Je pense etre infecté par un virus qui n'est pas detecter

Bonjour,

je pense vraiment que mon pc doit etre infecté, de plus dans mon task manager je peut voir que le CPU est souvent a 100% meme si je fait rien avec mon ordi, apres passage avec different anti virus j'ai trouver quelques infections mais ca reste pareil apres le nettoyage, aujourd'hui rien n'est detecter mais par contre mon CPU lui reste a 100%...

Merci de m'aider SVP...

Bonsoir,


1) Télécharge HiJackThis de Merijn sur ton bureau.

- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note

- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller

Aide : N'hésite pas à consulter l'aide HiJackThis


A plus tard.

Salut et merci d'avoir répondu,

je viens de faire le scan avec hijackthis comme tu le demande, avant de lancer le scan j'ai arrêter tout mes programmes, voici le résultat :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:16 AM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb(...)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb(...)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9105C663-5A7A-488A-BEC7-5B96943423AB}: NameServer = 211.103.158.182,202.106.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{9105C663-5A7A-488A-BEC7-5B96943423AB}: NameServer = 211.103.158.182,202.106.0.20
O20 - Winlogon Notify: iifgGYom - iifgGYom.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 6530 bytes




Voila merci de me dire si ca va ou pas en tous cas joyeux noel a tous et encore merci Curson pour l'aide....

Peace out !!!

Bonjour,

Ton système est infecté.


1) Désinstalle AVG Anti-Spyware ; il n'est plus mis à jour.


2) Es-tu affilié à un FAI chinois (bta.net.cn) ?


3) Télécharge OTViewIt de OldTimer sur ton bureau.

- Ferme toutes les fenêtres et applications.
- Double clique sur OTViewIt.exe pour le lancer.
- Dans la liste déroulante "File Age" choisis : 30 days (ou selon votre choix)
- Clique sur le bouton "Run Scan".
- Patiente quelques minutes.
- le bloc note va s'ouvrir, poste les deux rapports obtenus dans ta prochaine réponse.

Si le bloc note ne s'ouvre pas, tu les trouveras sur ton bureau : OTViewIt.txt et Extras.txt


A plus tard.

Bonjour,

Merci beaucoup pour les infos , effectivement je reviens de chine ou j'y est travailler les 8 dernières années, donc mon pc a été acheter la bas est dernièrement je possédais donc un accès internet avec un fournisseur chinois.

sinon j'ai fais le scan avec OTViewIt en mode 30days dans " file age " et voici les 2 rapports :




