remimer Posté(e) le 17 février 2009 Partager Posté(e) le 17 février 2009 Bonjour à tout le monde ! Voilà, je voudrai faire un petit check-up de mon système. J'ai remarqué que dans msconfig, dans mes programmes au démarrage, il y avait ceci : "I downloaded pirated software from p2p" (ce qui n'st pas faux ) mais ce truc ne devrait pas y être. De plus, ma navigation sur internet est parfois difficile (en général, quand je navigue sur le net, j'éteins Kerio). Voici mon log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:29:53, on 17/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Razer\Diamondback 3G\razerhid.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Razer\Diamondback 3G\razertra.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Razer\Diamondback 3G\razerofa.exe C:\Windows\system32\WTablet\Wacom_TabletUser.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Windows\system32\SearchFilterHost.exe F:\Softwares\System Softs\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] Need for Speed Carbon O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Kyuubi-Barre.lnk = C:\Users\Gore\AppData\Roaming\KyuubiBarre\PF\KyuubiBarre.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{61F0C888-4CA4-4ACA-8394-22FE74CC7160}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe -- End of file - 6160 bytes Alors docteur, y' a-t-il quelque chose à rectifier ? Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 17 février 2009 Auteur Partager Posté(e) le 17 février 2009 Coche et fixe cette ligne : O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] Need for Speed Carbon Lien vers le commentaire Partager sur d’autres sites More sharing options...
remimer Posté(e) le 17 février 2009 Partager Posté(e) le 17 février 2009 Coche et fixe cette ligne :O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] Need for Speed Carbon Merci Snooky !!! Sinon le reste ça va ? Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 19 février 2009 Partager Posté(e) le 19 février 2009 Bonjour, Je ne connaissais pas votre forum avant aujourd'hui et j'ai découvert la caverne d'Ali Baba ! Il est d'hors et déjà dans mes marques pages et y restera pour longtemps. Je suis pas lèche-cul mais tout les autres "forums d'informatique" sont bien moins efficacement structuré ! Voici le post que j'ai laisser sur un autre forum : Bonjour,J'ai pour habitude, lorsqu'un problème tracasse mon PC, d'appliquer les divers conseils que le net m'offre. Ainsi j'avais originellement : - Bitdefender ; - EasyCleaner ; - Spybot ; - Adaware ; - Malwarebytes ; - Ccleaner ; - Regseeker ; - Disk Defrag. Que j'utilisais régulièrement (ne laissant en tache de fond uniquement Bitdefender pour ne pas créer de conflit). De plus, il me semble que je ne suis ni fou, ni bête, ni suicidaire. Je me sortait donc aisément de mes soucis grâce aux quelques notions que j'avais pu glaner sur la toile, cependant cette fois-ci le problème semble plus compliqué. En effet, je n'ai pas pu cerné le problème en lui-même (c.à.d. sont origine), ayant plusieurs symptômes différencier mes recherches concernant un point précis du dysfonctionnement général n'ont rien donné. Mes symptômes : Bitdefender c'est mis à ne plus fonctionner, j'ai tenté de faire au plus simple : désinstaller/réinstaller, premier problème, impossible de réinstaller Bitdefender. De même pour certaines autres applications, par exemple : Adobe Reader qui ne marcher plus et qui est impossible à réinstaller. Dans le même style, à peu prés tous les softs cités plus haut ne fonctionnent plus. Deuxième problème, j'ai Orange comme FAI, donc j'ai une Livebox (relier par ethernet), selon les jours la connexion internet de mon PC s'interrompt au bout de 5 minutes de 'surf' (au minimum) à une heures (grand maximum). L'unique moyen pour retrouver une connexion : le reboot mais pas de la Livebox mais bien du PC alors qu'un autre PC (également relier par ethernet) garde une connexion ininterrompu. (J'ai précisé que les PC sont relié par 'ethernet' simplement pour monter que la configuration de connexion au réseaux est bien la même, pour établir le fait que le problème vient bien du PC en question.) On peut noter aussi le fait que le transfert de données et bien plus lent (je rame !). (Ces deux points sont indifférant en mode sans échec et mode sans échec avec connexion réseau.) Sommes toutes, ce n'est pour l'instant pas bien grave mais je redoute le jour ou le PC ne s'allumera plus et où les données seront envolées ! Alors je vous demande de l'aide n'ayant pas trouver de topic annonçant la même pathologie que la mienne. S'il vous plait chères camarades 'informaticiens' guidez et apprenez moi les 'hijackthis et compagnie' ou autres artilleries lourdes. Merci à vous ! P.S.: La solution la plus efficace serait de reformater en sauvegardant les données mais je n'ai ni disque dur externe ni argent pour en acheter. (Bien que quelque soit la situation il me serait utile.) :( Et le challenger vous en faite quoi ?! (Vous noterez que j'évoque hijackthis :-p ) A la recherche d'une section qui aurait pu s'intituler : "J'ai un problème mais je sais pas ce que c'est !!" je suis tomber sur ce post http://www.pcinpact.com/forum/index.php?s=...t&p=1346998 où était écrit : Comportements bizarres du systeme ? Vous vous êtes peut -être fait hacké ! Vérifiez ça ! Lien pointant ici, donc me voilà ! Important : le lien pointant faire téléchargement direct ne marche plus (du moins chez moi et aujourd'hui) J'ai cependant télécharger le .exe pour l'install... Malheureusement je ne peux pas installer le soft ><' et je n'ai pas trouver ou faire le scan online. (Je croix que ça existe) Je suis désoler si j'ai poster à un mauvaise endroit mais je ne sais où poster ceci si ce n'est ici puisqu'a la basse je voulait poster un rapport hijackthis. Si vous pouvez m'aider je ne dirais pas non... Merci EDIT : En attendant de pouvoir faire un rapport Hijackthis je vais essayer un scan antivirus a partir d'un CD bootable. Désolé d'avoir pollué le topic Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 19 février 2009 Auteur Partager Posté(e) le 19 février 2009 Désinstalle tout ça : - Bitdefender ; - EasyCleaner ; - Spybot ; - Adaware ; - Malwarebytes ; - Regseeker ; Redémarre le pc et lance ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe Poste le rapport créé. Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 20 février 2009 Partager Posté(e) le 20 février 2009 Bonjour (et oui c'est déjà le matin), Aprés une longue bataille (que j'ai perdu) avec divers CDs de boot, je suis donc repasser par ici j'ai vu le post, merci pour la réponse , puis j'ai compris ensuite que le lien vers Hijackthis devais marcher tout a fait correctement comme je le pensée puisqu'a son tour le lien vers ComboFix ne marcher pas, je les donc télécharger depuis un autre PC, mais l'anecdote n'est toujours pas fini : impossible de lancer l'application ! Je l'ai donc renommé d'où le "Arcenciel.exe" dans le rapport (De même pour le BitDeder, c'est du renommage à l'arrache car ComboFix me disait que j'avais BitDefender en tache de fond.) ComboFix 09-02-18.01 - OLIVIER 2009-02-20 1:49:52.1 - NTFSx86Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1674 [GMT 1:00] Lancé depuis: c:\documents and settings\OLIVIER\Bureau\Arcenciel.exe AV: BitDefender Antivirus *On-access scanning enabled* (Outdated) . