP> d-------- F:\Program Files\Desktop Lock
2008-09-02 15:16 . 2008-09-02 15:16 <REP> d-------- F:\Documents and Settings\user\Application Data\TopLang
2008-09-02 14:43 . 2008-09-04 11:08 2,197 --a------ F:\WINDOWS\kmuusb.sys
2008-09-02 14:43 . 2008-09-04 11:08 6 --a------ F:\WINDOWS\kmuudr.sys
2008-09-02 14:42 . 2008-09-02 14:42 <REP> d-------- F:\Documents and Settings\All Users\Application Data\MyUSBOnly
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Program Files\KGB
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Documents and Settings\All Users\Application Data\MPK
2008-09-02 13:45 . 2008-09-02 13:45 480 --a------ F:\WINDOWS\system32\runkgb.lnk
2008-08-27 09:26 . 2008-08-27 09:26 268 --ah----- F:\sqmdata12.sqm
2008-08-27 09:26 . 2008-08-27 09:26 244 --ah----- F:\sqmnoopt12.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 08:02 18,030 ----a-w F:\WINDOWS\system32\drivers\DeskLock.sys
2008-08-20 11:30 --------- d-----w F:\Program Files\PDF2Word v1.6
2008-08-18 12:27 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Babylon
2008-08-08 10:57 --------- d-----w F:\Program Files\EasyPHP1-8
2008-08-08 09:58 --------- d-----w F:\Program Files\IDAutomation.com Code 39 Free Font
2008-08-08 06:47 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-08-05 11:02 --------- d-----w F:\Program Files\[u]0[/u]1-mp3search
2008-08-04 12:00 --------- d-----w F:\Program Files\myBabylon
2008-08-04 12:00 --------- d-----w F:\Program Files\Conduit
2008-08-04 12:00 --------- d-----w F:\Program Files\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\user\Application Data\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\All Users\Application Data\Babylon
2008-07-29 06:42 --------- d-----w F:\Program Files\Opera
2008-07-24 07:49 --------- d-----w F:\Program Files\Trend Micro
2008-07-24 06:40 --------- d-----w F:\Program Files\Navilog1
2008-05-28 11:59 33 ----a-w F:\Documents and Settings\user\Application Data\pwcpsw.dat
2007-12-07 13:51 92,064 ----a-w F:\Documents and Settings\user\mqdmmdm.sys
2007-12-07 13:51 9,232 ----a-w F:\Documents and Settings\user\mqdmmdfl.sys
2007-12-07 13:51 79,328 ----a-w F:\Documents and Settings\user\mqdmserd.sys
2007-12-07 13:51 66,656 ----a-w F:\Documents and Settings\user\mqdmbus.sys
2007-12-07 13:51 6,208 ----a-w F:\Documents and Settings\user\mqdmcmnt.sys
2007-12-07 13:51 5,936 ----a-w F:\Documents and Settings\user\mqdmwhnt.sys
2007-12-07 13:51 4,048 ----a-w F:\Documents and Settings\user\mqdmcr.sys
2007-12-07 13:51 25,600 ----a-w F:\Documents and Settings\user\usbsermptxp.sys
2007-12-07 13:51 22,768 ----a-w F:\Documents and Settings\user\usbsermpt.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "F:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 14:54 1555480 --a------ F:\Program Files\myBabylon\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "F:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "F:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"USB_FW"="F:\Program Files\Net Studio\USB_FW.exe" [2008-05-21 1299968]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"HP SchedIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 1115728]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-06-19 6731312]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"Babylon Client"="F:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"Desktop Lock Loader"="F:\PROGRA~1\DESKTO~1\TLDL.EXE" [2008-05-02 151552]
"LogMeIn GUI"="F:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"091a0f74"="F:\WINDOWS\system32\ibivpisq.dll" [2008-09-22 103552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="F:\Program Files\KGB\Mpk.exe" [2007-10-22 1281536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 9E8C8182988584
"NoViewOnDrive"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-18 20:47 75064 F:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"F:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DeskLock;DeskLock;F:\WINDOWS\system32\drivers\DeskLock.sys [2008-09-22 18030]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
R2 PoliceService;PoliceService;F:\WINDOWS\system32\srksrv.exe [2006-06-03 453120]
S2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 12992]
S3 MiniScanEye;MiniScanEye;F:\WINDOWS\system32\Drivers\minsceye.sys [2005-02-16 14382]
S3 pendfu;PenDfu (pendfu.sys);F:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 32408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aaead9b-6ec0-11dd-a6c8-00e04cb7960a}]
\Shell\Auto\command - lsass.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb002c4-2b22-11dd-83ed-00e04cb7960a}]
\Shell\Auto\command - explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b040-4278-11dd-8439-00e04cb7960a}]
\Shell\Auto\command - I:\explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b041-4278-11dd-8439-00e04cb7960a}]
\Shell\Auto\command - J:\explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fede5216-1b47-11dd-83c9-00e04cb7960a}]
\Shell\Auto\command - I:\lsass.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0366ADA7-0907-43FC-893B-588F3E32FE40} - F:\WINDOWS\system32\rqRIbxwX.dll
BHO-{52A96517-3690-45C7-98A9-1DD379F9D9B5} - F:\WINDOWS\system32\cbXNEVmL.dll
HKCU-Run-RocketDock - F:\Program Files\RocketDock\RocketDock.exe
ShellExecuteHooks-{52A96517-3690-45C7-98A9-1DD379F9D9B5} - F:\WINDOWS\system32\cbXNEVmL.dll
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
O8 -: E&xporter vers Microsoft Excel - F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Translate with &Babylon - F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 -: HKLM\CCS\Interface\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 11:06:05
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: F:\WINDOWS\explorer.exe
-> F:\WINDOWS\system32\ibivpisq.dll
.
------------------------ Autres processus actifs ------------------------
.
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
F:\WINDOWS\system32\INTERNAT.EXE
.
**************************************************************************
.
Heure de fin: 2008-09-22 11:13:40 - La machine a redémarré [user]
ComboFix-quarantined-files.txt 2008-09-22 08:13:30
Avant-CF: 1,149,788,160 octets libres
Après-CF: 1,131,134,976 octets libres
240
Merci et a+
le rapport de combofix, mais apparement le virus ne revient plus après le lancement de combofix
ComboFix 08-09-20.05 - user 2008-09-22 10:59:35.2 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: F:\Documents and Settings\user\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\Program Files\PCHealthCenter\sc.html . . . . impossible à supprimer
.
---- Previous Run -------
.
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
F:\Program Files\PCHealthCenter\[u]0[/u].gif
F:\Program Files\PCHealthCenter\1.gif
F:\Program Files\PCHealthCenter\1.ico
F:\Program Files\PCHealthCenter\2.gif
F:\Program Files\PCHealthCenter\2.ico
F:\Program Files\PCHealthCenter\3.gif
F:\Program Files\PCHealthCenter\5.exe
F:\WINDOWS\system32\byXPhfFy.dll
F:\WINDOWS\system32\cbXNEVmL.dll
F:\WINDOWS\system32\mcrh.tmp
F:\WINDOWS\system32\rqRIbxwX.dll
F:\WINDOWS\system32\XwxbIRqr.ini
F:\WINDOWS\system32\XwxbIRqr.ini2
F:\Program Files\PCHealthCenter\sc.html . . . . impossible à supprimer
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_SysLibrary
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-22 au 2008-09-22 ))))))))))))))))))))))))))))))))))))
.