OTViewIt logfile created on: 12/30/2008 19:04:39 - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Christina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.98 Mb Total Physical Memory | 713.09 Mb Available Physical Memory | 70.81% Memory free
2.37 Gb Paging File | 2.20 Gb Available in Paging File | 92.78% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 31.33 Gb Free Space | 42.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRSITINA
Current User Name: Christina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/17 05:57:18 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/17 05:57:18 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/07/01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
[2008/12/30 17:11:21 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christina\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/23 05:41:29 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2007/10/23 18:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/11/17 05:57:18 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/10/23 18:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/02/01 09:12:44 | 00,151,552 | ---- | M] (Droppix) -- C:\Program Files\Common Files\Droppix\DxService.exe -- (Droppix Service [On_Demand | Stopped])
[2008/07/01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2008/07/01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
[2007/05/31 19:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Stopped])
[2008/12/15 16:53:49 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
[2003/06/19 16:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
[2007/06/28 22:02:08 | 01,049,856 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag [Auto | Stopped])
[2003/07/28 05:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/05/16 10:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Stopped])
[2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Stopped])
[2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Stopped])
[2007/10/18 04:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/11/20 20:15:10 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\3dbB1.sys -- (3dbB1 [On_Demand | Stopped])
[2008/11/20 19:45:24 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\797A9.sys -- (797A9 [On_Demand | Stopped])
[2003/10/23 12:17:10 | 00,100,384 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2008/11/18 21:59:50 | 00,054,624 | ---- | M] () -- C:\WINDOWS\system32\afd1E4.sys -- (afd1E4 [On_Demand | Stopped])
[2003/06/27 12:53:44 | 01,196,352 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2004/08/03 23:32:22 | 00,231,552 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2006/11/17 06:02:24 | 01,133,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
File not found -- -- (AVG Anti-Spyware Driver [Disabled | Running])
File not found -- -- (AvgAsCln [Disabled | Running])
[2003/05/22 02:47:12 | 00,175,360 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k [On_Demand | Running])
[2008/07/01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2008/07/01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2003/03/02 10:44:26 | 00,007,552 | ---- | M] () -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl [Auto | Running])
[2008/07/01 09:04:40 | 00,034,312 | ---- | M] () -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir [System | Running])
[2007/05/31 19:01:30 | 00,021,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
[2007/02/19 06:56:46 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd [On_Demand | Running])
[2001/08/23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/03/14 07:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2008/04/13 15:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/10/24 12:02:12 | 00,578,816 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2003/04/18 17:32:04 | 00,004,736 | ---- | M] () -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl [Auto | Running])
[2008/06/12 19:54:53 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2005/07/12 20:55:00 | 00,013,840 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track [On_Demand | Running])
[2001/08/17 14:48:14 | 00,011,520 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack [On_Demand | Stopped])
[2001/08/23 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
E&xporter vers Microsoft Excel: C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2008/01/09 15:01:48 | 00,053,248 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 07:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 17:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 22:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 22:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 17:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 22:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}: http://webscanner.kaspersky.fr/kavwebscan_unicode.cab -- CKAVWebScan Object
{20A60F0D-9AFA-4515-A0FD-83BD84642501}: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab -- Checkers Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb(...) -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb(...) -- MUWebControl Class
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}: http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...) -- HouseCall Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
CabBuilder: http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{9105C663-5A7A-488A-BEC7-5B96943423AB} (Servers: 211.103.158.182,202.106.0.20 | Description: Broadcom NetXtreme Fast Ethernet)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
iifgGYom: "DllName" = iifgGYom.dll -- File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/05/01 15:57:31 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cae97a0-63ea-11dd-a0f1-00061bda8d0a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cae97a0-63ea-11dd-a0f1-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cae97a0-63ea-11dd-a0f1-00061bda8d0a}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 22:42:06 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cae97a0-63ea-11dd-a0f1-00061bda8d0a}\Shell\´ò¿ª(&O)\command]
