[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

[syafer]

voila je tien à m'excuser de mes messages en sms j'ai pris une mauvaise habitude que je tien à rayer de mon vocabulaire

je tien à m'excuser aux près de Ahoren et de toute l'équipe qui fait tourner ce site du moins ce furom en particulier.

voila snooky:

Je viens de formater mon PC du cou j'ai installer antivir comme tu me la conseiller voila normalement mon PC devrai être OK, mais voila j'ai fait un scan et il a trouver 18 trojen du cou je l'ai ai mie en quarantaine et je l'ai ai supprimer.

je te donne ce rapport pour savoir si tout et OK maintenant .

merci pour toute l'aide que tu ma donné .

[syafer]

Voila le rapport

AntiVir PersonalEdition Classic

Report file date: mardi 1 avril 2008 18:27

Scanning for 1173671 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: MATRIX-YSM5AYKT

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:15:49

ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 21:15:49

ANTIVIR3.VDF : 7.0.3.103 76800 Bytes 01/04/2008 14:41:23

AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 30/03/2008 21:15:49

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 30/03/2008 21:15:50

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: quarantine

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: F:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mardi 1 avril 2008 18:27

Starting search for hidden objects.

'32664' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'LimeWire.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'devldr32.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'sysocmgr.exe' - '1' Module(s) have been scanned

Scan process 'spnpinst.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'VideoAcceleratorEngine.exe' - '1' Module(s) have been scanned

Scan process 'VideoAcceleratorService.exe' - '1' Module(s) have been scanned

Scan process 'spupdsvc.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'VideoAccelerator.exe' - '1' Module(s) have been scanned

Scan process 'DAP.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

40 processes with 40 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

Master boot sector HD1

[NOTE] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'F:\'

End of the scan: mardi 1 avril 2008 19:04

Used time: 37:42 min

The scan has been done completely.

2362 Scanning directories

107606 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

107606 Files not concerned

743 Archives were scanned

1 Warnings

0 Notes

32664 Objects were scanned with rootkit scan

0 Hidden objects were found

[half-life]

Le Pc rame beaucoup ...

merci d'avance snooky

Logfile of HijackThis v1.99.1

Scan saved at 20:46:40, on 02/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\updater\explorer.exe

C:\Program Files\Orange\Systray\SystrayApp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\DOCUME~1\TRIBU~1.SOU\LOCALS~1\Temp\ir_ext_temp_12\autorun.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\AlertModule.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Commander Pro\UPServ.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\Commander Pro\UPS.EXE

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\FTCOMModule.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [updater] C:\WINDOWS\system32\updater\explorer.exe

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O15 - Trusted Zone: http://www.orange.fr

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://otta.synaps.fr/AxisCamControl.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game05.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{775C905B-F598-440A-ADA5-A559D8D1B6D2}: NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: UPSmart - Unknown owner - C:\Program Files\Commander Pro\UPServ.exe

[Seb86]

Salut tout le monde.

Ma belle soeur a un pb avec "Files Secure".

A priori, Hijackthis permet de le virer.

Voici son log et merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:25:07, on 02/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\TextBridge Pro 8.0\Bin\InstantAccess.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Media Player Codec - {B4EF0D13-5359-457D-BA85-C110AEC377B5} - C:\Windows\dsaip32b.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\TextBridge Pro 8.0\Ereg\REMIND32.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: ScanPanel.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)

O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe

--

End of file - 6110 bytes

[snooky]

@ Seb86 :

Désinstalle Spyhunter , Avast et Microsoft Windows OneCare Live .

Désactive Windows defender.

Coche et fixe ces lignes avec Hijackthis :

O2 - BHO: Media Player Codec - {B4EF0D13-5359-457D-BA85-C110AEC377B5} - C:\Windows\dsaip32b.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [instantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

Redémarre le pc et lance Clean v2.0 by FRUiT.

Dézippe et installe Navilog1 :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Choisis l'option 1 pour analyser avec Navilog1.

Puis ensuite l'option 2 pour nettoyer le pc .

Poste ce dernier rapport créé par Navilog1.

[snooky]

@ half-life :

Va sur Virus Total et analyse ce fichier , puis donne les résultats :

C:\WINDOWS\system32\updater\explorer.exe

http://www.virustotal.com/fr/

Lance SDFix en mode sans échec et poste également le rapport créé :

http://mickael.barroux.free.fr/securite/sdfix.php

[half-life]

Rapport de VirusTotal :

Fichier explorer.exe reçu le 2008.03.21 12:28:33 (CET)

Situation actuelle: terminé

Résultat: 2/32 (6.25%)

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 - - -

AntiVir - - -

Authentium - - -

Avast - - -

AVG - - -

BitDefender - - -

CAT-QuickHeal - - -

ClamAV - - -

DrWeb - - -

eSafe - - Suspicious Archive Structure

eTrust-Vet - - -

Ewido - - -

FileAdvisor - - -

Fortinet - - -

F-Prot - - -

F-Secure - - -

Ikarus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - -

NOD32v2 - - error - password-protected file

Norman - - -

Panda - - -

Prevx1 - - -

Rising - - -

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

VBA32 - - -

VirusBuster - - -

Webwasher-Gateway - - -

Information additionnelle

MD5: 2519df50405afcde47302c80708c6afc

SHA1: 53145e6e3237d672aec989ec52a134c0d64c913d

SHA256: 3c2dfa1da894343de01c2b28c0a38b68e286177be1d9ce8b03b1be96f70c5b15

SHA512: 701b1a33ed9263e96e30334e74dcf56834703b421b567e5121c67a69fcef05f8 74cada25995733e6f1f77f3b64f175560d1eda7ff19842569dcba2c5c58556e3

[half-life]

Rapport en mode sans echec :

System Report

*************

Run on 03/04/2008 at 20:16

Microsoft Windows XP [version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [116]

\??\C:\WINDOWS\system32\csrss.exe [164]

\??\C:\WINDOWS\system32\winlogon.exe [188]

C:\WINDOWS\system32\services.exe [232]

C:\WINDOWS\system32\lsass.exe [244]

C:\WINDOWS\system32\svchost.exe [392]

C:\WINDOWS\system32\svchost.exe [452]

C:\WINDOWS\system32\svchost.exe [512]

C:\WINDOWS\Explorer.EXE [736]

Drivers - Running:

amdagp

amdeide

atapi

Beep

Cdfs

Cdrom

Disk

Fastfat

Fdc

Flpydisk

FltMgr

Ftdisk

i8042prt

Imapi

isapnp

Kbdclass

KSecDD

Mouclass

MountMgr

Msfs

mssmbios

Mup

NDIS

Npfs

Ntfs

Null

PartMgr

PCI

PCIIde

PxHelp20

redbook

sr

swenum

TermDD

Update

usbccgp

usbhub

usbohci

usbprint

USBSTOR

VgaSave

VolSnap

Drivers - Stopped:

Abiosdsk

abp480n5

ACPI

ACPIEC

ADILOADER

adiusbaw

adpu160m

aec

AFD

Aha154x

aic78u2

aic78xx

AliIde

AMDPCI

amsint

asc

asc3350p

asc3550

AsyncMac

Atdisk

Atmarpc

audstub

avgio

avgntflt

avipbb

basic2

BrScnUsb

Ca533av

cbidf2k

CCDECODE

cd20xrnt

Cdaudio

Changer

CmdIde

Cpqarray

dac960nt

dmboot

dmio

dmload

DMusic

dpti2o

drmkaud

ds1

Fallback

Fips

Fsks

gameenum

GcKernel

Gpc

HIDSwvd

HidUsb

hpn

HSFHWBS2

HSF_DP

hsf_msft

HTTP

i2omgmt

i2omp

ini910u

IntelIde

Ip6Fw

IpFilterDriver

IpInIp

IpNat

IPSec

IRENUM

K56

k600bus

k600mdfl

k600mdm

k600mgmt

k600obex

kbdhid

kmixer

lbrtfdc

LVUSBSta

mdmxsdk

mnmdd

Modem

mraid35x

MRxDAV

MRxSmb

MSKSSRV

MSPCLOCK

MSPQM

MSTEE

NABTSFEC

NdisIP

NdisTapi

Ndisuio

NdisWan

NDProxy

NetBIOS

NetBT

NtApm

nv

NwlnkFlt

NwlnkFwd

Parport

ParVdm

PCAMPR5

PCANDIS5

PCIDump

Pcmcia

pcouffin

PDCOMP

PDFRAME

PDRELI

PDRFRAME

perc2

perc2hib

PID_0928

PptpMiniport

PSched

Ptilink

ql1080

Ql10wnt

ql12160

ql1240

ql1280

RasAcd

Rasl2tp

RasPppoe

Raspti

Rdbss

RDPCDD

RDPWD

Rksample

RTL8023xp

rtl8139

Secdrv

serenum

Serial

Sfloppy

Simbad

SLIP

SoftFax

SONYPVU1

Sparrow

splitter

Srv

ssmdrv

streamip

swmidi

symc810

symc8xx

sym_hi

sym_u3

sysaudio

Tcpip

TDPIPE

TDTCP

Tones

TosIde

Udfs

ultra

USBCamera

USB_RNDIS

V124

ViaIde

Wanarp

WDICA

wdmaud

winachsf

WSTCODEC

WudfPf

WudfRd

Services - Running:

CryptSvc

DcomLaunch

Eventlog

helpsvc

PlugPlay

RpcSs

srservice

winmgmt

Services - Stopped:

Adobe

Alerter

ALG

AntiVirScheduler

AntiVirService

Apple

AppMgmt

AudioSrv

BITS

Browser

CiSvc

ClipSrv

COMSysApp

Dhcp

dmadmin

dmserver

Dnscache

ERSvc

EventSystem

FastUserSwitchingCompatibility

FTRTSVC

gusvc

HidServ

HTTPFilter

ImapiService

lanmanserver

lanmanworkstation

LmHosts

Messenger

mnmsrvc

MSCSPTISRV

MSDTC

MSIServer

Nabnpifsaa

NBService

NetDDE

NetDDEdsdm

Netlogon

Netman

Nla

NMIndexingService

NtLmSsp

NtmsSvc

NVSvc

ose

PACSPTISVR

PolicyAgent

ProtectedStorage

RasAuto

RasMan

RDSessMgr

RemoteAccess

RpcLocator

RSVP

SamSs

SCardDrv

SCardSvr

Schedule

seclogon

SENS

SharedAccess

ShellHWDetection

Spooler

SPTISRV

SSDPSRV

stisvc

SwPrv

SysmonLog

TapiSrv

TermService

Themes

TrkWks

upnphost

UPS

UPSmart

usnjsvc

VSS

W32Time

WebClient

WLSetupSvc

WmdmPmSN

WmiApSrv

WMPNetworkSvc

wscsvc

wuauserv

WudfSvc

WZCSVC

xmlprov

Files Created/Modified - 60 Days:

C:\

16 Feb 2008 15:07:00 216 ..SH. "C:\boot.ini"

3 Apr 2008 20:13:16 603 979 776 A.SH. "C:\pagefile.sys"

31 Mar 2008 17:59:46 244 A..H. "C:\sqmnoopt12.sqm"

12 Mar 2008 15:19:32 244 A..H. "C:\sqmnoopt10.sqm"

31 Mar 2008 1:45:24 244 A..H. "C:\sqmnoopt11.sqm"

6 Feb 2008 19:41:28 244 A..H. "C:\sqmnoopt07.sqm"

8 Mar 2008 16:09:54 244 A..H. "C:\sqmnoopt08.sqm"

8 Mar 2008 16:18:20 244 A..H. "C:\sqmnoopt09.sqm"

12 Mar 2008 15:19:32 268 A..H. "C:\sqmdata10.sqm"

8 Mar 2008 16:09:54 268 A..H. "C:\sqmdata08.sqm"

31 Mar 2008 1:45:24 268 A..H. "C:\sqmdata11.sqm"

8 Mar 2008 16:18:20 268 A..H. "C:\sqmdata09.sqm"

31 Mar 2008 17:59:46 268 A..H. "C:\sqmdata12.sqm"

6 Feb 2008 19:41:28 268 A..H. "C:\sqmdata07.sqm"

C:\WINDOWS\

3 Apr 2008 19:59:04 0 A.... "C:\WINDOWS.log"

3 Apr 2008 20:13:30 2 048 A.S.. "C:\WINDOWS\bootstat.dat"

26 Feb 2008 21:12:34 27 A.... "C:\WINDOWS\BRPP2KA.INI"

26 Feb 2008 21:12:34 434 A.... "C:\WINDOWS\BRWMARK.INI"

1 Apr 2008 21:36:46 69 A.... "C:\WINDOWS\NeroDigital.ini"

3 Apr 2008 20:14:02 93 872 A.... "C:\WINDOWS\ntbtlog.txt"

23 Mar 2008 13:18:02 1 409 A.... "C:\WINDOWS\QTFont.for"

23 Mar 2008 13:18:02 54 156 A..H. "C:\WINDOWS\QTFont.qfn"

3 Apr 2008 20:12:34 32 618 A.... "C:\WINDOWS\SchedLgU.Txt"

16 Feb 2008 15:07:00 274 A.... "C:\WINDOWS\system.ini"

28 Mar 2008 20:04:28 8 192 A.SH. "C:\WINDOWS\Thumbs.db"

3 Apr 2008 20:12:30 434 A.... "C:\WINDOWS\wiadebug.log"

3 Apr 2008 20:12:30 50 A.... "C:\WINDOWS\wiaservc.log"

3 Apr 2008 19:38:54 658 A.... "C:\WINDOWS\win.ini"

3 Apr 2008 20:12:36 1 123 903 A.... "C:\WINDOWS\WindowsUpdate.log"

2 Apr 2008 18:10:26 45 056 A.... "C:\WINDOWS\BDOSCAN8\avxdisk.dll"

2 Apr 2008 18:10:26 10 240 A.... "C:\WINDOWS\BDOSCAN8\avxs.dll"

2 Apr 2008 18:10:26 27 136 A.... "C:\WINDOWS\BDOSCAN8\avxt.dll"

2 Apr 2008 18:10:28 181 760 A.... "C:\WINDOWS\BDOSCAN8\bdcore.dll"

2 Apr 2008 18:10:20 87 A.... "C:\WINDOWS\BDOSCAN8\bdoscan.ini"

2 Apr 2008 20:03:00 923 A.... "C:\WINDOWS\BDOSCAN8\bdoscan.log"

2 Apr 2008 18:10:28 77 824 A.... "C:\WINDOWS\BDOSCAN8\bdupd.dll.updpnd"

2 Apr 2008 18:10:26 1 878 A.... "C:\WINDOWS\BDOSCAN8\boot.xmd"

26 Feb 2008 15:42:52 7 724 A.... "C:\WINDOWS\BDOSCAN8\lang.ini"

2 Apr 2008 18:10:30 142 848 A.... "C:\WINDOWS\BDOSCAN8\libfn.dll"

2 Apr 2008 18:10:26 86 016 A.... "C:\WINDOWS\BDOSCAN8\librtvr.dll"

26 Feb 2008 15:59:18 487 424 A.... "C:\WINDOWS\BDOSCAN8\oscan82.ocx"

2 Apr 2008 18:12:48 15 002 A.... "C:\WINDOWS\BDOSCAN8\plugins.htm"

2 Apr 2008 18:10:28 254 A.... "C:\WINDOWS\BDOSCAN8\rtvr2.html"

2 Apr 2008 18:10:28 4 746 A.... "C:\WINDOWS\BDOSCAN8\rtvr.html"

2 Apr 2008 18:10:28 6 828 A.... "C:\WINDOWS\BDOSCAN8\scanoptions.tsi"

2 Apr 2008 18:10:28 6 828 A.... "C:\WINDOWS\BDOSCAN8\scanoptions.tsk"

2 Apr 2008 18:10:28 195 A.... "C:\WINDOWS\BDOSCAN8\scanres2.html"

2 Apr 2008 18:10:28 17 067 A.... "C:\WINDOWS\BDOSCAN8\scanres.html"

2 Apr 2008 20:02:52 17 034 A.... "C:\WINDOWS\BDOSCAN8\scanrep.html"

3 Apr 2008 20:13:32 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"

23 Mar 2008 13:05:36 156 968 A.... "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx"

26 Feb 2008 15:42:52 7 724 A.... "C:\WINDOWS\Downloaded Program Files\lang.ini"

7 Feb 2008 14:06:26 1 248 A.... "C:\WINDOWS\Downloaded Program Files\oscan8.inf"

26 Feb 2008 15:59:18 487 424 A.... "C:\WINDOWS\Downloaded Program Files\oscan82.ocx"

16 Feb 2008 12:32:28 4 100 A.... "C:\WINDOWS\inf\branches.PNF"

16 Feb 2008 12:32:28 4 684 A.... "C:\WINDOWS\inf\Erma.PNF"

26 Feb 2008 21:12:06 1 574 392 A.... "C:\WINDOWS\inf\INFCACHE.1"

26 Feb 2008 21:09:44 71 202 A.... "C:\WINDOWS\inf\oem0.PNF"

26 Feb 2008 21:09:46 13 986 A.... "C:\WINDOWS\inf\oem1.PNF"

30 Mar 2008 14:00:36 8 326 A.... "C:\WINDOWS\inf\oem5.PNF"

16 Feb 2008 15:06:18 216 ..... "C:\WINDOWS\pss\boot.ini.backup"

26 Feb 2008 21:10:26 50 A.... "C:\WINDOWS\system32\bridf07a.dat"

2 Apr 2008 20:38:16 190 592 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"

22 Feb 2008 2:23:36 135 168 A.... "C:\WINDOWS\system32\java.exe"

22 Feb 2008 3:33:32 69 632 A.... "C:\WINDOWS\system32\javacpl.cpl"

22 Feb 2008 2:23:40 135 168 A.... "C:\WINDOWS\system32\javaw.exe"

22 Feb 2008 3:33:32 139 264 A.... "C:\WINDOWS\system32\javaws.exe"

24 Mar 2008 12:57:56 6 466 A.... "C:\WINDOWS\system32\jupdate-1.6.0_05-b13.log"

5 Mar 2008 18:30:54 19 148 408 A.... "C:\WINDOWS\system32\MRT.exe"

30 Mar 2008 11:09:28 1 786 A.... "C:\WINDOWS\system32\PerfStringBackup.TMP"

3 Apr 2008 20:00:08 21 760 A.... "C:\WINDOWS\system32\wpa.dbl"

30 Mar 2008 19:05:28 53 248 A.... "C:\WINDOWS\system32\zlib.dll"

28 Mar 2008 15:40:04 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

3 Apr 2008 20:12:32 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"

3 Apr 2008 20:15:06 3 166 A.... "C:\WINDOWS\Temp\scs3.tmp"

3 Apr 2008 20:13:52 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"

3 Apr 2008 20:00:26 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"

13 Feb 2008 15:17:26 10 444 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.inf"

13 Feb 2008 15:17:16 370 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.txt"

13 Feb 2008 15:19:28 10 597 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.inf"

13 Feb 2008 15:19:24 368 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.txt"

2 Apr 2008 18:10:30 40 748 A.... "C:\WINDOWS\BDOSCAN8\plugins\7zip.xmd"

2 Apr 2008 18:10:30 3 892 A.... "C:\WINDOWS\BDOSCAN8\plugins\access.xmd"

2 Apr 2008 18:10:30 8 737 A.... "C:\WINDOWS\BDOSCAN8\plugins\ace.xmd"

2 Apr 2008 18:10:30 3 379 A.... "C:\WINDOWS\BDOSCAN8\plugins\adsntfs.xmd"

2 Apr 2008 18:10:30 19 174 A.... "C:\WINDOWS\BDOSCAN8\plugins\alz.xmd"

2 Apr 2008 18:10:32 3 611 A.... "C:\WINDOWS\BDOSCAN8\plugins\arc.xmd"

2 Apr 2008 18:10:32 6 284 A.... "C:\WINDOWS\BDOSCAN8\plugins\arj.xmd"

2 Apr 2008 18:10:32 103 809 A.... "C:\WINDOWS\BDOSCAN8\plugins\aspy_emu.cvd"

2 Apr 2008 18:10:32 6 712 A.... "C:\WINDOWS\BDOSCAN8\plugins\bach.xmd"

2 Apr 2008 18:10:26 1 878 A.... "C:\WINDOWS\BDOSCAN8\plugins\boot.xmd"

2 Apr 2008 18:10:32 19 355 A.... "C:\WINDOWS\BDOSCAN8\plugins\bzip2.xmd"

2 Apr 2008 18:10:32 14 378 A.... "C:\WINDOWS\BDOSCAN8\plugins\cab.xmd"

2 Apr 2008 18:10:34 358 723 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.cvd"

2 Apr 2008 18:10:34 106 533 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.ivd"

2 Apr 2008 18:10:34 400 422 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.rvd"

2 Apr 2008 18:10:36 186 851 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.xmd"

2 Apr 2008 18:10:36 119 702 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_dll.cvd"

2 Apr 2008 18:10:36 130 609 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_emu.cvd"

2 Apr 2008 18:10:38 396 598 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.cvd"

2 Apr 2008 18:10:38 12 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.ivd"

2 Apr 2008 18:10:38 13 189 A.... "C:\WINDOWS\BDOSCAN8\plugins\chm.xmd"

2 Apr 2008 18:10:38 6 626 A.... "C:\WINDOWS\BDOSCAN8\plugins\cookie.cvd"

2 Apr 2008 18:10:38 2 158 A.... "C:\WINDOWS\BDOSCAN8\plugins\cookie.xmd"

2 Apr 2008 18:10:38 3 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\cpio.xmd"

2 Apr 2008 18:10:38 295 343 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.cvd"

2 Apr 2008 18:10:40 106 887 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.ivd"

2 Apr 2008 18:10:40 6 060 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.xmd"

2 Apr 2008 18:10:40 2 293 A.... "C:\WINDOWS\BDOSCAN8\plugins\dbx.xmd"

2 Apr 2008 18:10:40 10 808 A.... "C:\WINDOWS\BDOSCAN8\plugins\docfile.xmd"

2 Apr 2008 18:10:40 30 179 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.001"

2 Apr 2008 18:10:40 31 700 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.002"

2 Apr 2008 18:10:40 31 165 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.003"

2 Apr 2008 18:10:42 30 313 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.004"

2 Apr 2008 18:10:42 30 040 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.005"

2 Apr 2008 18:10:42 30 032 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.006"

2 Apr 2008 18:10:42 30 037 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.007"

2 Apr 2008 18:10:42 34 763 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.008"

2 Apr 2008 18:10:44 35 490 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.009"

2 Apr 2008 18:10:44 30 875 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.010"

2 Apr 2008 18:10:44 39 586 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.011"

2 Apr 2008 18:10:44 34 546 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.012"

2 Apr 2008 18:10:44 33 541 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.013"

2 Apr 2008 18:10:44 30 770 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.014"

2 Apr 2008 18:10:46 31 350 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.015"

2 Apr 2008 18:10:46 31 129 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.016"

2 Apr 2008 18:10:46 31 193 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.017"

2 Apr 2008 18:10:46 31 334 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.018"

2 Apr 2008 18:10:46 30 801 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.019"

2 Apr 2008 18:10:46 32 259 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.020"

2 Apr 2008 18:10:48 32 085 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.021"

2 Apr 2008 18:10:48 31 895 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.022"

2 Apr 2008 18:10:48 30 701 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.023"

2 Apr 2008 18:10:48 33 397 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.024"

2 Apr 2008 18:10:48 30 181 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.025"

2 Apr 2008 18:10:48 33 103 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.026"

2 Apr 2008 18:10:50 40 510 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.027"

2 Apr 2008 18:10:50 34 657 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.028"

2 Apr 2008 18:10:50 34 091 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.029"

2 Apr 2008 18:10:50 40 044 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.030"

2 Apr 2008 18:10:50 32 993 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.031"

2 Apr 2008 18:10:50 32 022 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.032"

2 Apr 2008 18:10:52 31 221 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.033"

2 Apr 2008 18:10:52 33 108 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.034"

2 Apr 2008 18:10:52 31 940 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.035"

2 Apr 2008 18:10:52 37 584 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.036"

2 Apr 2008 18:10:52 36 421 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.037"

2 Apr 2008 18:10:54 36 048 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.038"

2 Apr 2008 18:10:54 32 533 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.039"

2 Apr 2008 18:10:54 32 775 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.040"

2 Apr 2008 18:10:54 35 949 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.041"

2 Apr 2008 18:10:56 35 059 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.042"

2 Apr 2008 18:10:56 35 161 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.043"

2 Apr 2008 18:10:56 34 192 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.044"

2 Apr 2008 18:10:56 34 561 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.045"

2 Apr 2008 18:10:56 40 824 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.046"

2 Apr 2008 18:10:56 31 535 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.047"

2 Apr 2008 18:10:56 41 247 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.048"

2 Apr 2008 18:10:58 34 660 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.049"

2 Apr 2008 18:10:58 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.050"

2 Apr 2008 18:10:58 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.051"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.052"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.053"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.054"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.055"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.056"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.057"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.058"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.059"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.060"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.061"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.062"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.063"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.064"

2 Apr 2008 18:11:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.065"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.066"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.067"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.068"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.069"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.070"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.071"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.072"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.073"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.074"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.075"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.076"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.077"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.078"

2 Apr 2008 18:11:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.079"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.080"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.081"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.082"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.083"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.084"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.085"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.086"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.087"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.088"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.089"