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\OLIVIER\Application Data\inst.exe c:\windows\system32\_006384_.tmp.dll c:\windows\system32\_006385_.tmp.dll c:\windows\system32\_006386_.tmp.dll c:\windows\system32\_006387_.tmp.dll c:\windows\system32\_006394_.tmp.dll c:\windows\system32\_006396_.tmp.dll c:\windows\system32\_006397_.tmp.dll c:\windows\system32\_006399_.tmp.dll c:\windows\system32\_006400_.tmp.dll c:\windows\system32\_006403_.tmp.dll c:\windows\system32\_006404_.tmp.dll c:\windows\system32\_006406_.tmp.dll c:\windows\system32\_006407_.tmp.dll c:\windows\system32\_006408_.tmp.dll c:\windows\system32\_006410_.tmp.dll c:\windows\system32\_006413_.tmp.dll c:\windows\system32\_006414_.tmp.dll c:\windows\system32\_006418_.tmp.dll c:\windows\system32\_006419_.tmp.dll c:\windows\system32\_006421_.tmp.dll c:\windows\system32\_006424_.tmp.dll c:\windows\system32\_006426_.tmp.dll c:\windows\system32\_006428_.tmp.dll c:\windows\system32\_006429_.tmp.dll c:\windows\system32\_006430_.tmp.dll c:\windows\system32\_006433_.tmp.dll c:\windows\system32\_006434_.tmp.dll c:\windows\system32\_006435_.tmp.dll c:\windows\system32\_006436_.tmp.dll c:\windows\system32\_006437_.tmp.dll c:\windows\system32\_006442_.tmp.dll c:\windows\system32\_006443_.tmp.dll c:\windows\system32\d3d8caps.dat c:\windows\system32\drivers\TDSSmqlt.sys c:\windows\system32\regsvr32.dll c:\windows\system32\TDSShrxr.dll c:\windows\system32\TDSSkkbi.log c:\windows\system32\TDSSlxwp.dll c:\windows\system32\TDSSmtql.dll c:\windows\system32\TDSSmtvd.dat c:\windows\system32\TDSSnmxh.log c:\windows\system32\TDSSoiqt.dll c:\windows\system32\TDSSrhyp.log c:\windows\system32\TDSSsahc.dll c:\windows\system32\TDSSxfum.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv.sys -------\Legacy_TDSSserv.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-20 au 2009-02-20 )))))))))))))))))))))))))))))))))))) . 2009-02-18 22:29 . 2009-02-18 22:29 <REP> d-------- c:\documents and settings\OLIVIER\.idlerc 2009-02-18 22:28 . 2009-02-18 22:28 <REP> d-------- C:\Python26 2009-02-18 08:49 . 2009-02-18 08:49 <REP> d-------- c:\documents and settings\OLIVIER\Application Data\LancomePersonal.45C6314A57459556F3A96F5E9E2D15007918E010.1 2009-02-16 11:58 . 2009-02-16 11:58 <REP> d-------- c:\documents and settings\OLIVIER\Application Data\Thinstall 2009-02-09 17:26 . 2009-02-09 17:26 <REP> d-------- C:\OpenSSL 2009-02-09 17:26 . 2009-02-09 17:26 155,648 --a------ c:\windows\system32\libssl32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-20 00:40 --------- d-----w c:\program files\BitDeder 2009-02-20 00:25 --------- d-----w c:\program files\QuickTime 2009-02-20 00:24 --------- d-----w c:\program files\Malwarebytes 2009-02-20 00:23 --------- d-----w c:\program files\AGEIA Technologies 2009-02-20 00:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-19 23:56 --------- d-----w c:\program files\Firefox 2009-02-19 10:38 --------- d-----w c:\documents and settings\OLIVIER\Application Data\OpenOffice.org2 2009-02-19 08:47 --------- d-----w c:\documents and settings\OLIVIER\Application Data\uTorrent 2009-02-17 21:18 --------- d-----w c:\documents and settings\OLIVIER\Application Data\HPAppData 2009-02-16 16:03 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-16 16:03 --------- d-----w c:\program files\Fichiers communs\InstallShield 2009-02-13 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-08 11:05 --------- d-----w c:\program files\Messenger Plus! Live 2009-01-18 11:40 --------- d-----w c:\documents and settings\OLIVIER\Application Data\SumatraPDF 2009-01-18 11:32 --------- d-----w c:\program files\SumatraPDF 2009-01-15 18:58 --------- d-----w c:\program files\Guitar Pro 5 2008-12-23 15:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard 2008-12-23 15:42 --------- d-----w c:\program files\MSBuild 2008-12-23 15:36 --------- d-----w c:\program files\ma-config.com 2008-12-09 20:17 31 ----a-w c:\documents and settings\OLIVIER\jagex_runescape_preferences.dat 2008-02-25 08:57 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-12-29 19:07 47,360 ----a-w c:\documents and settings\OLIVIER\Application Data\pcouffin.sys 2008-11-03 15:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008110320081104\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mhkcjy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^OLIVIER^Menu Démarrer^Programmes^Démarrage^Lancome_Personal.lnk] path=c:\documents and settings\OLIVIER\Menu Démarrer\Programmes\Démarrage\Lancome_Personal.lnk backup=c:\windows\pss\Lancome_Personal.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xsjfn83jkemfofght [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-10-14 21:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] --a------ 2007-08-22 16:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-10 12:23 385024 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-10-19 08:49 270128 c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-08-09 38656] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 111112] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2008-07-04 19677] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651dff0b-3827-11db-9ea3-806d6172696f}] \Shell\AutoRun\command - H:\ASUSACPI.exe . Contenu du dossier 'Tâches planifiées' 2008-07-09 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) BHO-{B5B9D410-B9E5-4FD8-B427-036BDDC6B723} - (no file) WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file) HKLM-Run-BDWizReg - c:\program files\BitDefender\BitDefender 2009\bdwizreg.exe Notify-geBtSMcd - geBtSMcd.dll MSConfigStartUp-Rapget - c:\program files\Rapget\rapget.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uStart Page = hxxp://www.ethicle.com/fr uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {2B368CC4-1E19-4377-8636-48BC73536E78} = 192.168.1.1 FF - ProfilePath - c:\documents and settings\OLIVIER\Application Data\Mozilla\Firefox\Profiles\aqcw64ok.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ethicle.com/fr FF - plugin: c:\documents and settings\OLIVIER\Application Data\Mozilla\Firefox\Profiles\aqcw64ok.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-20 01:54:01 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-02-20 1:56:50 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-20 00:56:48 Avant-CF: 176,913,661,952 octets libres Après-CF: 177,992,519,680 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 221 --- E O F --- 2009-02-11 01:01:58 Voilà, je peux désormais utiliser hijackthis mais je ne sais pas du tout si ça m'est utile donc je compte sur vous (ou toi snooky qui semble être le grand mâge du Hijackthis ^^) Donc merci beaucoup (car j'ai déjà vu la différence) et... comme j'ai lu que : "Si tu ne sais pas : demande, si tu sais : partage !", je précise que je ne suis absolument pas contre quelques petits conseils bien sure ! Merci ! Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 20 février 2009 Auteur Partager Posté(e) le 20 février 2009 Désinstalle BitDefender ( bis ! ) Poste un rapport Hijackthis . Lance MBAM et suppruime tout ce qu'il trouve. Poste également le rapport créé par MBAM. Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 20 février 2009 Partager Posté(e) le 20 février 2009 Rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:15:16, on 20/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Firefox\firefox.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {B5B9D410-B9E5-4FD8-B427-036BDDC6B723} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://mallorie.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2B368CC4-1E19-4377-8636-48BC73536E78}: NameServer = 192.168.1.1 O20 - AppInit_DLLs: mhkcjy.dll O20 - Winlogon Notify: geBtSMcd - geBtSMcd.dll (file missing) O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5439 bytes Rapport MBAM : Malwarebytes' Anti-Malware 1.34Version de la base de données: 1782 Windows 5.1.2600 Service Pack 3 20/02/2009 19:25:35 mbam-log-2009-02-20 (19-25-31).