2008-09-22 10:10 . 2008-09-22 10:50 970,082 ---hs---- F:\WINDOWS\system32\qsipvibi.ini
2008-09-22 10:10 . 2008-09-22 10:10 103,552 --a------ F:\WINDOWS\system32\ibivpisq.dll
2008-09-19 14:22 . 2008-09-22 09:05 969,962 ---hs---- F:\WINDOWS\system32\fqjuvatn.ini
2008-09-18 13:44 . 2008-09-18 13:44 <REP> d-------- F:\Documents and Settings\user\Application Data\Radmin Communication Client
2008-09-18 10:02 . 2008-09-19 14:19 969,722 ---hs---- F:\WINDOWS\system32\yjcyrhba.ini
2008-09-18 09:54 . 2008-09-18 09:54 <REP> d-------- F:\Program Files\Runtime Software
2008-09-18 09:47 . 2008-09-18 09:47 <REP> d-------- F:\Program Files\PCHealthCenter
2008-09-16 16:59 . 2008-09-16 16:59 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\Radmin Communication Client
2008-09-16 16:58 . 2008-09-16 16:58 <REP> d-------- F:\Program Files\Radmin Communication Client 3.0
2008-09-16 16:42 . 2008-09-16 16:42 <REP> d-------- F:\Program Files\PCNetSoftware
2008-09-16 15:51 . 2007-10-18 20:48 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll
2008-09-16 15:51 . 2007-10-18 20:47 75,064 --a------ F:\WINDOWS\system32\LMIinit.dll
2008-09-16 15:51 . 2007-09-12 10:20 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-09-16 15:51 . 2007-10-18 20:47 21,496 --a------ F:\WINDOWS\system32\LMIport.dll
2008-09-16 15:50 . 2008-09-16 15:50 <REP> d-------- F:\Program Files\LogMeIn
2008-09-16 15:02 . 2008-09-16 15:02 <REP> d-------- F:\Program Files\UltraVNC
2008-09-11 08:56 . 2008-09-11 08:56 268 --ah----- F:\sqmdata13.sqm
2008-09-11 08:56 . 2008-09-11 08:56 244 --ah----- F:\sqmnoopt13.sqm
2008-09-09 15:31 . 2008-09-09 15:31 <REP> d-------- F:\Program Files\VirginMega
2008-09-09 15:11 . 2008-09-09 15:11 <REP> d-------- F:\Program Files\Windows Media Connect 2
2008-09-09 14:45 . 2008-09-09 14:45 <REP> d-------- F:\WINDOWS\system32\drivers\umdf
2008-09-09 10:34 . 2008-09-09 10:34 <REP> d--h----- F:\WINDOWS\$hf_mig$
2008-09-08 09:26 . 2008-09-08 09:26 <REP> d-------- F:\Program Files\Intelore
2008-09-05 16:08 . 2008-09-05 16:08 <REP> d--hs---- F:\FOUND.000
2008-09-05 16:02 . 2008-09-05 16:02 <REP> d-------- F:\Documents and Settings\user\Application Data\ZIP RAR ACE Password Recovery
2008-09-05 15:43 . 2008-09-05 15:43 <REP> d-------- F:\Program Files\RAR Password Cracker
2008-09-05 15:35 . 2008-09-05 15:35 <REP> d-------- F:\Program Files\Active Data Recovery Software
2008-09-04 15:18 . 2008-09-04 15:18 12 --a------ F:\WINDOWS\system32\usbsys.tmp
2008-09-03 16:50 . 2008-09-03 16:50 <REP> d--hs---- F:\Documents and Settings\Administrator\UserData
2008-09-03 16:46 . 2008-09-03 16:46 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\TopLang
2008-09-02 15:53 . 2008-09-02 15:53 <REP> d-------- F:\Program Files\Desktop Lock
2008-09-02 15:16 . 2008-09-02 15:16 <REP> d-------- F:\Documents and Settings\user\Application Data\TopLang
2008-09-02 14:43 . 2008-09-04 11:08 2,197 --a------ F:\WINDOWS\kmuusb.sys
2008-09-02 14:43 . 2008-09-04 11:08 6 --a------ F:\WINDOWS\kmuudr.sys
2008-09-02 14:42 . 2008-09-02 14:42 <REP> d-------- F:\Documents and Settings\All Users\Application Data\MyUSBOnly
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Program Files\KGB
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Documents and Settings\All Users\Application Data\MPK
2008-09-02 13:45 . 2008-09-02 13:45 480 --a------ F:\WINDOWS\system32\runkgb.lnk
2008-08-27 09:26 . 2008-08-27 09:26 268 --ah----- F:\sqmdata12.sqm
2008-08-27 09:26 . 2008-08-27 09:26 244 --ah----- F:\sqmnoopt12.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 08:02 18,030 ----a-w F:\WINDOWS\system32\drivers\DeskLock.sys
2008-08-20 11:30 --------- d-----w F:\Program Files\PDF2Word v1.6
2008-08-18 12:27 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Babylon
2008-08-08 10:57 --------- d-----w F:\Program Files\EasyPHP1-8
2008-08-08 09:58 --------- d-----w F:\Program Files\IDAutomation.com Code 39 Free Font
2008-08-08 06:47 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-08-05 11:02 --------- d-----w F:\Program Files\[u]0[/u]1-mp3search
2008-08-04 12:00 --------- d-----w F:\Program Files\myBabylon
2008-08-04 12:00 --------- d-----w F:\Program Files\Conduit
2008-08-04 12:00 --------- d-----w F:\Program Files\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\user\Application Data\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\All Users\Application Data\Babylon
2008-07-29 06:42 --------- d-----w F:\Program Files\Opera
2008-07-24 07:49 --------- d-----w F:\Program Files\Trend Micro
2008-07-24 06:40 --------- d-----w F:\Program Files\Navilog1
2008-05-28 11:59 33 ----a-w F:\Documents and Settings\user\Application Data\pwcpsw.dat
2007-12-07 13:51 92,064 ----a-w F:\Documents and Settings\user\mqdmmdm.sys
2007-12-07 13:51 9,232 ----a-w F:\Documents and Settings\user\mqdmmdfl.sys
2007-12-07 13:51 79,328 ----a-w F:\Documents and Settings\user\mqdmserd.sys
2007-12-07 13:51 66,656 ----a-w F:\Documents and Settings\user\mqdmbus.sys
2007-12-07 13:51 6,208 ----a-w F:\Documents and Settings\user\mqdmcmnt.sys
2007-12-07 13:51 5,936 ----a-w F:\Documents and Settings\user\mqdmwhnt.sys
2007-12-07 13:51 4,048 ----a-w F:\Documents and Settings\user\mqdmcr.sys
2007-12-07 13:51 25,600 ----a-w F:\Documents and Settings\user\usbsermptxp.sys
2007-12-07 13:51 22,768 ----a-w F:\Documents and Settings\user\usbsermpt.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "F:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 14:54 1555480 --a------ F:\Program Files\myBabylon\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "F:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "F:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"USB_FW"="F:\Program Files\Net Studio\USB_FW.exe" [2008-05-21 1299968]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"HP SchedIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 1115728]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-06-19 6731312]
"TkBellExe"="F:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"Babylon Client"="F:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"Desktop Lock Loader"="F:\PROGRA~1\DESKTO~1\TLDL.EXE" [2008-05-02 151552]
"LogMeIn GUI"="F:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"091a0f74"="F:\WINDOWS\system32\ibivpisq.dll" [2008-09-22 103552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="F:\Program Files\KGB\Mpk.exe" [2007-10-22 1281536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 9E8C8182988584
"NoViewOnDrive"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-18 20:47 75064 F:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"F:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DeskLock;DeskLock;F:\WINDOWS\system32\drivers\DeskLock.sys [2008-09-22 18030]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
R2 PoliceService;PoliceService;F:\WINDOWS\system32\srksrv.exe [2006-06-03 453120]
S2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 12992]
S3 MiniScanEye;MiniScanEye;F:\WINDOWS\system32\Drivers\minsceye.sys [2005-02-16 14382]
S3 pendfu;PenDfu (pendfu.sys);F:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 32408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aaead9b-6ec0-11dd-a6c8-00e04cb7960a}]
\Shell\Auto\command - lsass.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb002c4-2b22-11dd-83ed-00e04cb7960a}]
\Shell\Auto\command - explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b040-4278-11dd-8439-00e04cb7960a}]
\Shell\Auto\command - I:\explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b041-4278-11dd-8439-00e04cb7960a}]
\Shell\Auto\command - J:\explorer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fede5216-1b47-11dd-83c9-00e04cb7960a}]
\Shell\Auto\command - I:\lsass.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{0366ADA7-0907-43FC-893B-588F3E32FE40} - F:\WINDOWS\system32\rqRIbxwX.dll
BHO-{52A96517-3690-45C7-98A9-1DD379F9D9B5} - F:\WINDOWS\system32\cbXNEVmL.dll
HKCU-Run-RocketDock - F:\Program Files\RocketDock\RocketDock.exe
ShellExecuteHooks-{52A96517-3690-45C7-98A9-1DD379F9D9B5} - F:\WINDOWS\system32\cbXNEVmL.dll
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
O8 -: E&xporter vers Microsoft Excel - F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Translate with &Babylon - F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 -: HKLM\CCS\Interface\{17821C9B-63E4-43EF-ADF4-FA97CBD4BED5}: NameServer = 62.56.162.33,62.56.240.40
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 11:06:05
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: F:\WINDOWS\explorer.exe
-> F:\WINDOWS\system32\ibivpisq.dll
.
------------------------ Autres processus actifs ------------------------
.
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
F:\WINDOWS\system32\INTERNAT.EXE
.
**************************************************************************
.
Heure de fin: 2008-09-22 11:13:40 - La machine a redémarré [user]
ComboFix-quarantined-files.txt 2008-09-22 08:13:30
Avant-CF: 1,149,788,160 octets libres
Après-CF: 1,131,134,976 octets libres
240
Merci et a+
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
22 sept. 2008 à 13:42
22 sept. 2008 à 13:42
---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
rapport du mbam
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1190
Windows 5.1.2600 Service Pack 3
22/09/2008 15:45:01
mbam-log-2008-09-22 (15-44-50).txt
Type de recherche: Examen rapide
Eléments examinés: 52359
Temps écoulé: 5 minute(s), 13 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
F:\WINDOWS\system32\ibivpisq.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysLibrary (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\091a0f74 (Trojan.Vundo.H) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
F:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
Fichier(s) infecté(s):
F:\WINDOWS\system32\ibivpisq.dll (Trojan.Vundo.H) -> No action taken.
F:\WINDOWS\system32\qsipvibi.ini (Trojan.Vundo.H) -> No action taken.
F:\WINDOWS\system32\CMDOW.EXE (Malware.Tool) -> No action taken.
F:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1190
Windows 5.1.2600 Service Pack 3
22/09/2008 15:45:01
mbam-log-2008-09-22 (15-44-50).txt
Type de recherche: Examen rapide
Eléments examinés: 52359
Temps écoulé: 5 minute(s), 13 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
F:\WINDOWS\system32\ibivpisq.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysLibrary (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\091a0f74 (Trojan.Vundo.H) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
F:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
Fichier(s) infecté(s):
F:\WINDOWS\system32\ibivpisq.dll (Trojan.Vundo.H) -> No action taken.