""=E:\autorun\autorun.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f8d6e6a-7a54-11dd-a11e-00061bda8d0a}\Shell\Auto\command]
""=C:\WINDOWS\system32\cmd.exe -- [2008/04/13 22:42:16 | 00,389,120 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f8d6e6a-7a54-11dd-a11e-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f8d6e6a-7a54-11dd-a11e-00061bda8d0a}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 22:42:06 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab9a60b5-27fe-11dd-a0e5-00061bda8d0a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab9a60b5-27fe-11dd-a0e5-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab9a60b5-27fe-11dd-a0e5-00061bda8d0a}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 22:42:06 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab9a60b5-27fe-11dd-a0e5-00061bda8d0a}\Shell\´ò¿ª(&O)\command]
""=F:\autorun\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c75e9b39-7e0d-11dd-a123-00061bda8d0a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c75e9b39-7e0d-11dd-a123-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c75e9b39-7e0d-11dd-a123-00061bda8d0a}\Shell\AutoRun\command]
""=F:\memorybar.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979057-1f58-11dd-a0e2-00061bda8d0a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979057-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979057-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 22:42:06 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979057-1f58-11dd-a0e2-00061bda8d0a}\Shell\´ò¿ª(&O)\command]
""=F:\autorun\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979058-1f58-11dd-a0e2-00061bda8d0a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979058-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979058-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 22:42:06 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979058-1f58-11dd-a0e2-00061bda8d0a}\Shell\´ò¿ª(&O)\command]
""=G:\autorun\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979060-1f58-11dd-a0e2-00061bda8d0a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979060-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979060-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 22:42:06 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979060-1f58-11dd-a0e2-00061bda8d0a}\Shell\´ò¿ª(&O)\command]
""=F:\autorun\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11877a3-7aec-11dd-a11f-00061bda8d0a}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11877a3-7aec-11dd-a11f-00061bda8d0a}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11877a3-7aec-11dd-a11f-00061bda8d0a}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 22:42:06 | 08,461,312 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11877a3-7aec-11dd-a11f-00061bda8d0a}\Shell\´ò¿ª(&O)\command]
""=E:\autorun\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=F:\inst_32\autorun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=C:\WINDOWS\system32\reg.exe -- [2008/04/13 22:42:34 | 00,050,176 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/30 17:10:55 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Christina\Desktop\OTViewIt.exe
[2008/12/28 16:36:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\CHRISTINA DOCS
[2008/12/26 19:31:41 | 00,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\www.happyneuron.fr.lnk
[2008/12/26 19:31:41 | 00,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Coach Cérébral 3.lnk
[2008/12/26 19:31:18 | 00,000,000 | ---D | C] -- C:\Program Files\Happyneuron
[2008/12/26 19:29:02 | 40,337,408 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\Coach Cérébral 3.iso
[2008/12/21 10:49:41 | 69,136,976 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Christina\Desktop\avg_iswt_stf_g7_8_227a1407.exe
[2008/12/21 01:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\pour nelly2
[2008/12/18 19:50:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Desktop\emule complet
[2008/12/17 11:50:24 | 00,350,032 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\Cswskax5.ocx
[2008/12/17 11:50:24 | 00,260,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msflxgrd.ocx
[2008/12/17 11:50:24 | 00,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Richtx32.ocx
[2008/12/17 11:50:24 | 00,198,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mci32.ocx
[2008/12/17 11:50:24 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ComDlg32.ocx
[2008/12/17 11:50:23 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ComCtl32.ocx
[2008/12/17 11:50:23 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vb6fr.dll
[2008/12/17 11:50:23 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2008/12/17 11:50:23 | 00,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmctlfr.dll
[2008/12/17 11:50:23 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\FLXGDFR.DLL
[2008/12/17 11:50:23 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Rchtxfr.dll
[2008/12/17 11:50:23 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mcifr.dll
[2008/12/17 11:50:23 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdlgfr.dll
[2008/12/17 11:50:23 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctfr.dll
[2008/12/17 11:50:17 | 00,000,000 | ---D | C] -- C:\Program Files\FoxTarot4
[2008/12/15 16:47:05 | 16,319,896 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\jre-6u11-windows-i586-p-s.exe
[2008/12/15 10:56:30 | 12,200,745 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\Earths Forbidden Secrets Part One.pdf
[2008/12/14 13:40:23 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\ogacheckcontrol.dll
[2008/12/14 13:39:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Local Settings\Application Data\ESET