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 152856 Temps écoulé: 28 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1005\Dc13\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir (Trojan.TDSS) -> No action taken. C:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1005\Dc13\Quarantine\C\WINDOWS\system32\TDSShrxr.dll.vir (Trojan.TDSS) -> No action taken. C:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1005\Dc13\Quarantine\C\WINDOWS\system32\TDSSmtql.dll.vir (Trojan.TDSS) -> No action taken. C:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1005\Dc13\Quarantine\C\WINDOWS\system32\TDSSoiqt.dll.vir (Trojan.TDSS) -> No action taken. C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP4\A0001001.dll (Trojan.TDSS) -> No action taken. C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP4\A0001002.dll (Trojan.TDSS) -> No action taken. C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP4\A0001003.dll (Trojan.TDSS) -> No action taken. C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP4\A0001004.dll (Trojan.TDSS) -> No action taken. Merci de l'aide Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 20 février 2009 Auteur Partager Posté(e) le 20 février 2009 Relance MBAM , analyse complète puis sélectionne et suppime tout ! Lance ensuite ComboFix , puis poste le rapport créé ( sans les balise Quote ) http://download.bleepingcomputer.com/sUBs/ComboFix.exe Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 20 février 2009 Partager Posté(e) le 20 février 2009 Voici le rapport de ComboFix : ComboFix 09-02-19.01 - Session Courante 2009-02-21 0:27:32.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1586 [GMT 1:00] Lancé depuis: c:\documents and settings\Session Courante\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Menu Démarrer\Programmes\Internet Explorer.lnk . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS -------\Service_TDSSserv.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-20 au 2009-02-20 )))))))))))))))))))))))))))))))))))) . 2009-02-20 18:50 . 2009-02-20 18:50 <REP> d-------- c:\documents and settings\Session Courante\Application Data\Thinstall 2009-02-20 18:44 . 2009-02-20 18:44 <REP> d-------- c:\program files\InstallShield 2009-02-20 18:44 . 2009-02-20 18:44 <REP> d-------- c:\program files\Fichiers communs\InstallShield 2009-02-20 18:44 . 2009-02-20 18:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision 2009-02-20 18:21 . 2009-02-20 18:21 <REP> d-------- c:\documents and settings\Session Courante\Contacts 2009-02-20 18:20 . 2009-02-20 18:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-02-20 17:56 . 2009-02-20 18:03 <REP> d-------- c:\windows\SxsCaPendDel 2009-02-20 17:56 . 2009-02-20 17:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-02-20 17:45 . 2009-02-20 18:26 <REP> d-------- c:\documents and settings\Session Courante\Application Data\HPAppData 2009-02-20 17:32 . 2009-02-20 18:45 <REP> d-------- c:\program files\Malwarebytes 2009-02-20 17:32 . 2009-02-20 17:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-20 17:32 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-20 17:32 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-20 17:22 . 2009-02-20 17:22 <REP> d-------- c:\documents and settings\Session Courante\Application Data\Malwarebytes 2009-02-20 16:47 . 2009-02-20 16:47 <REP> d-------- c:\documents and settings\All Users\Application Data\FlashFXP 2009-02-20 16:37 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Secondaire\Voisinage réseau 2009-02-20 16:37 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Secondaire\Voisinage d'impression 2009-02-20 16:37 . 2008-02-26 15:33 <REP> d---s---- c:\documents and settings\Session Secondaire\UserData 2009-02-20 16:37 . 2006-08-30 13:33 <REP> d--h----- c:\documents and settings\Session Secondaire\Modèles 2009-02-20 16:37 . 2006-08-30 13:54 <REP> dr------- c:\documents and settings\Session Secondaire\Mes documents 2009-02-20 16:37 . 2006-08-30 14:13 <REP> dr------- c:\documents and settings\Session Secondaire\Menu Démarrer 2009-02-20 16:37 . 2006-08-30 13:54 <REP> dr------- c:\documents and settings\Session Secondaire\Favoris 2009-02-20 16:37 . 2009-02-20 16:34 <REP> d-------- c:\documents and settings\Session Secondaire\Bureau 2009-02-20 16:37 . 2009-02-20 16:37 <REP> d-------- c:\documents and settings\Session Secondaire 2009-02-20 16:33 . 2009-02-20 16:33 <REP> d--h----- c:\documents and settings\All Users\Voisinage d'impression 2009-02-20 16:32 . 2009-02-20 16:32 <REP> d-------- c:\documents and settings\All Users\UserData 2009-02-20 16:31 . 2009-02-20 16:31 <REP> dr------- c:\documents and settings\All Users\Mes documents 2009-02-20 16:30 . 2009-02-20 16:30 <REP> d--h----- c:\documents and settings\All Users\Voisinage réseau 2009-02-20 16:18 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Courante\Voisinage réseau 2009-02-20 16:18 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Courante\Voisinage d'impression 2009-02-20 16:18 . 2009-02-20 17:45 <REP> d--hs---- c:\documents and settings\Session Courante\UserData 2009-02-20 16:18 . 2006-08-30 13:33 <REP> d--h----- c:\documents and settings\Session Courante\Modèles 2009-02-20 16:18 . 2009-02-20 18:42 <REP> dr------- c:\documents and settings\Session Courante\Mes documents 2009-02-20 16:18 . 2006-08-30 14:13 <REP> dr------- c:\documents and settings\Session Courante\Menu Démarrer 2009-02-20 16:18 . 2009-02-20 16:43 <REP> dr------- c:\documents and settings\Session Courante\Favoris 2009-02-20 16:18 . 2009-02-21 00:16 <REP> d-------- c:\documents and settings\Session Courante\Bureau 2009-02-20 16:18 . 2009-02-20 18:21 <REP> d-------- c:\documents and settings\Session Courante 2009-02-20 16:15 . 2009-02-20 16:15 <REP> d-------- c:\program files\Python26 2009-02-20 14:25 . 2009-02-20 14:25 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc 2009-02-20 14:22 . 2009-02-20 14:22 <REP> d-------- c:\documents and settings\Administrateur\Menu Démarrer 2009-02-20 05:15 . 2009-02-20 18:50 <REP> d-------- C:\Save de 'Mes Documments' 2009-02-20 05:05 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-02-20 05:05 . 2009-02-20 16:31 <REP> d-------- c:\documents and settings\Administrateur\UserData 2009-02-20 05:05 . 2009-02-20 16:30 <REP> d-------- c:\documents and settings\Administrateur\Modèles 2009-02-20 05:05 . 2009-02-20 15:49 <REP> dr------- c:\documents and settings\Administrateur\Mes documents 2009-02-20 05:05 . 2009-02-20 05:06 <REP> dr------- c:\documents and settings\Administrateur\Favoris 2009-02-20 05:05 . 2009-02-20 16:27 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2009-02-20 05:05 . 2009-02-20 15:49 <REP> d---s---- c:\documents and settings\Administrateur 2009-02-09 17:26 . 2009-02-09 17:26 <REP> d-------- C:\OpenSSL 2009-02-09 17:26 . 2009-02-09 17:26 155,648 --a------ c:\windows\system32\libssl32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-20 23:19 --------- d-----w c:\program files\Firefox 2009-02-20 15:54 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-02-20 15:48 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-20 15:47 --------- d-----w c:\program files\FlashFXP 2009-02-20 00:25 --------- d-----w c:\program files\QuickTime 2009-02-20 00:23 --------- d-----w c:\program files\AGEIA Technologies 2009-02-08 11:05 --------- d-----w c:\program files\Messenger Plus! Live 2009-01-18 11:32 --------- d-----w c:\program files\SumatraPDF 2009-01-15 18:58 --------- d-----w c:\program files\Guitar Pro 5 2008-12-23 15:42 --------- d-----w c:\program files\MSBuild 2008-12-23 15:36 --------- d-----w c:\program files\ma-config.com 2008-11-03 15:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008110320081104\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mhkcjy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xsjfn83jkemfofght [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-10-14 21:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] --a------ 2007-08-22 16:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-10 12:23 385024 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-10-19 08:49 270128 c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "aawservice"=3 (0x3) "Arrakis3"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "VSSERV"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "LIVESRV"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-08-09 38656] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2008-07-04 19677] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651dff0b-3827-11db-9ea3-806d6172696f}] \Shell\AutoRun\command - H:\ASUSACPI.exe . Contenu du dossier 'Tâches planifiées' 2008-07-09 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{B5B9D410-B9E5-4FD8-B427-036BDDC6B723} - (no file) Notify-geBtSMcd - geBtSMcd.dll . ------- Examen supplémentaire ------- . TCP: {2B368CC4-1E19-4377-8636-48BC73536E78} = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Session Courante\Application Data\Mozilla\Firefox\Profiles\we2lf0rb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.ethicle.com FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 00:31:09 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-02-21 0:33:45 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-20 23:33:42 Avant-CF: 174 969 901 056 octets libres Après-CF: 175,063,531,520 octets libres 194 --- E O F --- 2009-02-20 13:09:01 Merci. Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 21 février 2009 Auteur Partager Posté(e) le 21 février 2009 Regedit à taper dans Exécuter , puis recherche : TDSSserv.sys TDSSSserv.sys ... supprime les clés . Affiche les périphériques cachés > Pilotes non plug & play , puis supprime , si présents, les fichiers indiqués plus haut . Redémarre le pc en mode sans échec , puis relance MBAM et ComboFix ... poste les 2 rapports créés. Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 21 février 2009 Partager Posté(e) le 21 février 2009 Bonjour, Je n'est ni trouvé les clés dans le registre ni les pilotes ! Voici les rapport : ComboFix ComboFix 09-02-19.01 - Administrateur 2009-02-21 11:33:39.2 - NTFSx86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1754 [GMT 1:00] Lancé depuis: c:\documents and settings\Session Courante\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-21 au 2009-02-21 )))))))))))))))))))))))))))))))))))) . 2009-02-20 18:50 . 2009-02-20 18:50 <REP> d-------- c:\documents and settings\Session Courante\Application Data\Thinstall 2009-02-20 18:44 . 2009-02-20 18:44 <REP> d-------- c:\program files\InstallShield 2009-02-20 18:44 . 2009-02-20 18:44 <REP> d-------- c:\program files\Fichiers communs\InstallShield 2009-02-20 18:44 . 2009-02-20 18:44 <REP> d-------- c:\documents and settings\All Users\Application Data\Macrovision 2009-02-20 18:21 . 2009-02-20 18:21 <REP> d-------- c:\documents and settings\Session Courante\Contacts 2009-02-20 18:20 . 2009-02-20 18:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-02-20 17:56 . 2009-02-20 18:03 <REP> d-------- c:\windows\SxsCaPendDel 2009-02-20 17:56 . 2009-02-20 17:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-02-20 17:45 . 2009-02-20 18:26 <REP> d-------- c:\documents and settings\Session Courante\Application Data\HPAppData 2009-02-20 17:32 . 2009-02-20 18:45 <REP> d-------- c:\program files\Malwarebytes 2009-02-20 17:32 . 2009-02-20 17:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-20 17:32 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-20 17:32 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-20 17:22 . 2009-02-20 17:22 <REP> d-------- c:\documents and settings\Session Courante\Application Data\Malwarebytes 2009-02-20 16:47 . 2009-02-20 16:47 <REP> d-------- c:\documents and settings\All Users\Application Data\FlashFXP 2009-02-20 16:37 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Secondaire\Voisinage réseau 2009-02-20 16:37 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Secondaire\Voisinage d'impression 2009-02-20 16:37 . 2008-02-26 15:33 <REP> d---s---- c:\documents and settings\Session Secondaire\UserData 2009-02-20 16:37 . 2006-08-30 13:33 <REP> d--h----- c:\documents and settings\Session Secondaire\Modèles 2009-02-20 16:37 . 2006-08-30 13:54 <REP> dr------- c:\documents and settings\Session Secondaire\Mes documents 2009-02-20 16:37 . 2006-08-30 14:13 <REP> dr------- c:\documents and settings\Session Secondaire\Menu Démarrer 2009-02-20 16:37 . 2006-08-30 13:54 <REP> dr------- c:\documents and settings\Session Secondaire\Favoris 2009-02-20 16:37 . 2009-02-20 16:34 <REP> d-------- c:\documents and settings\Session Secondaire\Bureau 2009-02-20 16:37 . 2009-02-20 16:37 <REP> d-------- c:\documents and settings\Session Secondaire 2009-02-20 16:33 . 2009-02-20 16:33 <REP> d--h----- c:\documents and settings\All Users\Voisinage d'impression 2009-02-20 16:32 . 2009-02-20 16:32 <REP> d-------- c:\documents and settings\All Users\UserData 2009-02-20 16:31 . 2009-02-20 16:31 <REP> dr------- c:\documents and settings\All Users\Mes documents 2009-02-20 16:30 . 2009-02-20 16:30 <REP> d--h----- c:\documents and settings\All Users\Voisinage réseau 2009-02-20 16:18 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Courante\Voisinage réseau 2009-02-20 16:18 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Session Courante\Voisinage d'impression 2009-02-20 16:18 . 2009-02-20 17:45 <REP> d--hs---- c:\documents and settings\Session Courante\UserData 2009-02-20 16:18 . 2006-08-30 13:33 <REP> d--h----- c:\documents and settings\Session Courante\Modèles 2009-02-20 16:18 . 2009-02-20 18:42 <REP> dr------- c:\documents and settings\Session Courante\Mes documents 2009-02-20 16:18 . 2006-08-30 14:13 <REP> dr------- c:\documents and settings\Session Courante\Menu Démarrer 2009-02-20 16:18 . 2009-02-20 16:43 <REP> dr------- c:\documents and settings\Session Courante\Favoris 2009-02-20 16:18 . 2009-02-21 11:33 <REP> d-------- c:\documents and settings\Session Courante\Bureau 2009-02-20 16:18 . 2009-02-20 18:21 <REP> d-------- c:\documents and settings\Session Courante 2009-02-20 16:15 . 2009-02-20 16:15 <REP> d-------- c:\program files\Python26 2009-02-20 14:25 . 2009-02-20 14:25 <REP> d-------- c:\documents and settings\Administrateur\Application Data\vlc 2009-02-20 14:22 . 2009-02-20 14:22 <REP> d-------- c:\documents and settings\Administrateur\Menu Démarrer 2009-02-20 05:15 . 2009-02-20 18:50 <REP> d-------- C:\Save de 'Mes Documments' 2009-02-20 05:05 . 2006-08-30 14:13 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-02-20 05:05 . 2009-02-20 16:31 <REP> d-------- c:\documents and settings\Administrateur\UserData 2009-02-20 05:05 . 2009-02-20 16:30 <REP> d-------- c:\documents and settings\Administrateur\Modèles 2009-02-20 05:05 . 2009-02-20 15:49 <REP> dr------- c:\documents and settings\Administrateur\Mes documents 2009-02-20 05:05 . 2009-02-20 05:06 <REP> dr------- c:\documents and settings\Administrateur\Favoris 2009-02-20 05:05 . 2009-02-21 11:33 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2009-02-20 05:05 . 2009-02-20 15:49 <REP> d---s---- c:\documents and settings\Administrateur 2009-02-09 17:26 . 2009-02-09 17:26 <REP> d-------- C:\OpenSSL 2009-02-09 17:26 . 