F:\WINDOWS\system32\qsipvibi.ini (Trojan.Vundo.H) -> No action taken.
F:\WINDOWS\system32\CMDOW.EXE (Malware.Tool) -> No action taken.
F:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
22 sept. 2008 à 23:43
22 sept. 2008 à 23:43
Tu as cliqué sur Supprimer la sélection ?
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
23 sept. 2008 à 12:28
23 sept. 2008 à 12:28
/!\ Seul bona_2 peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
F:\WINDOWS\system32\qsipvibi.ini
F:\WINDOWS\system32\ibivpisq.dll
F:\WINDOWS\system32\fqjuvatn.ini
F:\WINDOWS\system32\yjcyrhba.ini
F:\sqmdata16.sqm
F:\sqmnoopt16.sqm
F:\sqmnoopt15.sqm
F:\sqmdata15.sqm
F:\sqmnoopt14.sqm
F:\sqmdata14.sqm
F:\sqmnoopt13.sqm
F:\sqmdata13.sqm
F:\sqmdata12.sqm
F:\sqmdata11.sqm
F:\sqmnoopt12.sqm
F:\sqmnoopt11.sqm
F:\sqmdata10.sqm
F:\sqmnoopt10.sqm
F:\sqmnoopt09.sqm
F:\sqmnoopt08.sqm
F:\sqmdata09.sqm
F:\sqmdata08.sqm
F:\sqmnoopt07.sqm
F:\sqmdata07.sqm
F:\sqmnoopt06.sqm
F:\sqmdata06.sqm
F:\sqmnoopt05.sqm
F:\sqmdata05.sqm
F:\sqmdata04.sqm
F:\sqmdata03.sqm
F:\sqmdata02.sqm
F:\sqmdata01.sqm
F:\sqmdata00.sqm
F:\sqmnoopt04.sqm
F:\sqmnoopt03.sqm
F:\sqmnoopt02.sqm
F:\sqmnoopt01.sqm
F:\sqmnoopt00.sqm
F:\WINDOWS\system32\srksrv.exe
F:\WINDOWS\system32\drivers\mchInjDrv.sys
F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp
Folder::
F:\Program Files\PCHealthCenter
Registry::
[-HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"091a0f74"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aaead9b-6ec0-11dd-a6c8-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb002c4-2b22-11dd-83ed-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b040-4278-11dd-8439-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b041-4278-11dd-8439-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fede5216-1b47-11dd-83c9-00e04cb7960a}]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
Driver::
PoliceService
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
F:\WINDOWS\system32\qsipvibi.ini
F:\WINDOWS\system32\ibivpisq.dll
F:\WINDOWS\system32\fqjuvatn.ini
F:\WINDOWS\system32\yjcyrhba.ini
F:\sqmdata16.sqm
F:\sqmnoopt16.sqm
F:\sqmnoopt15.sqm
F:\sqmdata15.sqm
F:\sqmnoopt14.sqm
F:\sqmdata14.sqm
F:\sqmnoopt13.sqm
F:\sqmdata13.sqm
F:\sqmdata12.sqm
F:\sqmdata11.sqm
F:\sqmnoopt12.sqm
F:\sqmnoopt11.sqm
F:\sqmdata10.sqm
F:\sqmnoopt10.sqm
F:\sqmnoopt09.sqm
F:\sqmnoopt08.sqm
F:\sqmdata09.sqm
F:\sqmdata08.sqm
F:\sqmnoopt07.sqm
F:\sqmdata07.sqm
F:\sqmnoopt06.sqm
F:\sqmdata06.sqm
F:\sqmnoopt05.sqm
F:\sqmdata05.sqm
F:\sqmdata04.sqm
F:\sqmdata03.sqm
F:\sqmdata02.sqm
F:\sqmdata01.sqm
F:\sqmdata00.sqm
F:\sqmnoopt04.sqm
F:\sqmnoopt03.sqm
F:\sqmnoopt02.sqm
F:\sqmnoopt01.sqm
F:\sqmnoopt00.sqm
F:\WINDOWS\system32\srksrv.exe
F:\WINDOWS\system32\drivers\mchInjDrv.sys
F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp
Folder::
F:\Program Files\PCHealthCenter
Registry::
[-HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"091a0f74"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aaead9b-6ec0-11dd-a6c8-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb002c4-2b22-11dd-83ed-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b040-4278-11dd-8439-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf8b041-4278-11dd-8439-00e04cb7960a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fede5216-1b47-11dd-83c9-00e04cb7960a}]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
Driver::
PoliceService
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
rapport du ccombofix, mais j'ai constaté un ptit pbm, l'icone de Avast sur le barre de tache ne réapparait plus idem pour le VRBD.
+ComboFix 08-09-20.05 - user 2008-09-24 9:07:42.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.76 [GMT 3:00]
Lancé depuis: F:\Documents and Settings\user\Bureau\ComboFix.exe
Commutateurs utilisés :: F:\Documents and Settings\user\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp
F:\sqmdata00.sqm
F:\sqmdata01.sqm
F:\sqmdata02.sqm
F:\sqmdata03.sqm
F:\sqmdata04.sqm
F:\sqmdata05.sqm
F:\sqmdata06.sqm
F:\sqmdata07.sqm
F:\sqmdata08.sqm
F:\sqmdata09.sqm
F:\sqmdata10.sqm
F:\sqmdata11.sqm
F:\sqmdata12.sqm
F:\sqmdata13.sqm
F:\sqmdata14.sqm
F:\sqmdata15.sqm
F:\sqmdata16.sqm
F:\sqmnoopt00.sqm
F:\sqmnoopt01.sqm
F:\sqmnoopt02.sqm
F:\sqmnoopt03.sqm
F:\sqmnoopt04.sqm
F:\sqmnoopt05.sqm
F:\sqmnoopt06.sqm
F:\sqmnoopt07.sqm
F:\sqmnoopt08.sqm
F:\sqmnoopt09.sqm
F:\sqmnoopt10.sqm
F:\sqmnoopt11.sqm
F:\sqmnoopt12.sqm
F:\sqmnoopt13.sqm
F:\sqmnoopt14.sqm
F:\sqmnoopt15.sqm
F:\sqmnoopt16.sqm
F:\WINDOWS\system32\drivers\mchInjDrv.sys
F:\WINDOWS\system32\fqjuvatn.ini
F:\WINDOWS\system32\ibivpisq.dll
F:\WINDOWS\system32\qsipvibi.ini
F:\WINDOWS\system32\srksrv.exe
F:\WINDOWS\system32\yjcyrhba.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\sqmdata00.sqm
F:\sqmdata01.sqm
F:\sqmdata02.sqm
F:\sqmdata03.sqm
F:\sqmdata04.sqm
F:\sqmdata05.sqm
F:\sqmdata06.sqm
F:\sqmdata07.sqm
F:\sqmdata08.sqm
F:\sqmdata09.sqm
F:\sqmdata10.sqm
F:\sqmdata11.sqm
F:\sqmdata12.sqm
F:\sqmdata13.sqm
F:\sqmnoopt00.sqm
F:\sqmnoopt01.sqm
F:\sqmnoopt02.sqm
F:\sqmnoopt03.sqm
F:\sqmnoopt04.sqm
F:\sqmnoopt05.sqm
F:\sqmnoopt06.sqm
F:\sqmnoopt07.sqm
F:\sqmnoopt08.sqm
F:\sqmnoopt09.sqm
F:\sqmnoopt10.sqm
F:\sqmnoopt11.sqm
F:\sqmnoopt12.sqm
F:\sqmnoopt13.sqm
F:\WINDOWS\system32\fqjuvatn.ini
F:\WINDOWS\system32\srksrv.exe
F:\WINDOWS\system32\yjcyrhba.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_POLICESERVICE
-------\Service_PoliceService
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.