2 Apr 2008 18:11:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.090"

2 Apr 2008 18:11:14 6 500 383 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.cvd"

2 Apr 2008 18:11:14 30 173 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i01"

2 Apr 2008 18:11:16 34 745 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i02"

2 Apr 2008 18:11:16 25 761 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i03"

2 Apr 2008 18:11:16 26 845 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i04"

2 Apr 2008 18:11:16 26 331 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i05"

2 Apr 2008 18:11:16 31 133 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i06"

2 Apr 2008 18:11:18 33 430 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i07"

2 Apr 2008 18:11:18 31 219 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i08"

2 Apr 2008 18:11:18 26 323 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i09"

2 Apr 2008 18:11:18 34 476 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i10"

2 Apr 2008 18:11:18 32 074 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i11"

2 Apr 2008 18:11:20 32 454 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i12"

2 Apr 2008 18:11:20 30 114 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i13"

2 Apr 2008 18:11:20 29 054 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i14"

2 Apr 2008 18:11:20 30 630 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i15"

2 Apr 2008 18:11:20 28 160 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i16"

2 Apr 2008 18:11:20 31 458 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i17"

2 Apr 2008 18:11:22 27 984 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i18"

2 Apr 2008 18:11:22 31 448 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i19"

2 Apr 2008 18:11:22 31 279 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i20"

2 Apr 2008 18:11:22 30 627 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i21"

2 Apr 2008 18:11:24 34 776 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i22"

2 Apr 2008 18:11:24 30 106 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i23"

2 Apr 2008 18:11:24 30 949 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i24"

2 Apr 2008 18:11:24 26 371 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i25"

2 Apr 2008 18:11:26 28 079 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i26"

2 Apr 2008 18:11:26 28 864 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i27"

2 Apr 2008 18:11:26 32 461 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i28"

2 Apr 2008 18:11:26 30 267 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i29"

2 Apr 2008 18:11:26 25 865 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i30"

2 Apr 2008 18:11:26 27 564 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i31"

2 Apr 2008 18:11:26 29 338 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i32"

2 Apr 2008 18:11:28 30 171 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i33"

2 Apr 2008 18:11:28 30 101 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i34"

2 Apr 2008 18:11:28 32 677 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i35"

2 Apr 2008 18:11:28 33 657 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i36"

2 Apr 2008 18:11:28 31 020 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i37"

2 Apr 2008 18:11:30 30 698 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i38"

2 Apr 2008 18:11:30 31 845 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i39"

2 Apr 2008 18:11:30 30 380 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i40"

2 Apr 2008 18:11:30 29 376 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i41"

2 Apr 2008 18:11:30 32 985 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i42"

2 Apr 2008 18:11:30 29 376 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i43"

2 Apr 2008 18:11:30 30 291 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i44"

2 Apr 2008 18:11:32 29 463 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i45"

2 Apr 2008 18:11:32 27 444 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i46"

2 Apr 2008 18:11:32 32 667 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i47"

2 Apr 2008 18:11:32 31 295 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i48"

2 Apr 2008 18:11:32 27 643 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i49"

2 Apr 2008 18:11:32 26 649 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i50"

2 Apr 2008 18:11:34 30 905 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i51"

2 Apr 2008 18:11:34 28 838 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i52"

2 Apr 2008 18:11:34 29 055 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i53"

2 Apr 2008 18:11:34 21 693 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i54"

2 Apr 2008 18:11:34 29 624 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i55"

2 Apr 2008 18:11:34 26 251 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i56"

2 Apr 2008 18:11:36 30 238 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i57"

2 Apr 2008 18:11:36 32 989 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i58"

2 Apr 2008 18:11:36 29 765 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i59"

2 Apr 2008 18:11:36 29 291 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i60"

2 Apr 2008 18:11:36 25 936 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i61"

2 Apr 2008 18:11:38 31 044 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i62"

2 Apr 2008 18:11:38 25 495 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i63"

2 Apr 2008 18:11:38 26 004 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i64"

2 Apr 2008 18:11:38 27 911 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i65"

2 Apr 2008 18:11:40 30 220 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i66"

2 Apr 2008 18:11:40 33 240 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i67"

2 Apr 2008 18:11:40 34 840 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i68"

2 Apr 2008 18:11:40 32 957 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i69"

2 Apr 2008 18:11:40 32 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i70"

2 Apr 2008 18:11:42 28 830 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i71"

2 Apr 2008 18:11:42 32 504 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i72"

2 Apr 2008 18:11:42 30 653 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i73"

2 Apr 2008 18:11:42 32 067 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i74"

2 Apr 2008 18:11:42 33 326 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i75"

2 Apr 2008 18:11:44 33 635 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i76"

2 Apr 2008 18:11:44 34 202 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i77"

2 Apr 2008 18:11:44 36 009 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i78"

2 Apr 2008 18:11:44 34 847 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i79"

2 Apr 2008 18:11:44 31 443 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i80"

2 Apr 2008 18:11:44 32 949 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i81"

2 Apr 2008 18:11:46 31 546 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i82"

2 Apr 2008 18:11:46 34 048 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i83"

2 Apr 2008 18:11:46 30 405 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i84"

2 Apr 2008 18:11:46 31 381 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i85"

2 Apr 2008 18:11:46 32 961 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i86"

2 Apr 2008 18:11:48 30 159 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i87"

2 Apr 2008 18:11:48 33 334 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i88"

2 Apr 2008 18:11:48 32 206 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i89"

2 Apr 2008 18:11:48 29 859 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i90"

2 Apr 2008 18:11:48 30 116 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i91"

2 Apr 2008 18:11:48 33 050 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i92"

2 Apr 2008 18:11:48 30 320 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i93"

2 Apr 2008 18:11:50 33 050 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i94"

2 Apr 2008 18:11:50 32 324 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i95"

2 Apr 2008 18:11:50 31 914 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i96"

2 Apr 2008 18:11:50 34 900 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i97"

2 Apr 2008 18:11:50 34 579 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i98"

2 Apr 2008 18:11:50 30 784 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i99"

2 Apr 2008 18:11:52 32 189 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.ivd"

2 Apr 2008 18:11:52 5 001 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.xmd"

2 Apr 2008 18:11:52 2 806 A.... "C:\WINDOWS\BDOSCAN8\plugins\epoc.xmd"

2 Apr 2008 18:11:52 301 831 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.cvd"

2 Apr 2008 18:11:52 59 143 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i01"

2 Apr 2008 18:11:54 57 137 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i02"

2 Apr 2008 18:11:54 51 170 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i03"

2 Apr 2008 18:11:54 50 522 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i04"

2 Apr 2008 18:11:54 55 531 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i05"

2 Apr 2008 18:11:56 55 849 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i06"

2 Apr 2008 18:11:56 49 251 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i07"

2 Apr 2008 18:11:56 34 551 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i08"

2 Apr 2008 18:11:56 26 896 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i09"

2 Apr 2008 18:11:56 31 532 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i10"

2 Apr 2008 18:11:56 31 438 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i11"

2 Apr 2008 18:11:58 31 602 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i12"

2 Apr 2008 18:11:58 29 112 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i13"

2 Apr 2008 18:11:58 20 247 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i14"

2 Apr 2008 18:11:58 32 776 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i15"

2 Apr 2008 18:11:58 22 387 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i16"

2 Apr 2008 18:11:58 29 786 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i17"

2 Apr 2008 18:11:58 30 135 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i18"

2 Apr 2008 18:12:00 34 535 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i19"

2 Apr 2008 18:12:00 33 067 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i20"

2 Apr 2008 18:12:00 18 183 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i21"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i22"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i23"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i24"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i25"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i26"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i27"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i28"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i29"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i30"

2 Apr 2008 18:12:00 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i31"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i32"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i33"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i34"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i35"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i36"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i37"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i38"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i39"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i40"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i41"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i42"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i43"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i44"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i45"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i46"