2009-02-09 17:26 155,648 --a------ c:\windows\system32\libssl32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 10:05 --------- d-----w c:\program files\Firefox 2009-02-20 15:54 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-02-20 15:48 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-20 15:47 --------- d-----w c:\program files\FlashFXP 2009-02-20 00:25 --------- d-----w c:\program files\QuickTime 2009-02-20 00:23 --------- d-----w c:\program files\AGEIA Technologies 2009-02-08 11:05 --------- d-----w c:\program files\Messenger Plus! Live 2009-01-18 11:32 --------- d-----w c:\program files\SumatraPDF 2009-01-15 18:58 --------- d-----w c:\program files\Guitar Pro 5 2008-12-23 15:42 --------- d-----w c:\program files\MSBuild 2008-12-23 15:36 --------- d-----w c:\program files\ma-config.com 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-04 15:52 2,131,968 ----a-w c:\windows\system32\python26.dll 2008-11-30 19:05 9,728 ----a-w c:\windows\system32\hackhound.exe 2008-11-30 19:02 10,000 ----a-w c:\windows\system32\gs73gfidgf.dll 2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe 2008-11-03 15:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008110320081104\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-21_ 0.33.06.93 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-20 17:07:58 72,534 ----a-w c:\windows\system32\perfc009.dat + 2009-02-21 10:32:57 72,390 ----a-w c:\windows\system32\perfc009.dat - 2009-02-20 17:07:58 86,658 ----a-w c:\windows\system32\perfc00C.dat + 2009-02-21 10:32:57 86,410 ----a-w c:\windows\system32\perfc00C.dat - 2009-02-20 17:07:58 444,468 ----a-w c:\windows\system32\perfh009.dat + 2009-02-21 10:32:57 444,324 ----a-w c:\windows\system32\perfh009.dat - 2009-02-20 17:07:58 513,860 ----a-w c:\windows\system32\perfh00C.dat + 2009-02-21 10:32:57 513,434 ----a-w c:\windows\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mhkcjy.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-10-14 21:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] --a------ 2007-08-22 16:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-10 12:23 385024 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-10-19 08:49 270128 c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "aawservice"=3 (0x3) "Arrakis3"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "VSSERV"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "LIVESRV"=2 (0x2) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-08-09 38656] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752] S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2008-07-04 19677] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{651dff0b-3827-11db-9ea3-806d6172696f}] \Shell\AutoRun\command - H:\ASUSACPI.exe . Contenu du dossier 'Tâches planifiées' 2008-07-09 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [] . . ------- Examen supplémentaire ------- . TCP: {2B368CC4-1E19-4377-8636-48BC73536E78} = 192.168.1.1 FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 11:35:34 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-02-21 11:36:32 ComboFix-quarantined-files.txt 2009-02-21 10:36:31 ComboFix2.txt 2009-02-20 23:33:45 Avant-CF: 180 552 830 976 octets libres Après-CF: 180,540,354,560 octets libres 188 --- E O F --- 2009-02-20 13:09:01 Malwarebytes Malwarebytes' Anti-Malware 1.34 Database version: 1782 Windows 5.1.2600 Service Pack 3 21/02/2009 11:54:17 mbam-log-2009-02-21 (11-54-17).txt Scan type: Full Scan (C:\|) Objects scanned: 137122 Time elapsed: 15 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Merci. Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 21 février 2009 Auteur Partager Posté(e) le 21 février 2009 Le pc devrait aller mieux actuellement , non ? Lance Clean v2.0 by FRUiT , procédure 1 ... vise ma signature . Redémarre le pc et poste un rapport Hijackthis ... vise ma signature . Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 21 février 2009 Auteur Partager Posté(e) le 21 février 2009 @ Armel. : Ouvre Notepad et copie ce texte : File:: c:\windows\system32\hackhound.exe c:\windows\system32\gs73gfidgf.dll Renomme-le en CFScript.txt Dépose ensuite ce fichier sur l'icone ComboFix : Ne touche plus à rien ... le pc devrait redémarrer pour supprimer ces fichiers . Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 21 février 2009 Partager Posté(e) le 21 février 2009 Salut et encore merci pour le temps que tu à pris pour m'aider ! Donc, oui le PC vas mieux !! Clean v2.0 > Done Rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:10:02, on 21/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://mallorie.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2B368CC4-1E19-4377-8636-48BC73536E78}: NameServer = 192.168.1.1 O20 - AppInit_DLLs: mhkcjy.dll O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5120 bytes J'ai fais la manip' avec ComboFix, je n'ai pas posté le rapport car tu n'a pas précisé si je devais. (?) Merci. Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 21 février 2009 Auteur Partager Posté(e) le 21 février 2009 1) Recherche ce fichier sur le pc et supprime le : ( coche les Options avancées de la recherche ) mhkcjy.dll 2) Coche et Fix Checked ces lignes avec Hijackthis : O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing) O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - http://mallorie.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: mhkcjy.dll 3) Lance SDFix et poste le rapport créé : http://www.site-naheulbeuk.com/sdfix.php 4) Créer ensuite un rapport GSI , puis poste le lien de ce rapport dans ta réponse . Vise ma signature ... Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 21 février 2009 Partager Posté(e) le 21 février 2009 Je n'est pas trouvé : mhkcjy.dll Hijackthis > Fix Checked > Done Rapport SDFix : SDFix: Version 1.240 Run by Administrateur on 21/02/2009 at 16:19 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 16:22:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:eb,d1,5e,f4,85,b4,f1,33,32,48,af,91,f9,b3,8e,a8,35,a8,81,92,15,.. "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:6d,86,07,01,aa,77,21,e9,9e,3c,7f,67,08,0a,07,b9,c5,e6,2f,66,31,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,79,ea,03,02,17,fb,67,19,d1,ee,ed,90,07,77,9a,a9,4f,.. "khjeh"=hex:a5,a4,fc,7f,bf,c8,19,d8,b7,8f,7a,44,d0,25,b7,3d,31,43,a0,ee,16,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:bc,fb,30,13,d4,ff,f8,39,ab,80,e6,25,43,8e,1d,73,48,d5,b4,ed,ee,.. [HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001] "a0"=hex:20,01,00,00,af,67,29,33,cd,3e,47,8d,c3,47,d7,de,51,ce,c1,68,31,.. "ujdew"=hex:27,6a,a2,e5,e9,01,82,ff,37,21,ac,4a,cd,ae,a3,e8,90,d7,ec,bd,b8,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "OfflineDetectionPending"=dword:00000001 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9" "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10" "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Thu 20 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Mon 26 Jan 2009 1,740,632 A..H. --- "C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP13\A0011439.exe" Mon 26 Jan 2009 5,365,592 A..H. --- "C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP13\A0011440.exe" Mon 26 Jan 2009 2,144,088 A..H. --- "C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP13\A0011442.exe" Sun 27 Jul 2008 164,880 A..H. --- "C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP13\A0012640.dll" Sun 27 Jul 2008 164,880 A..H. --- "C:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP13\A0012921.dll" Tue 5 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Finished! Rapport GSI : http://gsi.kaspersky.fr/read.php?hl=fr&...amp;Microsoft=0 Merci. Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 21 février 2009 Auteur Partager Posté(e) le 21 février 2009 Affiche le fichiers cachés : http://www.informatruc.com/afficher_fichiers_caches.php hackhound.exe et gs73gfidgf.dll sont encore présents dans C:\WINDOWS\system32\ Supprime ces fichiers. Tape Regedit dans Exécuter , va à cette clé : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Puis dans le panneau de droite , supprime double clique sur AppInit_DLLs et supprime > mhkcjy.dll Désinstalle : Ad-Aware EasyCleaner Messenger Plus! Live + les versions de Java Installe la dernière en date : http://www.java.com/fr/download/installed.jsp Désactive et réactive la restauration système. Installe KAV2009 et lance une analyse complète : http://downloads.kaspersky-labs.com/trial/...8.0.0.506fr.exe Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 21 février 2009 Partager Posté(e) le 21 février 2009 hackhound.exe / gs73gfidgf.dll > Supprimés. Je n'ai pas compris comment faire dans regedit car quand je double-clique ça me donne ça : Voulant épurer ma liste d'applications j'avais, il y a quelque temps, tenté de désinstaller certaines applications mais du faite de mon 'infection' (surement) je n'ai pas pu via "Ajout/Suppression", j'avais donc à l'époque alors supprimé à la bourrin les fichiers de "Program Files". Là j'ai vu un petit tuto et j'ai donc supprimé des clés de registre des softs que tu m'a dit mais je ne sais pas si ils sont vraiment désinstallé et je ne sais pas comment faire pour savoir si ils le sont ou non, peut être faut-il que je fasse un scan des clés de registre pour supprimer celle qui sont obsolètes. (?) J'ai réinstaller Java, fais la manip' de la restauration de fichier (fallait-il redémarrer entre la désactivation et la réactivation ?). J'ai télécharger, installer, lancer Kaspersky mais je ne sais pas comment on l'utilise pour supprimer les fichers infectés... Une fois le scan fini que doit-je faire ? Merci pour ton aide future !! Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 22 février 2009 Auteur Partager Posté(e) le 22 février 2009 AppInit_DLLs et supprime > mhkcjy.dll > si ce fichier n'est pas inscrit dans " valeur " , c'est bon Oui , tu peux supprimer les programmes obsolètes dans Regedit ... là-dedans : HKEY_LOCAL_MACHINE\SOFTWARE Pour Kaspersky , as-tu eu des alertes pour supprimer des fichiers ? Fait une capture d'écran de Menaces détectées / Toutes les menaces ( élargit la colonne " Objet " ) Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 22 février 2009 Partager Posté(e) le 22 février 2009 Pour Kaspersky , as-tu eu des alertes pour supprimer des fichiers ? Euh... à quoi ça ressemble ? Voilà la capture : Le rapport au cas ou : Quick Scan: stopped 21/02/2009 20:56:15 (events: 511, objects: , time: 00:00:00) 21/02/2009 20:56:15 Task stopped 21/02/2009 20:54:47 Task started Quick Scan: stopped 21/02/2009 20:56:15 (events: 511, objects: , time: 00:00:00) 21/02/2009 21:03:56 Task started 21/02/2009 21:04:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\quicktimeplayer.exe 21/02/2009 21:15:36 Detected: http://www.viruslist.com/sch/advisories/31010 c:\program files\Java\jre1.6.0_04\bin\java.exe 21/02/2009 21:15:46 Detected: http://www.viruslist.com/sch/advisories/31010 c:\program files\Java\jre1.6.0_05\bin\java.exe 21/02/2009 21:20:57 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\PictureViewer.qtr 21/02/2009 21:20:57 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:57 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:57 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:57 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\quicktimeplayer.exe 21/02/2009 21:20:57 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:57 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\pl.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:58 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\ru.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:59 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:59 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:59 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr 21/02/2009 21:20:59 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:00 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\nb.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\pl.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ru.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:01 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\pl.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:02 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:03 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:03 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:03 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr 21/02/2009 21:21:05 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.cpl 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\CoreVideo.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\nb.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\pl.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ru.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:06 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\pt_PT.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:07 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:07 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:07 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr 21/02/2009 21:21:07 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\QuickTime.qtr 21/02/2009 21:21:07 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:07 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:07 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:08 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\pl.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:09 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:10 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\pt_PT.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:11 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\pl.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ru.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:12 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:13 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:15 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\pl.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:16 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:17 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\pl.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\pt_PT.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ru.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr 21/02/2009 21:21:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:19 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\nb.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\pl.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\pt_PT.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ru.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:20 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:21 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\pl.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ru.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:22 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\nb.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\pl.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\pt_PT.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ru.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:23 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\en.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:24 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\ko.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\nb.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\nl.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\pl.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\pt_PT.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\ru.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\sv.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeImageLocalized.qtr 21/02/2009 21:21:26 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr 21/02/2009 21:21:26 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\da.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:26 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\de.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:26 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:26 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:27 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:27 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:27 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:27 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:27 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:27 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\nb.