2008-09-22 15:36 . 2008-09-22 15:36 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 15:36 . 2008-09-22 15:36 <REP> d-------- F:\Documents and Settings\user\Application Data\Malwarebytes
2008-09-22 15:36 . 2008-09-22 15:36 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 15:36 . 2008-09-10 00:04 38,528 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 15:36 . 2008-09-10 00:03 17,200 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 15:15 . 2008-09-22 15:15 <REP> d--hs---- F:\FOUND.001
2008-09-18 13:44 . 2008-09-18 13:44 <REP> d-------- F:\Documents and Settings\user\Application Data\Radmin Communication Client
2008-09-18 09:54 . 2008-09-18 09:54 <REP> d-------- F:\Program Files\Runtime Software
2008-09-16 16:59 . 2008-09-16 16:59 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\Radmin Communication Client
2008-09-16 16:58 . 2008-09-16 16:58 <REP> d-------- F:\Program Files\Radmin Communication Client 3.0
2008-09-16 16:42 . 2008-09-16 16:42 <REP> d-------- F:\Program Files\PCNetSoftware
2008-09-16 15:51 . 2007-10-18 20:48 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll
2008-09-16 15:51 . 2007-10-18 20:47 75,064 --a------ F:\WINDOWS\system32\LMIinit.dll
2008-09-16 15:51 . 2007-09-12 10:20 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-09-16 15:51 . 2007-10-18 20:47 21,496 --a------ F:\WINDOWS\system32\LMIport.dll
2008-09-16 15:50 . 2008-09-16 15:50 <REP> d-------- F:\Program Files\LogMeIn
2008-09-16 15:02 . 2008-09-16 15:02 <REP> d-------- F:\Program Files\UltraVNC
2008-09-09 15:31 . 2008-09-09 15:31 <REP> d-------- F:\Program Files\VirginMega
2008-09-09 15:11 . 2008-09-09 15:11 <REP> d-------- F:\Program Files\Windows Media Connect 2
2008-09-09 14:45 . 2008-09-09 14:45 <REP> d-------- F:\WINDOWS\system32\drivers\umdf
2008-09-09 10:34 . 2008-09-09 10:34 <REP> d--h----- F:\WINDOWS\$hf_mig$
2008-09-08 09:26 . 2008-09-08 09:26 <REP> d-------- F:\Program Files\Intelore
2008-09-05 16:08 . 2008-09-05 16:08 <REP> d--hs---- F:\FOUND.000
2008-09-05 16:02 . 2008-09-05 16:02 <REP> d-------- F:\Documents and Settings\user\Application Data\ZIP RAR ACE Password Recovery
2008-09-05 15:43 . 2008-09-05 15:43 <REP> d-------- F:\Program Files\RAR Password Cracker
2008-09-05 15:35 . 2008-09-05 15:35 <REP> d-------- F:\Program Files\Active Data Recovery Software
2008-09-04 15:18 . 2008-09-04 15:18 12 --a------ F:\WINDOWS\system32\usbsys.tmp
2008-09-03 16:50 . 2008-09-03 16:50 <REP> d--hs---- F:\Documents and Settings\Administrator\UserData
2008-09-03 16:46 . 2008-09-03 16:46 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\TopLang
2008-09-02 15:53 . 2008-09-02 15:53 <REP> d-------- F:\Program Files\Desktop Lock
2008-09-02 15:16 . 2008-09-02 15:16 <REP> d-------- F:\Documents and Settings\user\Application Data\TopLang
2008-09-02 14:43 . 2008-09-04 11:08 2,197 --a------ F:\WINDOWS\kmuusb.sys
2008-09-02 14:43 . 2008-09-04 11:08 6 --a------ F:\WINDOWS\kmuudr.sys
2008-09-02 14:42 . 2008-09-02 14:42 <REP> d-------- F:\Documents and Settings\All Users\Application Data\MyUSBOnly
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Program Files\KGB
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Documents and Settings\All Users\Application Data\MPK
2008-09-02 13:45 . 2008-09-02 13:45 480 --a------ F:\WINDOWS\system32\runkgb.lnk
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 06:11 18,030 ----a-w F:\WINDOWS\system32\drivers\DeskLock.sys
2008-08-20 11:30 --------- d-----w F:\Program Files\PDF2Word v1.6
2008-08-18 12:27 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Babylon
2008-08-08 10:57 --------- d-----w F:\Program Files\EasyPHP1-8
2008-08-08 09:58 --------- d-----w F:\Program Files\IDAutomation.com Code 39 Free Font
2008-08-08 06:47 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-08-05 11:02 --------- d-----w F:\Program Files\[u]0[/u]1-mp3search
2008-08-04 12:00 --------- d-----w F:\Program Files\myBabylon
2008-08-04 12:00 --------- d-----w F:\Program Files\Conduit
2008-08-04 12:00 --------- d-----w F:\Program Files\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\user\Application Data\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\All Users\Application Data\Babylon
2008-07-29 06:42 --------- d-----w F:\Program Files\Opera
2008-07-24 07:49 --------- d-----w F:\Program Files\Trend Micro
2008-07-24 06:40 --------- d-----w F:\Program Files\Navilog1
2008-05-28 11:59 33 ----a-w F:\Documents and Settings\user\Application Data\pwcpsw.dat
2007-12-07 13:51 92,064 ----a-w F:\Documents and Settings\user\mqdmmdm.sys
2007-12-07 13:51 9,232 ----a-w F:\Documents and Settings\user\mqdmmdfl.sys
2007-12-07 13:51 79,328 ----a-w F:\Documents and Settings\user\mqdmserd.sys
2007-12-07 13:51 66,656 ----a-w F:\Documents and Settings\user\mqdmbus.sys
2007-12-07 13:51 6,208 ----a-w F:\Documents and Settings\user\mqdmcmnt.sys
2007-12-07 13:51 5,936 ----a-w F:\Documents and Settings\user\mqdmwhnt.sys
2007-12-07 13:51 4,048 ----a-w F:\Documents and Settings\user\mqdmcr.sys
2007-12-07 13:51 25,600 ----a-w F:\Documents and Settings\user\usbsermptxp.sys
2007-12-07 13:51 22,768 ----a-w F:\Documents and Settings\user\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-22_11.12.42.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-13 15:39:00 123,904 ------w F:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 15:35:46 346,624 ------w F:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 15:35:38 214,528 ------w F:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 15:54:10 131,584 ------w F:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 15:36:26 61,952 ------w F:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-13 15:39:06 54,784 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 15:39:26 152,064 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 15:39:54 229,376 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 14:56:54 161,792 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 13:10:12 2,451,312 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 09:27:48 383,488 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-13 15:39:50 382,976 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 15:54:10 6,049,280 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-13 15:39:10 43,008 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 15:34:04 266,752 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-13 15:39:10 13,312 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-13 15:43:56 622,080 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 15:54:10 27,136 ------w F:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 15:54:10 458,752 ------w F:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-13 15:54:10 50,688 ------w F:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-13 15:54:12 3,578,368 ------w F:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-13 15:54:10 475,648 ------w F:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 15:44:26 192,000 ------w F:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 15:54:10 670,720 ------w F:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 15:44:06 101,376 ------w F:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 15:36:12 44,544 ------w F:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 ------w F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 ------w F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-13 15:44:30 105,984 ------w F:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 15:54:10 1,162,240 ------w F:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 15:54:10 231,424 ------w F:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 15:54:10 818,688 ------w F:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2007-08-13 15:39:00 123,904 ----a-w F:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:40 124,928 ----a-w F:\WINDOWS\system32\advpack.dll
+ 2008-09-22 10:06:08 262,144 ----a-w F:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2007-08-13 15:39:00 123,904 ------w F:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:40 124,928 ------w F:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 15:35:46 346,624 ------w F:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:40 347,136 ------w F:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 15:35:38 214,528 ------w F:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:40 214,528 ------w F:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 15:54:10 131,584 ------w F:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:40 133,120 ------w F:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:40 63,488 ------w F:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-13 15:39:06 54,784 ------w F:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ------w F:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 15:39:26 152,064 ------w F:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:40 153,088 ------w F:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 15:39:54 229,376 ------w F:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:40 230,400 ------w F:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 14:56:54 161,792 ------w F:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:52 161,792 ------w F:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ------w F:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-04-23 04:16:40 383,488 ------w F:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-13 15:39:50 382,976 ------w F:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:40 384,512 ------w F:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:40 6,066,176 ------w F:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-13 15:39:10 43,008 ------w F:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:40 44,544 ------w F:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:40 267,776 ------w F:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-22 07:39:58 13,824 ------w F:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-13 15:43:56 622,080 ------w F:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:41:30 625,664 ------w F:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 15:54:10 27,136 ------w F:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:40 