2 Apr 2008 18:12:02 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i47"

2 Apr 2008 18:12:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i48"

2 Apr 2008 18:12:04 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i49"

2 Apr 2008 18:12:04 66 302 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.ivd"

2 Apr 2008 18:12:04 127 421 A.... "C:\WINDOWS\BDOSCAN8\plugins\gvmscripts.cvd"

2 Apr 2008 18:12:04 3 842 A.... "C:\WINDOWS\BDOSCAN8\plugins\gzip.xmd"

2 Apr 2008 18:12:04 8 201 A.... "C:\WINDOWS\BDOSCAN8\plugins\ha.xmd"

2 Apr 2008 18:12:04 3 534 A.... "C:\WINDOWS\BDOSCAN8\plugins\hlp.xmd"

2 Apr 2008 18:12:04 4 669 A.... "C:\WINDOWS\BDOSCAN8\plugins\hpe.cvd"

2 Apr 2008 18:12:06 2 537 A.... "C:\WINDOWS\BDOSCAN8\plugins\hpe.xmd"

2 Apr 2008 18:12:06 1 726 A.... "C:\WINDOWS\BDOSCAN8\plugins\hqx.xmd"

2 Apr 2008 18:12:06 18 951 A.... "C:\WINDOWS\BDOSCAN8\plugins\html.xmd"

2 Apr 2008 18:12:06 7 622 A.... "C:\WINDOWS\BDOSCAN8\plugins\imp.xmd"

2 Apr 2008 18:12:06 1 173 A.... "C:\WINDOWS\BDOSCAN8\plugins\inno.xmd"

2 Apr 2008 18:12:06 21 387 A.... "C:\WINDOWS\BDOSCAN8\plugins\instyler.xmd"

2 Apr 2008 18:12:06 37 426 A.... "C:\WINDOWS\BDOSCAN8\plugins\iso.xmd"

2 Apr 2008 18:12:06 3 305 A.... "C:\WINDOWS\BDOSCAN8\plugins\java.cvd"

2 Apr 2008 18:12:06 8 501 A.... "C:\WINDOWS\BDOSCAN8\plugins\java.xmd"

2 Apr 2008 18:12:06 4 810 A.... "C:\WINDOWS\BDOSCAN8\plugins\jpeg.xmd"

2 Apr 2008 18:12:08 9 492 A.... "C:\WINDOWS\BDOSCAN8\plugins\lha.xmd"

2 Apr 2008 18:12:08 930 A.... "C:\WINDOWS\BDOSCAN8\plugins\lnk.xmd"

2 Apr 2008 18:12:08 2 150 A.... "C:\WINDOWS\BDOSCAN8\plugins\mbox.xmd"

2 Apr 2008 18:12:08 791 A.... "C:\WINDOWS\BDOSCAN8\plugins\mbx.xmd"

2 Apr 2008 18:12:08 46 594 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx.xmd"

2 Apr 2008 18:12:08 344 892 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_97.cvd"

2 Apr 2008 18:12:10 172 536 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_97.ivd"

2 Apr 2008 18:12:10 59 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_w95.cvd"

2 Apr 2008 18:12:10 9 651 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_x95.cvd"

2 Apr 2008 18:12:10 1 948 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_xf.cvd"

2 Apr 2008 18:12:10 6 996 A.... "C:\WINDOWS\BDOSCAN8\plugins\mime.xmd"

2 Apr 2008 18:12:10 5 672 A.... "C:\WINDOWS\BDOSCAN8\plugins\mobmalware.cvd"

2 Apr 2008 18:12:10 6 864 A.... "C:\WINDOWS\BDOSCAN8\plugins\mobmalware.xmd"

2 Apr 2008 18:12:10 2 082 A.... "C:\WINDOWS\BDOSCAN8\plugins\mso.xmd"

2 Apr 2008 18:12:10 205 A.... "C:\WINDOWS\BDOSCAN8\plugins\na.cvd"

2 Apr 2008 18:12:12 12 596 A.... "C:\WINDOWS\BDOSCAN8\plugins\na.xmd"

2 Apr 2008 18:12:12 18 255 A.... "C:\WINDOWS\BDOSCAN8\plugins\nelf.cvd"

2 Apr 2008 18:12:12 3 036 A.... "C:\WINDOWS\BDOSCAN8\plugins\nelf.xmd"

2 Apr 2008 18:12:12 14 390 A.... "C:\WINDOWS\BDOSCAN8\plugins\nsis.xmd"

2 Apr 2008 18:12:12 1 062 A.... "C:\WINDOWS\BDOSCAN8\plugins\objd.xmd"

2 Apr 2008 18:12:12 13 067 A.... "C:\WINDOWS\BDOSCAN8\plugins\pdf.xmd"

2 Apr 2008 18:12:12 4 278 A.... "C:\WINDOWS\BDOSCAN8\plugins\proc.xmd"

2 Apr 2008 18:12:12 6 194 A.... "C:\WINDOWS\BDOSCAN8\plugins\pst.xmd"

2 Apr 2008 18:12:12 44 859 A.... "C:\WINDOWS\BDOSCAN8\plugins\rar.xmd"

2 Apr 2008 18:12:12 203 A.... "C:\WINDOWS\BDOSCAN8\plugins\regarch.cvd"

2 Apr 2008 18:12:12 13 700 A.... "C:\WINDOWS\BDOSCAN8\plugins\regarch.xmd"

2 Apr 2008 18:12:14 15 292 A.... "C:\WINDOWS\BDOSCAN8\plugins\regscan.cvd"

2 Apr 2008 18:12:14 406 A.... "C:\WINDOWS\BDOSCAN8\plugins\regscan.xmd"

2 Apr 2008 18:12:14 1 187 A.... "C:\WINDOWS\BDOSCAN8\plugins\rpm.xmd"

2 Apr 2008 18:12:14 2 515 A.... "C:\WINDOWS\BDOSCAN8\plugins\rtf.xmd"

2 Apr 2008 18:12:14 1 904 A.... "C:\WINDOWS\BDOSCAN8\plugins\rup.cvd"

2 Apr 2008 18:12:14 1 891 A.... "C:\WINDOWS\BDOSCAN8\plugins\rup.xmd"

2 Apr 2008 18:12:14 191 100 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.cvd"

2 Apr 2008 18:12:16 126 017 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.ivd"

2 Apr 2008 18:12:16 10 277 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.xmd"

2 Apr 2008 18:12:16 13 163 A.... "C:\WINDOWS\BDOSCAN8\plugins\sfx.xmd"

2 Apr 2008 18:12:16 10 540 A.... "C:\WINDOWS\BDOSCAN8\plugins\swf.xmd"

2 Apr 2008 18:12:16 3 998 A.... "C:\WINDOWS\BDOSCAN8\plugins\tar.xmd"

2 Apr 2008 18:12:16 2 863 A.... "C:\WINDOWS\BDOSCAN8\plugins\td0.xmd"

2 Apr 2008 18:12:18 1 102 A.... "C:\WINDOWS\BDOSCAN8\plugins\thebat.xmd"

2 Apr 2008 18:12:18 846 A.... "C:\WINDOWS\BDOSCAN8\plugins\tnef.xmd"

2 Apr 2008 18:12:18 193 418 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.cvd"

2 Apr 2008 18:12:18 152 049 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.ivd"

2 Apr 2008 18:12:18 45 669 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.xmd"

2 Apr 2008 18:12:18 111 A.... "C:\WINDOWS\BDOSCAN8\plugins\update.txt"

2 Apr 2008 18:12:20 1 988 A.... "C:\WINDOWS\BDOSCAN8\plugins\uudecode.xmd"

2 Apr 2008 18:12:20 49 435 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.cvd"

2 Apr 2008 18:12:20 48 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.ivd"

2 Apr 2008 18:12:20 79 801 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.xmd"

2 Apr 2008 18:12:20 688 A.... "C:\WINDOWS\BDOSCAN8\plugins\vedata.cvd"

2 Apr 2008 18:12:20 13 015 A.... "C:\WINDOWS\BDOSCAN8\plugins\viza.xmd"

2 Apr 2008 18:12:20 3 797 A.... "C:\WINDOWS\BDOSCAN8\plugins\wise.xmd"

2 Apr 2008 18:12:20 1 559 A.... "C:\WINDOWS\BDOSCAN8\plugins\xcookies.xmd"

2 Apr 2008 18:12:20 1 247 A.... "C:\WINDOWS\BDOSCAN8\plugins\xishield.xmd"

2 Apr 2008 18:12:20 1 604 A.... "C:\WINDOWS\BDOSCAN8\plugins\z.xmd"

2 Apr 2008 18:12:22 18 937 A.... "C:\WINDOWS\BDOSCAN8\plugins\zip.xmd"

2 Apr 2008 18:12:22 3 667 A.... "C:\WINDOWS\BDOSCAN8\plugins\zoo.xmd"

13 Feb 2008 15:17:42 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00002"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00003"

13 Feb 2008 15:17:44 258 048 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00004"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00005"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00006"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00007"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00008"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00009"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00010"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00011"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00012"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00013"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00014"