[2008/12/14 11:15:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\HijackThis.lnk
[2008/12/14 11:15:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 11:13:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Christina\Application Data\Malwarebytes
[2008/12/14 11:13:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:13:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 11:13:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 11:13:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 11:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 09:39:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2008/12/13 22:13:07 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2008/12/13 22:13:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/12/13 16:26:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Kaspersky Lab
[2008/12/13 11:50:50 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/13 11:50:45 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/12/12 15:45:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/12/12 15:45:54 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2008/12/10 09:34:43 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2008/12/10 09:34:38 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2008/12/10 09:31:51 | 00,000,000 | -H-D | C] -- C:\Program Files\svchostt
[2008/12/09 10:38:44 | 00,690,896 | ---- | C] () -- C:\Documents and Settings\Christina\Desktop\GTA4_PC_Map.pdf
[2008/12/07 16:35:42 | 00,000,292 | -H-- | C] () -- C:\sqmdata01.sqm
[2008/12/07 16:35:42 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2008/12/07 09:53:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\report
[2008/12/07 09:53:27 | 21,272,617 | ---- | C] () -- C:\WINDOWS\LPT$VPN.693
[2008/12/07 09:51:16 | 01,972,560 | ---- | C] () -- C:\WINDOWS\tsc.ptn
[2008/12/07 09:51:16 | 00,345,157 | ---- | C] (CompanyName) -- C:\WINDOWS\tsc.exe
[2008/12/07 09:51:16 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2008/12/07 09:51:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\AU_Backup
[2008/12/07 09:51:15 | 01,213,784 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\vsapi32.dll
[2008/12/07 09:51:15 | 00,091,744 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\BPMNT.dll
[2008/12/07 09:51:00 | 21,272,617 | ---- | C] () -- C:\WINDOWS\VPTNFILE.693
[2008/12/07 09:48:50 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2008/12/07 09:48:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\AU_Temp
[2008/12/07 09:48:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\AU_Log
[2008/12/05 09:42:10 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/05 09:41:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2008/12/04 18:22:47 | 00,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/12/30 17:11:21 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christina\Desktop\OTViewIt.exe
[2008/12/30 13:51:44 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/30 13:51:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/30 13:51:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/30 13:51:11 | 00,133,987 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2008/12/26 19:31:41 | 00,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\www.happyneuron.fr.lnk
[2008/12/26 19:31:41 | 00,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Coach Cérébral 3.lnk
[2008/12/26 15:41:49 | 05,367,020 | -H-- | M] () -- C:\Documents and Settings\Christina\Local Settings\Application Data\IconCache.db
[2008/12/26 10:08:10 | 40,337,408 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\Coach Cérébral 3.iso
[2008/12/22 11:44:07 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2008/12/21 10:52:26 | 69,136,976 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Christina\Desktop\avg_iswt_stf_g7_8_227a1407.exe
[2008/12/19 15:05:01 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\Christina\My Documents\My Sharing Folders.lnk
[2008/12/15 16:48:27 | 16,319,896 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\jre-6u11-windows-i586-p-s.exe
[2008/12/15 10:57:28 | 12,200,745 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\Earths Forbidden Secrets Part One.pdf
[2008/12/14 13:40:23 | 00,676,224 | ---- | M] () -- C:\WINDOWS\System32\ogacheckcontrol.dll
[2008/12/14 11:15:17 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\HijackThis.lnk
[2008/12/14 11:13:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 11:10:12 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\CCleaner.lnk
[2008/12/13 11:50:50 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 07:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/13 00:15:25 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/12/12 12:02:08 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/09 10:38:45 | 00,690,896 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\GTA4_PC_Map.pdf
[2008/12/07 16:35:42 | 00,000,292 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/07 16:35:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/07 13:47:12 | 00,000,823 | ---- | M] () -- C:\WINDOWS\TSC.INI
[2008/12/07 09:51:17 | 01,972,560 | ---- | M] () -- C:\WINDOWS\tsc.ptn
[2008/12/07 09:51:16 | 01,213,784 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\vsapi32.dll
[2008/12/07 09:51:16 | 00,345,157 | ---- | M] (CompanyName) -- C:\WINDOWS\tsc.exe
[2008/12/07 09:51:16 | 00,071,749 | ---- | M] () -- C:\WINDOWS\hcextoutput.dll
[2008/12/07 09:51:15 | 21,272,617 | ---- | M] () -- C:\WINDOWS\VPTNFILE.693
[2008/12/07 09:51:15 | 21,272,617 | ---- | M] () -- C:\WINDOWS\LPT$VPN.693
[2008/12/07 09:51:15 | 00,091,744 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\BPMNT.dll
[2008/12/07 09:48:50 | 00,000,170 | ---- | M] () -- C:\WINDOWS\GetServer.ini
[2008/12/03 19:54:08 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:54:04 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >









ET VOICI LE RAPPORT 2 : EXTRAS








OTViewIt Extras logfile created on: 12/30/2008 19:04:39 - Run 4
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Christina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1006.98 Mb Total Physical Memory | 713.09 Mb Available Physical Memory | 70.81% Memory free
2.37 Gb Paging File | 2.20 Gb Available in Paging File | 92.78% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 31.33 Gb Free Space | 42.04% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRSITINA
Current User Name: Christina
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 22:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 17:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 04:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 10:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 22:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 17:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/07/30 06:08:17 | 00,177,152 | ---- | M] () -- C:\Documents and Settings\Christina\Desktop\utorrent161.exe:*:Enabled:µTorrent
[2007/10/18 04:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 10:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\MSNShell\Bin\engie.exe:*:Enabled:MSNShell
File not found -- C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe:*:Enabled:Firefox
File not found -- C:\Documents and Settings\Christina\Desktop\C&C Alerte Rouge 2 [FULL FR][PC]\GAME.EXE:*:Enabled:Main executable for Red Alert 2
[2008/08/01 18:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe:*:Enabled:eMule
[2007/02/15 22:40:50 | 00,274,432 | ---- | M] (www.moofdev.org) -- C:\Documents and Settings\Christina\Desktop\RatioMaster-1.7.5\RatioMaster.exe:*:Enabled:Ratio Master
File not found -- C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV
[2008/04/13 22:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe:*:Enabled:Control

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2006/10/26 12:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 04:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2006/10/26 12:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2006/10/26 12:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 11:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/10/18 04:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/03/14 06:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 06:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 06:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{30120000-00B2-040C-0000-0000000FF1CE}"=Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta)
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{3407FD83-0A2F-475E-BE94-34F1FA342C84}"=ESET NOD32 Antivirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}"=O&O Defrag Professional Edition
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}"=System Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}"=ULi USB2.0 Controller Driver
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{D1DE3B55-D506-4291-BFDF-2DCBBAE277A3}"=ULi Audio Accelerator WDM Driver
"{D65F0073-A820-4085-B997-A061171595A7}"=oggcodecs
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem"=Agere Systems AC'97 Modem
"ATI Display Driver"=ATI Display Driver
"BSPlayer1"=BSPlayer
"CCleaner"=CCleaner (remove only)
"Coach Cérébral 3"=Coach Cérébral 3
"DxStd2_is1"=Droppix Recorder 2
"eMule"=eMule
"Foxit Software"=Foxit PDF Suite
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"Kaspersky Online Scanner"=Kaspersky Online Scanner
"Kaspersky On-line Scanner"=Kaspersky On-line Scanner
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.9.0
"Mahjong"=Mahjong (Supprimer uniquement)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Power Management Driver"=ThinkPad Power Management Driver
"PowerISO"=PowerISO
"RealPlayer 6.0"=RealPlayer
"TrackPoint"=ThinkPad TrackPoint Driver
"Trend Micro HouseCall 6.6"=HouseCall 6.6
"VLC media player"=VideoLAN VLC media player 0.8.6e
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 12/30/2008 13:19:47 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7034
Description = The System Update service terminated unexpectedly. It has done this
1 time(s).

Error - 12/30/2008 13:19:50 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7034
Description = The ThinkVantage Registry Monitor Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/30/2008 13:19:52 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7034
Description = The TVT Scheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 12/30/2008 13:19:57 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7034
Description = The ThinkPad PM Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/30/2008 13:20:03 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/30/2008 13:21:04 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/30/2008 13:22:13 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 12/30/2008 13:22:17 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 12/30/2008 13:22:19 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).

Error - 12/30/2008 13:22:23 | Computer Name = CHRSITINA | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
3 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.


< End of report >




Voila, merci encore pour les infos Curson, en esperant resoudre ce probleme rapidement, sinon je penser a tous réinstaller, mais bon je vais patienter et suivre les conseils, en attendant bonne année

Bonsoir,

Ton système est très infecté.


1) Désactive les logiciels de protection (Antivirus, Antispywares) puis :


2) Télécharge Combofix de sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!


3) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

- Enregistre-le sous le nom de CFScript

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


4) Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

- Lance l'installation avec les paramètres par défaut
- Branche tes sources de données externes (clés USB, HDD externes, lecteurs MP3) à ton PC sans les ouvrir
- Double clique sur le raccourci UsbFix sur ton bureau
- Le pc va redémarrer
- Après redémarrage, poste le rapport UsbFix.txt (il est sauvegardé a la racine du disque dur).