27,648 ------w F:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:40 459,264 ------w F:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:40 52,224 ------w F:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 15:54:12 3,578,368 ------w F:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 06:46:42 3,591,680 ------w F:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 15:54:10 475,648 ------w F:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:40 478,208 ------w F:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 15:44:26 192,000 ------w F:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:40 193,024 ------w F:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-13 15:54:10 670,720 ------w F:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:40 671,232 ------w F:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 15:44:06 101,376 ------w F:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:40 102,912 ------w F:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 15:36:12 44,544 ------w F:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:40 44,544 ------w F:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 15:44:30 105,984 ------w F:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:40 105,984 ------w F:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 15:54:10 1,162,240 ------w F:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:40 1,159,680 ------w F:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 15:54:10 231,424 ------w F:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:40 233,472 ------w F:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 15:54:10 818,688 ------w F:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:40 826,368 ------w F:\WINDOWS\system32\dllcache\wininet.dll
- 2008-01-17 16:34:02 93,264 ----a-w F:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 17:34:02 93,264 ----a-w F:\WINDOWS\system32\drivers\aswmon.sys
- 2007-08-13 15:35:46 346,624 ----a-w F:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:40 347,136 ----a-w F:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 15:35:38 214,528 ----a-w F:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:40 214,528 ----a-w F:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 15:54:10 131,584 ----a-w F:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:40 133,120 ----a-w F:\WINDOWS\system32\extmgr.dll
- 2007-08-13 15:36:26 61,952 ------w F:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:40 63,488 ----a-w F:\WINDOWS\system32\icardie.dll
- 2007-08-13 15:39:06 54,784 ----a-w F:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ----a-w F:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 15:39:26 152,064 ----a-w F:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:40 153,088 ----a-w F:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 15:39:54 229,376 ----a-w F:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:40 230,400 ----a-w F:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 14:56:54 161,792 ----a-w F:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:52 161,792 ----a-w F:\WINDOWS\system32\ieakui.dll
- 2007-02-12 13:10:12 2,451,312 ------w F:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w F:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 09:27:48 383,488 ------w F:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:40 383,488 ----a-w F:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 15:39:50 382,976 ----a-w F:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:40 384,512 ----a-w F:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 15:54:10 6,049,280 ------w F:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:40 6,066,176 ----a-w F:\WINDOWS\system32\ieframe.dll
- 2007-08-13 15:39:10 43,008 ----a-w F:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:40 44,544 ----a-w F:\WINDOWS\system32\iernonce.dll
- 2007-08-13 15:34:04 266,752 ------w F:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:40 267,776 ----a-w F:\WINDOWS\system32\iertutil.dll
- 2007-08-13 15:39:10 13,312 ----a-w F:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w F:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 15:54:10 27,136 ----a-w F:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:40 27,648 ----a-w F:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 15:54:10 458,752 ------w F:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:40 459,264 ----a-w F:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 15:54:10 50,688 ------w F:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:40 52,224 ----a-w F:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 15:54:12 3,578,368 ----a-w F:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 06:46:42 3,591,680 ----a-w F:\WINDOWS\system32\mshtml.dll
- 2007-08-13 15:54:10 475,648 ----a-w F:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:40 478,208 ----a-w F:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 15:44:26 192,000 ----a-w F:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:40 193,024 ----a-w F:\WINDOWS\system32\msrating.dll
- 2007-08-13 15:54:10 670,720 ----a-w F:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:40 671,232 ----a-w F:\WINDOWS\system32\mstime.dll
- 2007-08-13 15:44:06 101,376 ----a-w F:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:40 102,912 ----a-w F:\WINDOWS\system32\occache.dll
- 2007-08-13 15:36:12 44,544 ----a-w F:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:40 44,544 ----a-w F:\WINDOWS\system32\pngfilt.dll
+ 2007-03-06 01:34:34 15,072 ------w F:\WINDOWS\system32\spmsg.dll
- 2007-08-13 15:44:30 105,984 ----a-w F:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:40 105,984 ----a-w F:\WINDOWS\system32\url.dll
- 2007-08-13 15:54:10 1,162,240 ----a-w F:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:40 1,159,680 ----a-w F:\WINDOWS\system32\urlmon.dll
- 2007-08-13 15:54:10 231,424 ----a-w F:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:40 233,472 ----a-w F:\WINDOWS\system32\webcheck.dll
- 2007-08-13 15:54:10 818,688 ----a-w F:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:40 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
+ 2008-09-24 06:11:56 16,384 ----a-w F:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"USB_FW"="F:\Program Files\Net Studio\USB_FW.exe" [2008-05-21 1299968]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"HP SchedIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 1115728]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-06-19 6731312]
"Babylon Client"="F:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"Desktop Lock Loader"="F:\PROGRA~1\DESKTO~1\TLDL.EXE" [2008-05-02 151552]
"LogMeIn GUI"="F:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="F:\Program Files\KGB\Mpk.exe" [2007-10-22 1281536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 9E8C8182988584
"NoViewOnDrive"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-18 20:47 75064 F:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"F:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DeskLock;DeskLock;F:\WINDOWS\system32\drivers\DeskLock.sys [2008-09-24 18030]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
S3 MiniScanEye;MiniScanEye;F:\WINDOWS\system32\Drivers\minsceye.sys [2005-02-16 14382]
S3 pendfu;PenDfu (pendfu.sys);F:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 32408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
BHO-{34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
Toolbar-{34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
WebBrowser-{34EA1C70-42CC-42C5-AA29-EC58B95A343E} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 09:13:50
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: F:\WINDOWS\explorer.exe
-> F:\Program Files\KGB\MPK.dll
.
------------------------ Autres processus actifs ------------------------
.
F:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
F:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\system32\INTERNAT.EXE
.
**************************************************************************
.
Heure de fin: 2008-09-24 9:24:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-24 06:24:22
ComboFix2.txt 2008-09-22 08:13:44
Avant-CF: 991ÿ256ÿ576 octets libres
Après-CF: 1,019,445,248 octets libres
417
+ComboFix 08-09-20.05 - user 2008-09-24 9:07:42.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.76 [GMT 3:00]
Lancé depuis: F:\Documents and Settings\user\Bureau\ComboFix.exe
Commutateurs utilisés :: F:\Documents and Settings\user\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp
F:\sqmdata00.sqm
F:\sqmdata01.sqm
F:\sqmdata02.sqm
F:\sqmdata03.sqm
F:\sqmdata04.sqm
F:\sqmdata05.sqm
F:\sqmdata06.sqm
F:\sqmdata07.sqm
F:\sqmdata08.sqm
F:\sqmdata09.sqm
F:\sqmdata10.sqm
F:\sqmdata11.sqm
F:\sqmdata12.sqm
F:\sqmdata13.sqm
F:\sqmdata14.sqm
F:\sqmdata15.sqm
F:\sqmdata16.sqm
F:\sqmnoopt00.sqm
F:\sqmnoopt01.sqm
F:\sqmnoopt02.sqm
F:\sqmnoopt03.sqm
F:\sqmnoopt04.sqm
F:\sqmnoopt05.sqm
F:\sqmnoopt06.sqm
F:\sqmnoopt07.sqm
F:\sqmnoopt08.sqm
F:\sqmnoopt09.sqm
F:\sqmnoopt10.sqm
F:\sqmnoopt11.sqm
F:\sqmnoopt12.sqm
F:\sqmnoopt13.sqm
F:\sqmnoopt14.sqm
F:\sqmnoopt15.sqm
F:\sqmnoopt16.sqm
F:\WINDOWS\system32\drivers\mchInjDrv.sys
F:\WINDOWS\system32\fqjuvatn.ini
F:\WINDOWS\system32\ibivpisq.dll
F:\WINDOWS\system32\qsipvibi.ini
F:\WINDOWS\system32\srksrv.exe
F:\WINDOWS\system32\yjcyrhba.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
F:\sqmdata00.sqm
F:\sqmdata01.sqm
F:\sqmdata02.sqm
F:\sqmdata03.sqm
F:\sqmdata04.sqm
F:\sqmdata05.sqm
F:\sqmdata06.sqm
F:\sqmdata07.sqm
F:\sqmdata08.sqm
F:\sqmdata09.sqm
F:\sqmdata10.sqm
F:\sqmdata11.sqm
F:\sqmdata12.sqm
F:\sqmdata13.sqm
F:\sqmnoopt00.sqm
F:\sqmnoopt01.sqm
F:\sqmnoopt02.sqm
F:\sqmnoopt03.sqm
F:\sqmnoopt04.sqm
F:\sqmnoopt05.sqm
F:\sqmnoopt06.sqm
F:\sqmnoopt07.sqm
F:\sqmnoopt08.sqm
F:\sqmnoopt09.sqm
F:\sqmnoopt10.sqm
F:\sqmnoopt11.sqm
F:\sqmnoopt12.sqm
F:\sqmnoopt13.sqm
F:\WINDOWS\system32\fqjuvatn.ini
F:\WINDOWS\system32\srksrv.exe
F:\WINDOWS\system32\yjcyrhba.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_POLICESERVICE
-------\Service_PoliceService
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 ))))))))))))))))))))))))))))))))))))
.