13 Feb 2008 15:17:44 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00015"

13 Feb 2008 15:17:44 12 288 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00016"

13 Feb 2008 15:18:26 22 365 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.inf"

13 Feb 2008 15:17:44 7 811 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.txt"

7 Feb 2008 22:23:30 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"

2 Apr 2008 20:16:04 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"

15 Feb 2008 18:55:00 16 653 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"

15 Feb 2008 18:54:58 74 649 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"

26 Feb 2008 21:12:34 6 860 A.... "C:\WINDOWS\system32\spool\drivers\w32x86\3\BRDP150C.BDD"

26 Feb 2008 20:52:52 29 192 A.... "C:\WINDOWS\system32\spool\drivers\w32x86\3\Nuan.BUD"

C:\Program Files\

7 Feb 2008 22:00:34 111 005 A.... "C:\Program Files\CCleaner\uninst.exe"

3 Apr 2008 20:11:42 176 016 A.... "C:\Program Files\Commander Pro\Ups2000.dat"

17 Mar 2008 21:03:14 1 028 432 A.... "C:\Program Files\Messenger Plus! Live\Log Viewer.exe"

17 Mar 2008 21:03:14 8 528 A.... "C:\Program Files\Messenger Plus! Live\MPScripts.dll"

17 Mar 2008 21:03:20 8 528 A.... "C:\Program Files\Messenger Plus! Live\MPSkins.dll"

17 Mar 2008 21:03:16 491 344 A.... "C:\Program Files\Messenger Plus! Live\MPTools.exe"

17 Mar 2008 21:03:18 59 728 A.... "C:\Program Files\Messenger Plus! Live\MsgPlusLoader.dll"

21 Mar 2008 1:58:50 3 334 992 A.... "C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll"

17 Mar 2008 21:03:16 1 818 960 A.... "C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll"

17 Mar 2008 21:03:18 901 456 A.... "C:\Program Files\Messenger Plus! Live\Uninstall.exe"

2 Apr 2008 19:17:48 3 420 672 A.... "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll"

22 Feb 2008 3:12:30 994 ....R "C:\Program Files\Java\jre1.6.0_05\Welcome.html"

15 Mar 2008 23:16:10 10 352 128 A.... "C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE"

11 Feb 2008 18:32:02 3 612 656 A.... "C:\Program Files\Microsoft Office\OFFICE11\OUTLFLTR.DAT"

17 Mar 2008 21:03:18 59 728 A.... "C:\Program Files\Windows Live\Messenger\msimg32.dll"

16 Feb 2008 21:51:08 20 A.... "C:\Program Files\Fichiers communs\Sony Shared\OpenMG\icv.dat"

16 Feb 2008 21:51:08 348 A.... "C:\Program Files\Fichiers communs\Sony Shared\OpenMG\maclist1.dat"

16 Feb 2008 21:51:08 348 A.... "C:\Program Files\Fichiers communs\Sony Shared\OpenMG\maclist2.dat"

22 Feb 2008 5:25:30 1 060 864 A.... "C:\Program Files\Java\jre1.6.0_05\bin\awt.dll"

22 Feb 2008 5:25:30 114 688 A.... "C:\Program Files\Java\jre1.6.0_05\bin\axbridge.dll"

22 Feb 2008 5:25:30 192 512 A.... "C:\Program Files\Java\jre1.6.0_05\bin\cmm.dll"

22 Feb 2008 5:25:30 143 360 A.... "C:\Program Files\Java\jre1.6.0_05\bin\dcpr.dll"

22 Feb 2008 5:25:30 69 632 A.... "C:\Program Files\Java\jre1.6.0_05\bin\deploy.dll"

22 Feb 2008 5:25:30 16 896 A.... "C:\Program Files\Java\jre1.6.0_05\bin\dt_shmem.dll"

22 Feb 2008 5:25:30 13 312 A.... "C:\Program Files\Java\jre1.6.0_05\bin\dt_socket.dll"

22 Feb 2008 5:25:30 335 872 A.... "C:\Program Files\Java\jre1.6.0_05\bin\fontmanager.dll"

22 Feb 2008 5:25:30 15 872 A.... "C:\Program Files\Java\jre1.6.0_05\bin\hpi.dll"

22 Feb 2008 5:25:30 139 264 A.... "C:\Program Files\Java\jre1.6.0_05\bin\hprof.dll"

22 Feb 2008 5:25:30 98 304 A.... "C:\Program Files\Java\jre1.6.0_05\bin\instrument.dll"

22 Feb 2008 5:25:30 12 800 A.... "C:\Program Files\Java\jre1.6.0_05\bin\ioser12.dll"

22 Feb 2008 5:25:30 7 680 A.... "C:\Program Files\Java\jre1.6.0_05\bin\j2pcsc.dll"

22 Feb 2008 5:25:30 37 376 A.... "C:\Program Files\Java\jre1.6.0_05\bin\j2pkcs11.dll"

22 Feb 2008 5:25:30 10 240 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jaas_nt.dll"

22 Feb 2008 2:49:54 25 088 A.... "C:\Program Files\Java\jre1.6.0_05\bin\java-rmi.exe"

22 Feb 2008 5:25:30 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\java.dll"

22 Feb 2008 2:23:36 135 168 A.... "C:\Program Files\Java\jre1.6.0_05\bin\java.exe"

22 Feb 2008 3:33:32 49 152 A.... "C:\Program Files\Java\jre1.6.0_05\bin\javacpl.exe"

22 Feb 2008 2:23:40 135 168 A.... "C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"

22 Feb 2008 3:33:32 139 264 A.... "C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe"

22 Feb 2008 5:25:30 14 336 A.... "C:\Program Files\Java\jre1.6.0_05\bin\java_crw_demo.dll"

22 Feb 2008 5:25:30 5 120 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jawt.dll"

22 Feb 2008 5:25:30 36 352 A.... "C:\Program Files\Java\jre1.6.0_05\bin\JdbcOdbc.dll"

22 Feb 2008 5:25:30 167 936 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jdwp.dll"

22 Feb 2008 5:25:30 77 824 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jli.dll"

22 Feb 2008 5:25:30 147 456 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jpeg.dll"

22 Feb 2008 5:25:30 98 304 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jpicom.dll"

22 Feb 2008 5:25:30 110 592 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jpiexp.dll"

22 Feb 2008 5:25:30 98 304 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jpinscp.dll"

22 Feb 2008 5:25:30 65 536 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jpioji.dll"

22 Feb 2008 5:25:30 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jpishare.dll"

22 Feb 2008 5:25:30 147 456 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jsound.dll"

22 Feb 2008 5:25:30 18 432 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jsoundds.dll"

22 Feb 2008 5:25:20 329 104 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe"

22 Feb 2008 5:25:22 54 672 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jureg.exe"

22 Feb 2008 5:25:22 144 784 A.... "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

22 Feb 2008 2:37:36 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\keytool.exe"

22 Feb 2008 2:38:24 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\kinit.exe"

22 Feb 2008 2:38:28 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\klist.exe"

22 Feb 2008 2:38:32 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\ktab.exe"

22 Feb 2008 5:25:30 18 432 A.... "C:\Program Files\Java\jre1.6.0_05\bin\management.dll"

22 Feb 2008 5:25:32 602 112 A.... "C:\Program Files\Java\jre1.6.0_05\bin\mlib_image.dll"

22 Feb 2008 5:41:00 348 160 A.... "C:\Program Files\Java\jre1.6.0_05\bin\msvcr71.dll"

22 Feb 2008 5:25:32 77 824 A.... "C:\Program Files\Java\jre1.6.0_05\bin\net.dll"

22 Feb 2008 5:25:32 20 480 A.... "C:\Program Files\Java\jre1.6.0_05\bin\nio.dll"

22 Feb 2008 5:25:32 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npjava11.dll"

22 Feb 2008 5:25:32 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npjava12.dll"

22 Feb 2008 5:25:32 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npjava13.dll"

22 Feb 2008 5:25:32 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npjava14.dll"

22 Feb 2008 5:25:32 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npjava32.dll"

22 Feb 2008 5:25:20 132 496 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll"

22 Feb 2008 5:25:32 126 976 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npoji610.dll"

22 Feb 2008 5:25:32 8 192 A.... "C:\Program Files\Java\jre1.6.0_05\bin\npt.dll"

22 Feb 2008 2:58:14 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\orbd.exe"

22 Feb 2008 2:59:00 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\pack200.exe"

22 Feb 2008 2:38:22 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\policytool.exe"

22 Feb 2008 5:41:00 237 568 A.... "C:\Program Files\Java\jre1.6.0_05\bin\regutils.dll"

22 Feb 2008 5:25:32 5 120 A.... "C:\Program Files\Java\jre1.6.0_05\bin\rmi.dll"

22 Feb 2008 2:49:46 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\rmid.exe"

22 Feb 2008 2:49:36 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\rmiregistry.exe"

22 Feb 2008 2:58:18 25 600 A.... "C:\Program Files\Java\jre1.6.0_05\bin\servertool.exe"

22 Feb 2008 5:25:32 131 072 A.... "C:\Program Files\Java\jre1.6.0_05\bin\splashscreen.dll"

22 Feb 2008 5:25:20 509 328 A.... "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll"

22 Feb 2008 5:25:32 16 384 A.... "C:\Program Files\Java\jre1.6.0_05\bin\sunmscapi.dll"

22 Feb 2008 2:58:02 26 112 A.... "C:\Program Files\Java\jre1.6.0_05\bin\tnameserv.exe"

22 Feb 2008 5:25:32 61 440 A.... "C:\Program Files\Java\jre1.6.0_05\bin\unpack.dll"

22 Feb 2008 2:58:54 122 880 A.... "C:\Program Files\Java\jre1.6.0_05\bin\unpack200.exe"

22 Feb 2008 5:25:32 31 744 A.... "C:\Program Files\Java\jre1.6.0_05\bin\verify.dll"

22 Feb 2008 5:25:32 24 701 A.... "C:\Program Files\Java\jre1.6.0_05\bin\w2k_lsa_auth.dll"

22 Feb 2008 5:25:32 110 592 A.... "C:\Program Files\Java\jre1.6.0_05\bin\wsdetect.dll"

22 Feb 2008 5:25:32 47 104 A.... "C:\Program Files\Java\jre1.6.0_05\bin\zip.dll"

22 Feb 2008 5:25:32 2 334 720 A.... "C:\Program Files\Java\jre1.6.0_05\bin\client\jvm.dll"

22 Feb 2008 3:33:32 16 801 A.... "C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip"

22 Feb 2008 5:40:56 9 685 797 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\core1.zip"

22 Feb 2008 5:40:56 10 238 372 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\core2.zip"

22 Feb 2008 5:40:58 4 868 848 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\core3.zip"

22 Feb 2008 5:41:00 3 584 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\launcher.exe"

22 Feb 2008 5:41:00 348 160 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\msvcr71.dll"

22 Feb 2008 5:41:00 5 596 520 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\patchjre.exe"

22 Feb 2008 5:41:00 237 568 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\regutils.dll"

22 Feb 2008 5:40:54 20 480 A.... "C:\Program Files\Fichiers communs\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\zipper.exe"