5) Fais un scan complet de tous tes supports avec Malwarebytes' Anti-Malware et poste le rapport obtenu dans ton prochain message.


A plus tard.

Bonjour,

J'ai tout suivie a la lettre, merci d'avoir détailler les procédures j'ai pu tout faire rapidement,

voici le résultat de Combofix:



Combofix has detected that this machine does not have the " windows recovery console " it would be in your best inetrest to have it installed.....

donc j'ai fait install




puis le rapport:


ComboFix 08-12-30.02 - Christina 2008-12-31 9:36:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.365 [GMT 1:00]
Running from: c:\documents and settings\Christina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Christina\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
* Resident AV is active


FILE ::
c:\documents and settings\Christina\Desktop\avg_iswt_stf_g7_8_227a1407.exe
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
c:\windows\GetServer.ini
c:\windows\LPT$VPN.693
c:\windows\VPTNFILE.693
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Christina\Application Data\.#
c:\documents and settings\Christina\Desktop\avg_iswt_stf_g7_8_227a1407.exe
c:\program files\Alwil Software
c:\program files\Alwil Software\Avast4\Setup\setup.ini
c:\program files\Grisoft
c:\program files\Grisoft\AVG Anti-Spyware 7.5\campaign.dll
c:\program files\svchostt
c:\program files\svchostt\svchost.exe
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
c:\windows\AU_Backup
c:\windows\AU_Backup\1\27\backup.000
c:\windows\AU_Backup\AuBackup.ini
c:\windows\AU_Log
c:\windows\AU_Log\TmuDump.txt
c:\windows\AU_Temp
c:\windows\AU_Temp\1\27\hcextoutput.dll
c:\windows\AU_Temp\1\27\tsc.exe
c:\windows\AU_Temp\1\27\tsc.ini
c:\windows\AU_Temp\1\27\tsc.ptn
c:\windows\AU_Temp\2\4\BPMNT.dll
c:\windows\AU_Temp\2\4\vsapi32.dll
c:\windows\AU_Temp\3\4\lpt$vpn.693
c:\windows\AU_Temp\AU_Down\engine\engv87_nt386.zip
c:\windows\AU_Temp\AU_Down\pattern\vsapi693.zip
c:\windows\AU_Temp\AU_Down\product\auhccup1.zip
c:\windows\AU_Temp\AU_Down\product\hctsc.zip
c:\windows\AU_Temp\AuPatch.ini
c:\windows\AU_Temp\AuResult.ini
c:\windows\AU_Temp\server.ini
c:\windows\GetServer.ini
c:\windows\LPT$VPN.693
c:\windows\report
c:\windows\report\20081207.log
c:\windows\system32\ogacheckcontrol.dll
c:\windows\VPTNFILE.693

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_3DBB1
-------\Legacy_797A9
-------\Legacy_AVGASCLN
-------\Legacy_AVG_ANTI-SPYWARE_DRIVER
-------\Service_3dbB1
-------\Service_797A9