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:28 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:28 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\pl.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:28 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\pt_PT.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:28 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\ru.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:28 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:29 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:29 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr 21/02/2009 21:21:29 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\QuickTimeMPEG.qtr 21/02/2009 21:21:29 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\da.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:29 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\de.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:29 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\en.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:29 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\fi.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\fr.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\it.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\nb.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\nl.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\pl.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:30 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\pt_PT.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\ru.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\sv.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeMPEGLocalized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\da.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\de.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\es.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\fi.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:31 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\fr.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\ko.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\nb.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\nl.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\pl.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\pt_PT.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\ru.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:32 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeMPEG4Localized.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeMPEG4Authoring.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\de.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:33 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\pl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt_PT.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\ru.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:34 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeMPEG4AuthoringLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\de.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\es.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\fi.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\fr.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:35 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\it.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\nb.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\nl.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\pl.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\pt_PT.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\ru.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeMusicLocalized.qtr 21/02/2009 21:21:36 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\QuickTimeQD3D.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\da.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\de.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\en.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\es.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\fi.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\fr.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\it.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\ja.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\ko.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\nb.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:37 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\nl.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\pl.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\pt_PT.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\ru.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\sv.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\zh_CN.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\zh_TW.lproj\QuickTimeQD3DLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:38 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:39 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\pl.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\ru.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeStreamingAuthoring.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\de.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:40 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\pl.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:41 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt_PT.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\ru.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:42 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\nb.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\pl.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\pt_PT.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\ru.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:43 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeStreamingExtrasLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\da.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\de.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\es.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\fi.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\fr.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\it.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:44 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\ja.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\ko.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\nb.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\nl.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\pl.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\pt_PT.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\ru.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\sv.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeVRLocalized.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeVRAuthoring.qtr 21/02/2009 21:21:45 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:46 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\nb.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\pl.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\pt_PT.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\ru.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeVRAuthoringLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:47 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:48 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\pl.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\ru.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\QuickTimePlayer.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\da.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\de.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:49 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\en.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\es.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\fi.