Files with hidden attributes:

Fri 20 Oct 2006 4,348 A..H. --- "C:\Ma musique\Sauvegarde de la licence\drmv1key.bak"

Fri 17 Nov 2006 401 A..H. --- "C:\Ma musique\Sauvegarde de la licence\drmv1lic.bak"

Sat 14 Oct 2006 312 A.SH. --- "C:\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Sun 1 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sun 1 Apr 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"

Sun 30 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"

Sat 21 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"

Program Folders:

C:\Program Files\

Adobe

Alwil Software

Apple Software Update

Avira

Brother

CCleaner

Commander Pro

Common files

ComPlus Applications

DIFX

DivX

eMule

Fichiers communs

Free Audio Pack

Google

Hijackthis Version Fran‡aise

Incomplete

InstallShield Installation Information

Internet Explorer

Java

LimeWire

Logitech

Matrix Multimedia

Messenger

Messenger Plus! Live

Microsoft CAPICOM 2.1.0.2

microsoft frontpage

Microsoft Office

Microsoft Visual Studio

Microsoft.NET

Movie Maker

MSN

MSN Gaming Zone

MSN Messenger

MSXML 4.0

Nero

NetMeeting

Nuance

Online Services

Orange

Outlook Express

QuickTime

Rockstar Games

SAGEM

Samsung

ScanSoft

Securitoo

Services en ligne

Sony

Sony Corporation

Sony Ericsson

Ubi Soft

Uninstall Information

VSO

Wanadoo Messager

Windows Live

Windows Media Connect 2

Windows Media Player

Windows NT

WindowsUpdate

WinRAR

WinZip

xerox

C:\Program Files\Fichiers communs\

Adobe

Adobe Systems Shared

Ahead

Apple

Designer

DigitalCam202

DirectX

France Telecom

InstallShield

Java

Logitech

Microsoft Shared

MSSoap

ODBC

ScanSoft Shared

Services

Sony Shared

SpeechEngines

Symantec Shared

System

Teleca Shared

WindowsLiveInstaller

Add/Remove Programs:

Adobe Flash Player ActiveX

Adobe Shockwave Player

Avira AntiVir PersonalEdition Classic

CCleaner (remove only)

Commander Pro

CopyToDVD 4

Windows Driver Package - Matrix Multimedia Ltd. Matrix USB PICmicro programmer (9/8/2005 )

Free Mp3 Wma Converter V 1.6.3

HijackThis 1.99.1

Microsoft Internationalized Domain Names Mitigation APIs

Windows Internet Explorer 7

OpenMG Secure Module 4.1.00

Correctif Windows XP - KB873339

Correctif Windows XP - KB885836

Correctif Windows XP - KB886185

Correctif Windows XP - KB887472

Correctif Windows XP - KB888302

Mise à jour de sécurité pour Windows XP (KB890046)

Correctif Windows XP - KB890859

Correctif Windows XP - KB891781

Windows Genuine Advantage Validation Tool (KB892130)

Mise à jour de sécurité pour Windows XP (KB893756)

Windows Installer 3.1 (KB893803)

Mise à jour pour Windows XP (KB894391)

Mise à jour de sécurité pour Windows XP (KB896358)

Mise à jour de sécurité pour Windows XP (KB896423)

Mise à jour de sécurité pour Windows XP (KB896428)

Mise à jour de sécurité pour Windows XP (KB899587)

Mise à jour de sécurité pour Windows XP (KB899591)

Mise à jour pour Windows XP (KB900485)

Mise à jour de sécurité pour Windows XP (KB900725)

Mise à jour de sécurité pour Windows XP (KB901017)

Mise à jour de sécurité pour Windows XP (KB901214)

Mise à jour de sécurité pour Windows XP (KB902400)

Mise à jour de sécurité pour Windows XP (KB904706)

Mise à jour de sécurité pour Windows XP (KB905414)

Mise à jour de sécurité pour Windows XP (KB905749)

Mise à jour de sécurité pour Windows XP (KB908519)

Mise à jour pour Windows XP (KB908531)

Mise à jour pour Windows XP (KB910437)

Mise à jour pour Windows XP (KB911280)

Mise à jour de sécurité pour Windows XP (KB911562)

Mise à jour de sécurité pour Lecteur Windows Media (KB911564)

Mise à jour de sécurité pour Windows XP (KB911927)

Mise à jour de sécurité pour Windows XP (KB913580)

Mise à jour de sécurité pour Windows XP (KB914388)

Mise à jour de sécurité pour Windows XP (KB914389)

Hotfix for Windows XP (KB915865)

Mise à jour pour Windows XP (KB916595)

Mise à jour de sécurité pour Windows XP (KB917953)

Mise à jour de sécurité pour Windows XP (KB918118)

Mise à jour de sécurité pour Windows XP (KB918439)

Mise à jour de sécurité pour Windows XP (KB919007)

Mise à jour de sécurité pour Windows XP (KB920213)

Mise à jour de sécurité pour Windows XP (KB920670)

Mise à jour de sécurité pour Windows XP (KB920683)

Mise à jour de sécurité pour Windows XP (KB920685)

Mise à jour pour Windows XP (KB920872)

Mise à jour de sécurité pour Windows XP (KB921503)

Mise à jour pour Windows XP (KB922582)

Mise à jour de sécurité pour Windows XP (KB922819)

Mise à jour de sécurité pour Windows XP (KB923191)

Mise à jour de sécurité pour Windows XP (KB923414)

Mise à jour de sécurité pour Windows XP (KB923980)

Mise à jour de sécurité pour Windows XP (KB924191)

Mise à jour de sécurité pour Windows XP (KB924270)

Mise à jour de sécurité pour Windows XP (KB924667)

Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)

Mise à jour de sécurité pour Windows XP (KB925902)

Hotfix for Windows XP (KB926239)

Mise à jour de sécurité pour Windows XP (KB926255)

Mise à jour de sécurité pour Windows XP (KB926436)

Mise à jour de sécurité pour Windows XP (KB927779)

Mise à jour de sécurité pour Windows XP (KB927802)

Mise à jour pour Windows XP (KB927891)

Mise à jour de sécurité pour Windows XP (KB928255)

Mise à jour de sécurité pour Windows XP (KB928843)

Mise à jour de sécurité pour Windows XP (KB929123)

Hotfix for Windows Media Format 11 SDK (KB929399)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)

Mise à jour de sécurité pour Windows XP (KB930178)

Mise à jour pour Windows XP (KB930916)

Mise à jour de sécurité pour Windows XP (KB931261)

Mise à jour de sécurité pour Windows XP (KB931784)

Mise à jour pour Windows XP (KB931836)

Security Update for CAPICOM (KB931906)

Mise à jour de sécurité pour Windows XP (KB932168)

Mise à jour pour Windows XP (KB933360)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)

Mise à jour de sécurité pour Windows XP (KB933729)

Mise à jour de sécurité pour Windows XP (KB935839)

Mise à jour de sécurité pour Windows XP (KB935840)

Mise à jour de sécurité pour Windows XP (KB936021)

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)

Mise à jour pour Windows XP (KB938828)

Mise à jour de sécurité pour Windows XP (KB938829)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)

Correctif pour Lecteur Windows Media 11 (KB939683)

Mise à jour de sécurité pour Windows XP (KB941202)

Mise à jour de sécurité pour Windows XP (KB941568)

Mise à jour de sécurité pour Windows XP (KB941569)

Mise à jour de sécurité pour Windows XP (KB941644)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)

Mise à jour pour Windows XP (KB942763)

Mise à jour de sécurité pour Windows XP (KB943055)

Mise à jour de sécurité pour Windows XP (KB943460)

Mise à jour de sécurité pour Windows XP (KB943485)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)

Mise à jour de sécurité pour Windows XP (KB944653)

Mise à jour de sécurité pour Windows XP (KB946026)

Messenger Plus! Live

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft National Language Support Downlevel APIs

NVIDIA Drivers

OpenMG Limited Patch 4.1-05-13-31-01

Programme de gestion Camera de Logitech®

Icatch(IV) Camera Driver

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Lecteur Windows Media 11

Archiveur WinRAR

Windows Media Format 11 runtime

Windows Media Player 11

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Office 2000 Premium

Security Update for CAPICOM (KB931906)

livebox

AutoUpdate

Google Toolbar for Internet Explorer

OpenMG Secure Module 4.1.00

J2SE Runtime Environment 5.0 Update 3

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 5

PaperPort Image Printer

MSXML 4.0 SP2 (KB927978)

SAGEM F@st 800-840

Sony Ericsson PC Suite

neroxml

Samsung USB Driver

MSXML 4.0 SP2 Parser and SDK

DivX Codec

VSO CopyToDVD 4

DivX Player

Microsoft Office Professional Edition 2003

REALTEK Gigabit and Fast Ethernet NIC Driver

Nero 7 Ultra Edition

Brother MFL-Pro Suite

Adobe Reader 8.1.2 - Français

Samsung Master

Assistant de connexion Windows Live

DivX Converter

Apple Mobile Device Support

ScanSoft PaperPort 11

DivX Web Player

Apple Software Update

Windows Live Messenger

MSXML 4.0 SP2 (KB936181)