2008-09-22 15:36 . 2008-09-22 15:36 <REP> d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 15:36 . 2008-09-22 15:36 <REP> d-------- F:\Documents and Settings\user\Application Data\Malwarebytes
2008-09-22 15:36 . 2008-09-22 15:36 <REP> d-------- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-22 15:36 . 2008-09-10 00:04 38,528 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-22 15:36 . 2008-09-10 00:03 17,200 --a------ F:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 15:15 . 2008-09-22 15:15 <REP> d--hs---- F:\FOUND.001
2008-09-18 13:44 . 2008-09-18 13:44 <REP> d-------- F:\Documents and Settings\user\Application Data\Radmin Communication Client
2008-09-18 09:54 . 2008-09-18 09:54 <REP> d-------- F:\Program Files\Runtime Software
2008-09-16 16:59 . 2008-09-16 16:59 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\Radmin Communication Client
2008-09-16 16:58 . 2008-09-16 16:58 <REP> d-------- F:\Program Files\Radmin Communication Client 3.0
2008-09-16 16:42 . 2008-09-16 16:42 <REP> d-------- F:\Program Files\PCNetSoftware
2008-09-16 15:51 . 2007-10-18 20:48 83,288 --a------ F:\WINDOWS\system32\LMIRfsClientNP.dll
2008-09-16 15:51 . 2007-10-18 20:47 75,064 --a------ F:\WINDOWS\system32\LMIinit.dll
2008-09-16 15:51 . 2007-09-12 10:20 46,112 --a------ F:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-09-16 15:51 . 2007-10-18 20:47 21,496 --a------ F:\WINDOWS\system32\LMIport.dll
2008-09-16 15:50 . 2008-09-16 15:50 <REP> d-------- F:\Program Files\LogMeIn
2008-09-16 15:02 . 2008-09-16 15:02 <REP> d-------- F:\Program Files\UltraVNC
2008-09-09 15:31 . 2008-09-09 15:31 <REP> d-------- F:\Program Files\VirginMega
2008-09-09 15:11 . 2008-09-09 15:11 <REP> d-------- F:\Program Files\Windows Media Connect 2
2008-09-09 14:45 . 2008-09-09 14:45 <REP> d-------- F:\WINDOWS\system32\drivers\umdf
2008-09-09 10:34 . 2008-09-09 10:34 <REP> d--h----- F:\WINDOWS\$hf_mig$
2008-09-08 09:26 . 2008-09-08 09:26 <REP> d-------- F:\Program Files\Intelore
2008-09-05 16:08 . 2008-09-05 16:08 <REP> d--hs---- F:\FOUND.000
2008-09-05 16:02 . 2008-09-05 16:02 <REP> d-------- F:\Documents and Settings\user\Application Data\ZIP RAR ACE Password Recovery
2008-09-05 15:43 . 2008-09-05 15:43 <REP> d-------- F:\Program Files\RAR Password Cracker
2008-09-05 15:35 . 2008-09-05 15:35 <REP> d-------- F:\Program Files\Active Data Recovery Software
2008-09-04 15:18 . 2008-09-04 15:18 12 --a------ F:\WINDOWS\system32\usbsys.tmp
2008-09-03 16:50 . 2008-09-03 16:50 <REP> d--hs---- F:\Documents and Settings\Administrator\UserData
2008-09-03 16:46 . 2008-09-03 16:46 <REP> d-------- F:\Documents and Settings\Administrator\Application Data\TopLang
2008-09-02 15:53 . 2008-09-02 15:53 <REP> d-------- F:\Program Files\Desktop Lock
2008-09-02 15:16 . 2008-09-02 15:16 <REP> d-------- F:\Documents and Settings\user\Application Data\TopLang
2008-09-02 14:43 . 2008-09-04 11:08 2,197 --a------ F:\WINDOWS\kmuusb.sys
2008-09-02 14:43 . 2008-09-04 11:08 6 --a------ F:\WINDOWS\kmuudr.sys
2008-09-02 14:42 . 2008-09-02 14:42 <REP> d-------- F:\Documents and Settings\All Users\Application Data\MyUSBOnly
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Program Files\KGB
2008-09-02 13:45 . 2008-09-02 13:45 <REP> d--hs---- F:\Documents and Settings\All Users\Application Data\MPK
2008-09-02 13:45 . 2008-09-02 13:45 480 --a------ F:\WINDOWS\system32\runkgb.lnk
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-24 06:11 18,030 ----a-w F:\WINDOWS\system32\drivers\DeskLock.sys
2008-08-20 11:30 --------- d-----w F:\Program Files\PDF2Word v1.6
2008-08-18 12:27 --------- d-----w F:\Documents and Settings\Administrator\Application Data\Babylon
2008-08-08 10:57 --------- d-----w F:\Program Files\EasyPHP1-8
2008-08-08 09:58 --------- d-----w F:\Program Files\IDAutomation.com Code 39 Free Font
2008-08-08 06:47 --------- d-----w F:\Program Files\Microsoft Silverlight
2008-08-05 11:02 --------- d-----w F:\Program Files\[u]0[/u]1-mp3search
2008-08-04 12:00 --------- d-----w F:\Program Files\myBabylon
2008-08-04 12:00 --------- d-----w F:\Program Files\Conduit
2008-08-04 12:00 --------- d-----w F:\Program Files\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\user\Application Data\Babylon
2008-08-04 11:45 --------- d-----w F:\Documents and Settings\All Users\Application Data\Babylon
2008-07-29 06:42 --------- d-----w F:\Program Files\Opera
2008-07-24 07:49 --------- d-----w F:\Program Files\Trend Micro
2008-07-24 06:40 --------- d-----w F:\Program Files\Navilog1
2008-05-28 11:59 33 ----a-w F:\Documents and Settings\user\Application Data\pwcpsw.dat
2007-12-07 13:51 92,064 ----a-w F:\Documents and Settings\user\mqdmmdm.sys
2007-12-07 13:51 9,232 ----a-w F:\Documents and Settings\user\mqdmmdfl.sys
2007-12-07 13:51 79,328 ----a-w F:\Documents and Settings\user\mqdmserd.sys
2007-12-07 13:51 66,656 ----a-w F:\Documents and Settings\user\mqdmbus.sys
2007-12-07 13:51 6,208 ----a-w F:\Documents and Settings\user\mqdmcmnt.sys
2007-12-07 13:51 5,936 ----a-w F:\Documents and Settings\user\mqdmwhnt.sys
2007-12-07 13:51 4,048 ----a-w F:\Documents and Settings\user\mqdmcr.sys
2007-12-07 13:51 25,600 ----a-w F:\Documents and Settings\user\usbsermptxp.sys
2007-12-07 13:51 22,768 ----a-w F:\Documents and Settings\user\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-22_11.12.42.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-13 15:39:00 123,904 ------w F:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 15:35:46 346,624 ------w F:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 15:35:38 214,528 ------w F:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 15:54:10 131,584 ------w F:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 15:36:26 61,952 ------w F:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-13 15:39:06 54,784 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 15:39:26 152,064 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 15:39:54 229,376 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 14:56:54 161,792 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 13:10:12 2,451,312 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 09:27:48 383,488 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-13 15:39:50 382,976 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 15:54:10 6,049,280 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-13 15:39:10 43,008 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 15:34:04 266,752 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-13 15:39:10 13,312 ------w F:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-13 15:43:56 622,080 ------w F:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 15:54:10 27,136 ------w F:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 15:54:10 458,752 ------w F:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-13 15:54:10 50,688 ------w F:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-13 15:54:12 3,578,368 ------w F:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-13 15:54:10 475,648 ------w F:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 15:44:26 192,000 ------w F:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 15:54:10 670,720 ------w F:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 15:44:06 101,376 ------w F:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 15:36:12 44,544 ------w F:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 ------w F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 ------w F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-13 15:44:30 105,984 ------w F:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 15:54:10 1,162,240 ------w F:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 15:54:10 231,424 ------w F:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 15:54:10 818,688 ------w F:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2007-08-13 15:39:00 123,904 ----a-w F:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:40 124,928 ----a-w F:\WINDOWS\system32\advpack.dll
+ 2008-09-22 10:06:08 262,144 ----a-w F:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2007-08-13 15:39:00 123,904 ------w F:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:40 124,928 ------w F:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-13 15:35:46 346,624 ------w F:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:40 347,136 ------w F:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 15:35:38 214,528 ------w F:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:40 214,528 ------w F:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 15:54:10 131,584 ------w F:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:40 133,120 ------w F:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:40 63,488 ------w F:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-13 15:39:06 54,784 ------w F:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ------w F:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 15:39:26 152,064 ------w F:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:40 153,088 ------w F:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 15:39:54 229,376 ------w F:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:40 230,400 ------w F:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 14:56:54 161,792 ------w F:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:52 161,792 ------w F:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ------w F:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-04-23 04:16:40 383,488 ------w F:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-13 15:39:50 382,976 ------w F:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:40 384,512 ------w F:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:40 6,066,176 ------w F:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-13 15:39:10 43,008 ------w F:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:40 44,544 ------w F:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:40 267,776 ------w F:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-22 07:39:58 13,824 ------w F:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-13 15:43:56 622,080 ------w F:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:41:30 625,664 ------w F:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 15:54:10 27,136 ------w F:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:40 27,648 ------w F:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:40 459,264 ------w F:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:40 52,224 ------w F:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-13 15:54:12 3,578,368 ------w F:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 06:46:42 3,591,680 ------w F:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 15:54:10 475,648 ------w F:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:40 478,208 ------w F:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-13 15:44:26 192,000 ------w F:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:40 193,024 ------w F:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-13 15:54:10 670,720 ------w F:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:40 671,232 ------w F:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-13 15:44:06 101,376 ------w F:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:40 102,912 ------w F:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-13 15:36:12 44,544 ------w F:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:40 44,544 ------w F:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-13 15:44:30 105,984 ------w F:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:40 105,984 ------w F:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 15:54:10 1,162,240 ------w F:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:40 1,159,680 ------w F:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-13 15:54:10 231,424 ------w F:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:40 233,472 ------w F:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 15:54:10 818,688 ------w F:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:40 826,368 ------w F:\WINDOWS\system32\dllcache\wininet.dll
- 2008-01-17 16:34:02 93,264 ----a-w F:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 17:34:02 93,264 ----a-w F:\WINDOWS\system32\drivers\aswmon.sys
- 2007-08-13 15:35:46 346,624 ----a-w F:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:40 347,136 ----a-w F:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 15:35:38 214,528 ----a-w F:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:40 214,528 ----a-w F:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 15:54:10 131,584 ----a-w F:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:40 133,120 ----a-w F:\WINDOWS\system32\extmgr.dll
- 2007-08-13 15:36:26 61,952 ------w F:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:40 63,488 ----a-w F:\WINDOWS\system32\icardie.dll
- 2007-08-13 15:39:06 54,784 ----a-w F:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:41:08 70,656 ----a-w F:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 15:39:26 152,064 ----a-w F:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:40 153,088 ----a-w F:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 15:39:54 229,376 ----a-w F:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:40 230,400 ----a-w F:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 14:56:54 161,792 ----a-w F:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:52 161,792 ----a-w F:\WINDOWS\system32\ieakui.dll
- 2007-02-12 13:10:12 2,451,312 ------w F:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w F:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 09:27:48 383,488 ------w F:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:40 383,488 ----a-w F:\WINDOWS\system32\ieapfltr.dll
- 2007-08-13 15:39:50 382,976 ----a-w F:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:40 384,512 ----a-w F:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 15:54:10 6,049,280 ------w F:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:40 6,066,176 ----a-w F:\WINDOWS\system32\ieframe.dll
- 2007-08-13 15:39:10 43,008 ----a-w F:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:40 44,544 ----a-w F:\WINDOWS\system32\iernonce.dll
- 2007-08-13 15:34:04 266,752 ------w F:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:40 267,776 ----a-w F:\WINDOWS\system32\iertutil.dll
- 2007-08-13 15:39:10 13,312 ----a-w F:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w F:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 15:54:10 27,136 ----a-w F:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:40 27,648 ----a-w F:\WINDOWS\system32\jsproxy.dll
- 2007-08-13 15:54:10 458,752 ------w F:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:40 459,264 ----a-w F:\WINDOWS\system32\msfeeds.dll
- 2007-08-13 15:54:10 50,688 ------w F:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:40 52,224 ----a-w F:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-13 15:54:12 3,578,368 ----a-w F:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 06:46:42 3,591,680 ----a-w F:\WINDOWS\system32\mshtml.dll
- 2007-08-13 15:54:10 475,648 ----a-w F:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:40 478,208 ----a-w F:\WINDOWS\system32\mshtmled.dll
- 2007-08-13 15:44:26 192,000 ----a-w F:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:40 193,024 ----a-w F:\WINDOWS\system32\msrating.dll
- 2007-08-13 15:54:10 670,720 ----a-w F:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:40 671,232 ----a-w F:\WINDOWS\system32\mstime.dll
- 2007-08-13 15:44:06 101,376 ----a-w F:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:40 102,912 ----a-w F:\WINDOWS\system32\occache.dll
- 2007-08-13 15:36:12 44,544 ----a-w F:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:40 44,544 ----a-w F:\WINDOWS\system32\pngfilt.dll
+ 2007-03-06 01:34:34 15,072 ------w F:\WINDOWS\system32\spmsg.dll
- 2007-08-13 15:44:30 105,984 ----a-w F:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:40 105,984 ----a-w F:\WINDOWS\system32\url.dll
- 2007-08-13 15:54:10 1,162,240 ----a-w F:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:40 1,159,680 ----a-w F:\WINDOWS\system32\urlmon.dll
- 2007-08-13 15:54:10 231,424 ----a-w F:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:40 233,472 ----a-w F:\WINDOWS\system32\webcheck.dll
- 2007-08-13 15:54:10 818,688 ----a-w F:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:40 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