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\fr.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\it.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\ja.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\ko.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\nb.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\nl.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\pl.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\pt_PT.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:50 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\ru.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:51 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\sv.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:51 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\zh_CN.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:21:51 Detected: http://www.viruslist.com/sch/advisories/29293 c:\program files\quicktime\QuickTimePlayer.Resources\zh_TW.lproj\QuickTimePlayerLocalized.qtr 21/02/2009 21:22:56 Detected: Trojan.Win32.Agent.artu c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc26.dll 21/02/2009 21:22:56 Detected: Trojan-Downloader.Win32.Agent.ahyl c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe/# 21/02/2009 21:22:56 Untreated: Trojan.Win32.Agent.artu c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc26.dll Postponed 21/02/2009 21:22:56 Untreated: Trojan-Downloader.Win32.Agent.ahyl c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe/# Postponed 21/02/2009 21:22:56 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe 21/02/2009 21:22:56 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe 21/02/2009 21:25:14 Detected: Trojan.Win32.Agent.artu c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013894.dll 21/02/2009 21:25:14 Untreated: Trojan.Win32.Agent.artu c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013894.dll Postponed 21/02/2009 21:25:15 Detected: Trojan-Downloader.Win32.Agent.ahyl c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe/# 21/02/2009 21:25:15 Untreated: Trojan-Downloader.Win32.Agent.ahyl c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe/# Postponed 21/02/2009 21:25:15 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe 21/02/2009 21:25:15 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe 21/02/2009 21:37:33 Detected: http://www.viruslist.com/sch/advisories/28083 c:\WINDOWS\system32\Flash8.ocx 21/02/2009 21:38:25 Detected: http://www.viruslist.com/sch/advisories/29293 c:\WINDOWS\system32\QuickTime.qts 21/02/2009 21:41:47 Detected: Trojan.Win32.Agent.artu c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc26.dll 21/02/2009 21:41:49 Deleted: Trojan.Win32.Agent.artu c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc26.dll 21/02/2009 21:41:49 Detected: Trojan-Downloader.Win32.Agent.ahyl c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe/# 21/02/2009 21:41:49 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe 21/02/2009 21:41:49 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe 21/02/2009 21:41:49 Deleted: HEUR:Trojan-Downloader.Win32.Generic c:\RECYCLER\S-1-5-21-2081330374-912010594-3031177693-1016\Dc27.exe 21/02/2009 21:41:49 Detected: Trojan.Win32.Agent.artu c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013894.dll 21/02/2009 21:41:49 Deleted: Trojan.Win32.Agent.artu c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013894.dll 21/02/2009 21:41:49 Detected: Trojan-Downloader.Win32.Agent.ahyl c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe/# 21/02/2009 21:41:49 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe 21/02/2009 21:41:49 Detected: HEUR:Trojan-Downloader.Win32.Generic c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe 21/02/2009 21:41:49 Deleted: HEUR:Trojan-Downloader.Win32.Generic c:\System Volume Information\_restore{B9F117E8-F56C-426C-86B3-A37F8A254ED8}\RP17\A0013895.exe 21/02/2009 21:41:49 Task completed Quick Scan: stopped 21/02/2009 20:56:15 (events: 511, objects: , time: 00:00:00) 21/02/2009 21:48:27 Task completed 21/02/2009 21:47:09 Task started Quick Scan: stopped 21/02/2009 20:56:15 (events: 511, objects: , time: 00:00:00) 22/02/2009 12:03:29 Task completed 22/02/2009 12:01:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\WINDOWS\system32\QuickTime.qts 22/02/2009 12:00:26 Detected: http://www.viruslist.com/sch/advisories/28083 c:\WINDOWS\system32\Flash8.ocx 22/02/2009 11:39:22 Detected: http://www.viruslist.com/sch/advisories/31010 c:\program files\Java\jre1.6.0_05\bin\java.exe 22/02/2009 11:39:14 Detected: http://www.viruslist.com/sch/advisories/31010 c:\program files\Java\jre1.6.0_04\bin\java.exe 22/02/2009 11:29:46 Task started Je ne sais absolument pas ce que je dois faire. Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 22 février 2009 Auteur Partager Posté(e) le 22 février 2009 Inutile le rapport . Tu dois regarder ici : Pour ceci , ce sont des vulnérabilités , pas des virus . Autrement dit , des applications pas à jour ... il faut donc les supprimer et installer les dernières applications en date. 22/02/2009 12:01:18 Detected: http://www.viruslist.com/sch/advisories/29293 c:\WINDOWS\system32\QuickTime.qts22/02/2009 12:00:26 Detected: http://www.viruslist.com/sch/advisories/28083 c:\WINDOWS\system32\Flash8.ocx 22/02/2009 11:39:22 Detected: http://www.viruslist.com/sch/advisories/31010 c:\program files\Java\jre1.6.0_05\bin\java.exe 22/02/2009 11:39:14 Detected: http://www.viruslist.com/sch/advisories/31010 c:\program files\Java\jre1.6.0_04\bin\java.exe Java , c'est fait me semble ... te reste Flashplayer et Quicktime : ( clic pour situer le fichier sur ton disque , puis supprime ) http://www.adobe.com/shockwave/welcome/ http://www.apple.com/fr/quicktime/download/ Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 22 février 2009 Auteur Partager Posté(e) le 22 février 2009 Fait un nettoyage avec Tools Cleaner : http://www.pcinpact.com/forum/index.php?sh...l=tools+cleaner Lien vers le commentaire Partager sur d’autres sites More sharing options...
snooky Posté(e) le 22 février 2009 Auteur Partager Posté(e) le 22 février 2009 Configure l'analyse de KAV 2009 de la sorte : ( clique ensuite sur Appliquer pour donner cette config à toutes les analyses ) Lien vers le commentaire Partager sur d’autres sites More sharing options...
Armel. Posté(e) le 22 février 2009 Partager Posté(e) le 22 février 2009 Fait une capture d'écran de Menaces détectées / Toutes les menaces ( élargit la colonne " Objet " ) Je ne sais pas si tu la vu mais j'avais posté ça : J'ai réinstallé les applications cités. Cependant je me suis rendu compte que à chaque boot/reboot (fais correctement) s'affiche un message (du même genre que lorsqu'on choisit le mode sans échec) où est écrit quelque chose dans le genre "L'ordinateur n'a pas été éteins correctement choisissais un mode de démarrage : Window$ Recovery Files Window$ XP Familliale" C'est trés approximatif car au bout de 3 seconde le PC choisit celui qu'il préfère (XP) et le message dispparait, et j'ai jamais appuyé sur une touche pour choisir moi même. Je ne l'ai pas dit plus tôt car les reboot ou boot que je faisiait les jours précedant était précédé d'annalyse Hijackthis, ComboFix et autres softs que tu ma recommandé. Hier j'ai eu une coupure de connexion internet mais ça a peu-être voire surement aucun lien mais bon... Enfin, suite aux multiples désinstallations j'ai voulu faire un scan de registre, j'ai essayé d'abord avec JV16 PowerTools impossible de supprimer les clés de registres (dites sans risques à la suppresion), ensuite avec RegCleaner impossible à lancer : regclenr.exe dans le gestionnaire de taches mais rien... Lien vers le commentaire Partager sur d’autres sites More sharing options...
Messages recommandés
Archivé
Ce sujet est désormais archivé et ne peut plus recevoir de nouvelles réponses.