Dual Mode Digital Camera 2.0M

Logiciel QuickCam de Logitech

DivX Content Uploader

GTA San Andreas

QuickTime

Adobe Photoshop CS

Windows Live installer

Navigateur Orange

Orange - Logiciels Internet

CiD Help

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"Updater"="C:\\WINDOWS\\system32\\updater\\explorer.exe"

"ORAHSSSessionManager"="C:\\Program Files\\Orange\\SessionManager\\SessionManager.exe"

"SystrayORAHSS"="\"C:\\Program Files\\Orange\\Systray\\SystrayApp.exe\""

"EoEngine"=""

"EoWeather"=""

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

"SSBkgdUpdate"="\"C:\\Program Files\\Fichiers communs\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"

"PaperPort PTD"="\"C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe\""

"IndexSearch"="\"C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe\""

"PPort11reminder"="\"C:\\Program Files\\ScanSoft\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\ScanSoft\\PaperPort\\11\\Config\\Ereg\\Ereg.ini"

"BrMfcWnd"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"

"ControlCenter3"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""

"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""

Bot Check:

SERVICE_NAME: wscsvc

DISPLAY_NAME : Centre de sécurité

START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess

DISPLAY_NAME : Pare-feu Windows / Partage de connexion Internet

START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv

DISPLAY_NAME : Mises à jour automatiques

START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice

DISPLAY_NAME : Service de restauration système

START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"WaitToKillServiceTimeout"="15"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

"Shell"="Explorer.exe"

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment

ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\

windir REG_EXPAND_SZ %SystemRoot%

OS REG_SZ Windows_NT

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

SAFEBOOT_OPTION REG_SZ MINIMAL

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Authentication Packages REG_MULTI_SZ msv1_0\

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midi"="wdmaud.drv"

"midi1"="wdmaud.drv"

Non-Default IFEO Debugger:

Non-Default Installed Components:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{ed3df1a7-e9ad-41c7-a62a-1cda6e33f517}

StubPath REG_SZ RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

<NO NAME> REG_SZ Personnalisation du navigateur

Version REG_SZ 0,0,0,0

Non-Default Safeboot Minimal:

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]

@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]

@="\"C:\\Program Files\\Orange\\Launcher\\Launcher.exe\" -appid serviceweb -args %1"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]

@="\"C:\\Program Files\\Orange\\Launcher\\Launcher.exe\" -appid serviceweb -args %1"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]

@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]

@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]

@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

[snooky]

Poste le rapport créé avec Blacklight :

ftp://ftp.f-secure.com/f-prot/tools/fsbl.exe

[half-life]

Rapport :

Finish

Scan targets :

Hidden processes

Hidden files and folders

Status :

Scan completed

No hidden items were found

Summary :

Hidden items found : 0

Items queued for renaming : 0

[snooky]

Ton pc est clean .

Passe Clean v2.0 by FRUiT , procédure 1 en mode sans échec .

Coche et fixe toutes les lignes 04 avec Hijackthis .

[kardiakkris]

Re,

Je voudrais savoir ce que je peux faire maintenant.

Le rapport Hijackthis donne ça :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:44:12, on 05/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\wuauclt.exe

c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Outlook Express\msimn.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\SS\Bureau\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"

O4 - HKLM\..\Run: [Epson Rappel concernant l'enregistrement] "C:\WINDOWS\temp\NavBrowser.exe" /r /i "C:\WINDOWS\temp\NavLoad.ini"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 6713 bytes

Merci snooky.

[snooky]

RAS ton rapport.

Un souci ?

[kardiakkris]

OK, OK.

Merci snooky.

ça rentre.

[Truc22]

désolé, je n'ai pas pu réponfre plus tôt.

Le scan en mode sans échec n'a pas rien détecter(j'avait déjà tenté avent d'arriver sur le forum)

[SilverSam]

Salut snooky, peux-tu me dire si j'ai quelque chose de graves sur mon PC ???

Logfile of HijackThis v1.99.1

Scan saved at 20:39:41, on 05/04/2008

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHookLaunch.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files\Razer\Copperhead\razerhid.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Razer\Copperhead\razerofa.exe

C:\Program Files\ASUS\AI Suite\CpuLevelUpHook32.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Outlaw\Desktop\Antivirus\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Logiciels\Acrobat reader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - E:\Logiciels\3ds max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Merci de ton aide :)

[Kris159]

Bonjour à tous,

Je viens de choper un ver "adobeR", que je pense avoir effacé et à la suite de ça je me suis dit que j'allais tous vérifier par la même occasion.

J'ai déjà utiliser Spybot, CCleaner, Ad-aware et maintenant c'est Hijack et là il me faut votre avis sur le log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:59:16, on 06/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

D:\Program Files\POP Peeper\POPPeeper.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

D:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\system32\lxdccoms.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

d:\Program Files\Winamp\Winamp.exe

C:\WINDOWS\explorer.exe

D:\Program Files\Firefox (portable)\firefox\firefox.exe

d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

d:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [OpwareSE2] "D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [OPSE reminder] "D:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "D:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "d:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [POP Peeper] "d:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [PMCRemote] d:\Program Files\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: DSLMON.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207390580015

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF866E50-A428-41C3-AFB3-02BB474D42F6}: NameServer = 86.64.145.140 84.103.237.140

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5749 bytes

[Aoren]

Hello Snooky

voilà j'ai chopé un p'tit trojen qu'Antivir s'est amusé à me rappeler une dizaine de fois

alors voici le rapport Hijack' :

Logfile of HijackThis v1.99.1

Scan saved at 12:29:53, on 06/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolbar.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\dllhost.exe

c:\windows\system32\rwwnw64d.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\tcntlkdn.exe

C:\WINDOWS\system32\bharebio01\bharebio011065.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\AusLogics Disk Defrag\diskdefrag.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\logiciel\antirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [{6D-DA-A9-9C-DW}] c:\windows\system32\rwwnw64d.exe DWram

O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart

O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntlkdn.exe DWram

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntlkdn.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

merci d'avance

[snooky]

@ Aoren :

Supprime ces fichiers :

rwwnw64d

tcntlkdn

atgban

Lance SDFix en mode sans échec :

http://mickael.barroux.free.fr/securite/sdfix.php

Analyse ton pc en mode sans échec avec Antivir.

___________________________________________________

@ Kris159 :

Désinstalle Spybot et Ad-Aware .

Analyse ton pc en mode sans échec avec Antivir.

____________________________________________________

@SilverSam :

Désinstalle Spybot et autre ad-Aware !

Désactive Windows Defender :

http://infomars.fr/forum/index.php?showtop...indows+defender

[SilverSam]

Merci beaucoup snooky !!! sinon rien de méchant détecté ????

@+

[Aoren]

les scans n'ont rien révélé

j'ai supprimé :

rwwnw64d

tcntlkdn

atgban

mais bon je crois qu'il reste encore quelques saloperies :

Logfile of HijackThis v1.99.1

Scan saved at 18:59:37, on 07/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\jkwnw64j.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\WINDOWS\system32\tcntlkdn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\logiciel\antirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [{6D-DA-A9-9C-DW}] C:\WINDOWS\system32\jkwnw64j.exe DWram

O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntlkdn.exe DWram

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jkwnw64j.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe

O4 - Global Startup: UltraMon.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

merci

[snooky]

@ Aoren :

... Manque le rapport SDFix .

Coche et fixe également ces lignes avec Hijackthis :

O4 - HKLM\..\Run: [{6D-DA-A9-9C-DW}] C:\WINDOWS\system32\jkwnw64j.exe DWram

O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\tcntlkdn.exe DWram

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jkwnw64j.exe

Poste également un nouveau rapport Hijackthis après avoir passé SDFix .

[Kris159]

Merci snooky!

Ad-aware et spybot ? y'en a plus besoin?

[phildelo]

Bonsoir. Comme beaucoup de monde, je fais appel à vous. En effet depuis quelques jours je suis inondé de pop-up "CiD" Il m'est impossible d'enlever ces apparitions. J'ai fait un scan avec HitjackThis, que voici, j'espère que vous y verrez plus clair que moi. Merci d'avance..

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\tsnp2std.exe

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Mio Technology\MioSync\mioSync.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\setup bin.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [COOLTHE] C:\DOCUME~1\Phil\APPLIC~1\AIMSIZ~1\armybias.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Lancer Voissa Anonymo - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe

O9 - Extra 'Tools' menuitem: Tools Menu Item - {C80DDAAA-310C-459B-9535-8370B4EBDA1F} - C:\Program Files\Voissa anonymo\Voissaanonymo.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_13.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[snooky]

Merci snooky!

Ad-aware et spybot ? y'en a plus besoin?

Exact .