+ 2008-09-24 06:11:56 16,384 ----a-w F:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"PcSync"="F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Yahoo! Pager"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"USB_FW"="F:\Program Files\Net Studio\USB_FW.exe" [2008-05-21 1299968]
"SuperCopier2.exe"="F:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"HP SchedIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe" [2001-02-19 86016]
"HP AutoIndexer"="F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe" [2001-02-19 77824]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\CPF.exe" [2008-01-03 1115728]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-06-19 6731312]
"Babylon Client"="F:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"Desktop Lock Loader"="F:\PROGRA~1\DESKTO~1\TLDL.EXE" [2008-05-02 151552]
"LogMeIn GUI"="F:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="F:\Program Files\KGB\Mpk.exe" [2007-10-22 1281536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 9E8C8182988584
"NoViewOnDrive"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-18 20:47 75064 F:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"F:\\Program Files\\Messenger\\msmsgs.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"F:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"F:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
R1 aswSP;avast! Self Protection;F:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 DeskLock;DeskLock;F:\WINDOWS\system32\drivers\DeskLock.sys [2008-09-24 18030]
R2 aswFsBlk;aswFsBlk;F:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;F:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 12992]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;F:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
S3 MiniScanEye;MiniScanEye;F:\WINDOWS\system32\Drivers\minsceye.sys [2005-02-16 14382]
S3 pendfu;PenDfu (pendfu.sys);F:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 32408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
BHO-{34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
Toolbar-{34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
WebBrowser-{34EA1C70-42CC-42C5-AA29-EC58B95A343E} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 09:13:50
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\F:\DOCUME~1\user\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: F:\WINDOWS\explorer.exe
-> F:\Program Files\KGB\MPK.dll
.
------------------------ Autres processus actifs ------------------------
.
F:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
F:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
F:\Program Files\LogMeIn\x86\RaMaint.exe
F:\Program Files\LogMeIn\x86\LogMeIn.exe
F:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
F:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
F:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppdirector.exe
F:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
F:\WINDOWS\system32\INTERNAT.EXE
.
**************************************************************************
.
Heure de fin: 2008-09-24 9:24:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-24 06:24:22
ComboFix2.txt 2008-09-22 08:13:44
Avant-CF: 991ÿ256ÿ576 octets libres
Après-CF: 1,019,445,248 octets libres
417
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
24 sept. 2008 à 12:35
24 sept. 2008 à 12:35
- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer)
- En bas à droite, clique sur Démarrer Online-scanner
- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
- Lis ceci en cas de problème d'installation du Contrôle ActiveX :
http://cybersecurite.xooit.com/t123-Les-controles-ActiveX.htm
- En bas à droite, clique sur Démarrer Online-scanner
- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t'aider à utiliser le scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
- Lis ceci en cas de problème d'installation du Contrôle ActiveX :
http://cybersecurite.xooit.com/t123-Les-controles-ActiveX.htm
slt à tous
Destrio5, est-il possible de faire un autre scan que online kapersky, car j'avais effectuer 2x et mon'ordi rédamarre automatiquement à un bout de temps.
Merci
A+
Destrio5, est-il possible de faire un autre scan que online kapersky, car j'avais effectuer 2x et mon'ordi rédamarre automatiquement à un bout de temps.
Merci
A+
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
25 sept. 2008 à 12:01
25 sept. 2008 à 12:01
Essaie avec Panda :
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
J'ai 2 rapport là, le 2e après un desinfection de panda.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 17:01:23
PROTECTIONS: 1
MALWARE: 70
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080925-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029568 adware/netpals Adware No 0 Yes No hkey_current_user\software\destiny
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\FOUND.035\FILE0000.CHK
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No F:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001849.EXE
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tribalfusion.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casinotropez[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@maxserving[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@belnk[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.revenue.net/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fe.lea.lycos.fr/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fe.lea.lycos[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[4].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[server.iad.liveperson.net/hc/34149639]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@server.iad.liveperson[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@advertising[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@cgi-bin[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adrevolver.com/]
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@stats1.reliablestats[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adultfriendfinder[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@valueclick[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[searchportal.information.com/]
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@winfixer[2].txt
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@media.fastclick[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@www.errorsafe[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ads.addynamix[1].txt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\Andry\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Ryan\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\Meengai\Temp.Htt
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Ryan\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\Andry\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No C:\WINDOWS\Desktop\COM\desktop.ini
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\Meengai\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\DESKTOP.INI
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002023.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002048.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003476.EXE
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003455.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002028.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001965.SYS
02912157 W32/Spamta.gen.worm Virus/Worm No 0 Yes No C:\Program Files\Softinterface, Inc\Convert Image\ConvertImage.exe
03541233 HackTool/Rebooter HackTools No 0 Yes No F:\Program Files\Navilog1\Reboot.exe
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.exe]
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.exe]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.cpl]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.cpl]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03723613 Generic Trojan Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001694.EXE
03725600 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001838.DLL
03738576 Generic Trojan Virus/Trojan No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV1.dat]
03738576 Generic Trojan Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV1.dat]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Local Settings\Application Data\Opera\Opera\PROFILE\CACHE4\opr001RG[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP13\A0003417.EXE[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 Yes No F:\Program Files\Navilog1\CATCHME.EXE
03742989 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001964.DLL
;===================================================================================================================================================================================
SUSPECTS
Sent Location J
;===================================================================================================================================================================================
No F:\Program Files\KGB\MPK.exe J
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
2e rapport après une desinfection.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 17:08:44
PROTECTIONS: 1
MALWARE: 70
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080925-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029568 adware/netpals Adware No 0 Yes No hkey_current_user\software\destiny
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\FOUND.035\FILE0000.CHK
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No F:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001849.EXE
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tribalfusion.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casinotropez[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@maxserving[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@belnk[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.revenue.net/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fe.lea.lycos.fr/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fe.lea.lycos[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[4].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[server.iad.liveperson.net/hc/34149639]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@server.iad.liveperson[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@advertising[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@cgi-bin[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 17:01:23
PROTECTIONS: 1
MALWARE: 70
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080925-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029568 adware/netpals Adware No 0 Yes No hkey_current_user\software\destiny
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\FOUND.035\FILE0000.CHK
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No F:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001849.EXE
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tribalfusion.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casinotropez[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@maxserving[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@belnk[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.revenue.net/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fe.lea.lycos.fr/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fe.lea.lycos[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[4].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[server.iad.liveperson.net/hc/34149639]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@server.iad.liveperson[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@advertising[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@cgi-bin[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adrevolver.com/]
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@stats1.reliablestats[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adultfriendfinder[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@valueclick[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[searchportal.information.com/]
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@winfixer[2].txt
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@media.fastclick[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@www.errorsafe[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ads.addynamix[1].txt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\Andry\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Ryan\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\Meengai\Temp.Htt
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Ryan\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\Andry\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No C:\WINDOWS\Desktop\COM\desktop.ini
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\AINA\Hira_Divers_1\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\Meengai\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes No D:\Archives_Iharo\Photo\DESKTOP.INI
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002023.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002048.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003476.EXE
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003455.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002028.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001965.SYS
02912157 W32/Spamta.gen.worm Virus/Worm No 0 Yes No C:\Program Files\Softinterface, Inc\Convert Image\ConvertImage.exe
03541233 HackTool/Rebooter HackTools No 0 Yes No F:\Program Files\Navilog1\Reboot.exe
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.exe]
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.exe]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.cpl]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.cpl]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03723613 Generic Trojan Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001694.EXE
03725600 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001838.DLL
03738576 Generic Trojan Virus/Trojan No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV1.dat]
03738576 Generic Trojan Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV1.dat]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Local Settings\Application Data\Opera\Opera\PROFILE\CACHE4\opr001RG[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP13\A0003417.EXE[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 Yes No F:\Program Files\Navilog1\CATCHME.EXE
03742989 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001964.DLL
;===================================================================================================================================================================================
SUSPECTS
Sent Location J
;===================================================================================================================================================================================
No F:\Program Files\KGB\MPK.exe J
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
2e rapport après une desinfection.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 17:08:44
PROTECTIONS: 1
MALWARE: 70
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080925-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029568 adware/netpals Adware No 0 Yes No hkey_current_user\software\destiny
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\FOUND.035\FILE0000.CHK
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No F:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001849.EXE
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tribalfusion.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casinotropez[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@maxserving[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@belnk[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.revenue.net/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fe.lea.lycos.fr/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fe.lea.lycos[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[4].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[server.iad.liveperson.net/hc/34149639]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@server.iad.liveperson[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@advertising[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@cgi-bin[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
26 sept. 2008 à 09:38
26 sept. 2008 à 09:38
Le deuxième rapport n'a pas l'air complet.
2e rapport
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 17:08:44
PROTECTIONS: 1
MALWARE: 70
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080925-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029568 adware/netpals Adware No 0 Yes No hkey_current_user\software\destiny
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\FOUND.035\FILE0000.CHK
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No F:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001849.EXE
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tribalfusion.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casinotropez[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@maxserving[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@belnk[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.revenue.net/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fe.lea.lycos.fr/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fe.lea.lycos[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[4].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[server.iad.liveperson.net/hc/34149639]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@server.iad.liveperson[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@advertising[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@cgi-bin[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adrevolver.com/]
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@stats1.reliablestats[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adultfriendfinder[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@valueclick[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[searchportal.information.com/]
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@winfixer[2].txt
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@media.fastclick[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@www.errorsafe[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ads.addynamix[1].txt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\Andry\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Ryan\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\Meengai\Temp.Htt
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Ryan\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\Andry\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes C:\WINDOWS\Desktop\COM\desktop.ini
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\Meengai\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\DESKTOP.INI
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002023.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002048.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003476.EXE
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003455.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002028.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001965.SYS
02912157 W32/Spamta.gen.worm Virus/Worm No 0 Yes Yes C:\Program Files\Softinterface, Inc\Convert Image\ConvertImage.exe
03541233 HackTool/Rebooter HackTools No 0 Yes No F:\Program Files\Navilog1\Reboot.exe
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.exe]
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.exe]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.cpl]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.cpl]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03723613 Generic Trojan Virus/Trojan No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001694.EXE
03725600 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001838.DLL
03738576 Generic Trojan Virus/Trojan No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV1.dat]
03738576 Generic Trojan Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV1.dat]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Local Settings\Application Data\Opera\Opera\PROFILE\CACHE4\opr001RG[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP13\A0003417.EXE[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 Yes No F:\Program Files\Navilog1\CATCHME.EXE
03742989 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001964.DLL
;===================================================================================================================================================================================
SUSPECTS
Sent Location J
;===================================================================================================================================================================================
No F:\Program Files\KGB\MPK.exe J
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 17:08:44
PROTECTIONS: 1
MALWARE: 70
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 080925-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029568 adware/netpals Adware No 0 Yes No hkey_current_user\software\destiny
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No F:\FOUND.035\FILE0000.CHK
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No F:\Program Files\Navilog1\Process.exe
00139535 Application/Processor HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001849.EXE
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.tribalfusion.com/]
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as-eu.falkag[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.mediaplex.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.linksynergy.com/]
00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@casinotropez[2].txt
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@maxserving[2].txt
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@belnk[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@revenue[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.revenue.net/]
00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@dist.belnk[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.xiti.com/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fe.lea.lycos.fr/]
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fe.lea.lycos[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[3].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.toplist.cz/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@toplist[4].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.statcounter.com/]
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[counter.hitslink.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No F:\Documents and Settings\USER\Cookies\user@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bs.serving-sys[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[server.iad.liveperson.net/hc/34149639]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@server.iad.liveperson[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@advertising[2].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[3].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adopt.hbmediapro[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[statse.webtrendslive.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@statse.webtrendslive[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@overture[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@cgi-bin[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.zedo.com/]
00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@metriweb[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.adrevolver.com/]
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@stats1.reliablestats[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@adultfriendfinder[2].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@valueclick[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[searchportal.information.com/]
00217990 Cookie/WinFixer TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@winfixer[2].txt
00234869 Cookie/FastClick TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@media.fastclick[1].txt
00262024 Cookie/ErrorSafe TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@www.errorsafe[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.smartadserver.com/]
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\administrator@ads.addynamix[1].txt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\Andry\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Ryan\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\Temp.Htt
00298030 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\Meengai\Temp.Htt
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Ryan\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\Andry\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes C:\WINDOWS\Desktop\COM\desktop.ini
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\AINA\Hira_Divers_1\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\Meengai\DESKTOP.INI
00298031 W32/Tearec.A.worm!CME-24 Virus/Worm No 1 Yes Yes D:\Archives_Iharo\Photo\DESKTOP.INI
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir
00380718 Adware/RogueAntimalware2008 Adware No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002023.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002048.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003476.EXE
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
01196326 Cookie/GoClick TrackingCookie No 0 Yes No C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\guoxcmyz.default\cookies.txt[.goclick.com/]
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP14\A0003455.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0002028.SYS
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001965.SYS
02912157 W32/Spamta.gen.worm Virus/Worm No 0 Yes Yes C:\Program Files\Softinterface, Inc\Convert Image\ConvertImage.exe
03541233 HackTool/Rebooter HackTools No 0 Yes No F:\Program Files\Navilog1\Reboot.exe
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.exe]
03667161 Application/MicroAntivirus2009 HackTools No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.exe]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV.cpl]
03667320 Adware/RogueAntimalware2008 Adware No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV.cpl]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110145.12.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_110550.40.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.4]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104223,70.zip[sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.1]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.2]
03690171 Adware/SecurityCenter Adware No 0 Yes No F:\QooBox\Quarantine\catchme2008-09-22_104701.65.zip[Documents and Settings/user/Bureau/catchme.zip][sc.html.3]
03723613 Generic Trojan Virus/Trojan No 0 Yes Yes F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001694.EXE
03725600 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP11\A0001838.DLL
03738576 Generic Trojan Virus/Trojan No 0 No No F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir[F:\QooBox\Quarantine\F\Program Files\PCHealthCenter\5.exe.vir][MicroAV1.dat]
03738576 Generic Trojan Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE[F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001953.EXE][MicroAV1.dat]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Bureau\ComboFix.exe[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\Documents and Settings\USER\Local Settings\Application Data\Opera\Opera\PROFILE\CACHE4\opr001RG[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 No No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP13\A0003417.EXE[32788R22FWJFW\catchme.cfexe]
03738686 Generic Malware Virus/Trojan No 0 Yes No F:\Program Files\Navilog1\CATCHME.EXE
03742989 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{3EE65515-0D74-446D-BF89-0112622AD0FE}\RP12\A0001964.DLL
;===================================================================================================================================================================================
SUSPECTS
Sent Location J
;===================================================================================================================================================================================
No F:\Program Files\KGB\MPK.exe J
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
26 sept. 2008 à 09:55
26 sept. 2008 à 09:55
KGB, ça te dit quelque chose ?
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
26 sept. 2008 à 10:02
26 sept. 2008 à 10:02
Mais il sert à quoi ?
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
26 sept. 2008 à 10:11
26 sept. 2008 à 10:11
/!\ Seul bona_2 peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
D:\AINA\Hira_Divers_1\Andry\Temp.Htt
D:\Archives_Iharo\Ryan\Temp.Htt
D:\Archives_Iharo\Temp.Htt
D:\Archives_Iharo\Photo\Temp.Htt
D:\AINA\Hira_Divers_1\Temp.Htt
D:\Archives_Iharo\Photo\Meengai\Temp.Htt
D:\Archives_Iharo\Ryan\DESKTOP.INI
D:\Archives_Iharo\DESKTOP.INI
D:\AINA\Hira_Divers_1\Andry\DESKTOP.INI
C:\WINDOWS\Desktop\COM\desktop.ini
D:\AINA\Hira_Divers_1\DESKTOP.INI
D:\Archives_Iharo\Photo\Meengai\DESKTOP.INI
D:\Archives_Iharo\Photo\DESKTOP.INI
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
D:\AINA\Hira_Divers_1\Andry\Temp.Htt
D:\Archives_Iharo\Ryan\Temp.Htt
D:\Archives_Iharo\Temp.Htt
D:\Archives_Iharo\Photo\Temp.Htt
D:\AINA\Hira_Divers_1\Temp.Htt
D:\Archives_Iharo\Photo\Meengai\Temp.Htt
D:\Archives_Iharo\Ryan\DESKTOP.INI
D:\Archives_Iharo\DESKTOP.INI
D:\AINA\Hira_Divers_1\Andry\DESKTOP.INI
C:\WINDOWS\Desktop\COM\desktop.ini
D:\AINA\Hira_Divers_1\DESKTOP.INI
D:\Archives_Iharo\Photo\Meengai\DESKTOP.INI
D:\Archives_Iharo\Photo\DESKTOP.INI
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