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-26 19:31 . 2008-12-26 19:31 <DIR> d-------- c:\program files\Happyneuron
2008-12-17 11:50 . 2008-12-17 11:53 <DIR> d-------- c:\program files\FoxTarot4
2008-12-17 11:50 . 2000-05-22 17:58 608,448 --a------ c:\windows\system32\ComCtl32.ocx
2008-12-15 16:54 . 2008-12-15 16:53 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-14 11:15 . 2008-12-14 11:15 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 11:13 . 2008-12-14 11:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 11:13 . 2008-12-14 11:13 <DIR> d-------- c:\documents and settings\Christina\Application Data\Malwarebytes
2008-12-14 11:13 . 2008-12-14 11:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 11:13 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 11:13 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 09:39 . 2008-12-14 10:57 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-13 22:13 . 2008-12-13 22:13 <DIR> d-------- c:\program files\ESET
2008-12-13 22:13 . 2008-12-13 22:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-13 16:26 . 2008-12-13 16:26 <DIR> d-------- c:\windows\system32\Kaspersky Lab
2008-12-12 15:45 . 2008-12-12 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-10 09:34 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-07 09:51 . 2008-12-07 09:51 1,972,560 --a------ c:\windows\tsc.ptn
2008-12-07 09:51 . 2008-12-07 09:51 1,213,784 --a------ c:\windows\vsapi32.dll
2008-12-07 09:51 . 2008-12-07 09:51 345,157 --a------ c:\windows\tsc.exe
2008-12-07 09:51 . 2008-12-07 09:51 91,744 --a------ c:\windows\BPMNT.dll
2008-12-07 09:51 . 2008-12-07 09:51 71,749 --a------ c:\windows\hcextoutput.dll
2008-12-05 09:42 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-04 18:22 . 2008-01-21 17:43 13,576 --a------ c:\windows\system32\wnaspi32.dll
2008-11-20 20:45 . 2008-11-20 20:45 <DIR> d-------- C:\fsaua.data
2008-11-20 20:15 . 2008-11-20 20:15 2,335,270 --a------ c:\windows\system32\742B0.mht
2008-11-20 20:15 . 2008-11-20 20:15 54,624 --a------ c:\windows\system32\3dbB1.sys
2008-11-20 19:45 . 2008-11-20 19:45 54,624 --a------ c:\windows\system32\797A9.sys
2008-11-20 19:44 . 2008-11-20 19:44 2,335,270 --a------ c:\windows\system32\1beA8.mht
2008-11-18 21:59 . 2008-11-18 21:59 2,335,270 --a------ c:\windows\system32\53b1E3.mht
2008-11-18 21:59 . 2008-11-18 21:59 54,624 --a------ c:\windows\system32\afd1E4.sys
2008-11-17 16:44 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-17 16:43 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-17 15:40 . 2008-11-17 15:40 <DIR> d-------- c:\program files\Seagate
2008-11-17 14:06 . 2008-11-17 14:25 <DIR> d-------- c:\program files\My Video Converter
2008-11-17 14:06 . 2008-11-17 14:18 67 --a------ c:\windows\My Video Converter.INI
2008-11-13 20:38 . 1994-09-21 00:00 92,208 --a------ c:\windows\system\WING.DLL
2008-11-13 20:38 . 1994-09-21 00:00 12,800 --a------ c:\windows\system\WING32.DLL
2008-11-06 17:08 . 2008-12-05 09:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-06 16:26 . 2008-11-06 16:26 507,904 --a------ c:\windows\TMUPDATE.DLL
2008-11-06 16:26 . 2008-11-06 16:26 286,720 --a------ c:\windows\PATCH.EXE
2008-11-06 16:26 . 2008-11-06 16:26 69,689 --a------ c:\windows\UNZIP.DLL
2008-11-06 16:26 . 2008-12-07 13:47 823 --a------ c:\windows\TSC.INI
2008-11-05 22:21 . 2008-11-05 22:21 <DIR> d-------- c:\documents and settings\Christina\Application Data\Apple Computer
2008-11-03 22:50 . 2008-11-03 22:50 <DIR> d-------- c:\program files\Common Files\Lenovo
2008-11-03 21:52 . 2008-11-03 21:52 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-03 20:54 . 2008-11-03 21:03 <DIR> d-------- c:\windows\system32\ALIEHCI
2008-11-03 20:54 . 2003-04-03 11:13 274,944 --a------ c:\windows\system32\drivers\ALi51WDM.sys
2008-11-03 20:54 . 2002-11-27 10:54 65,536 --a------ c:\windows\system32\ALi51Cpl.cpl
2008-11-03 20:54 . 2001-11-13 21:24 35,587 --a------ c:\windows\system32\rmusb20.EXE
2008-11-03 20:54 . 2001-11-13 21:24 35,587 --a------ c:\windows\system32\remove.exe
2008-11-03 20:54 . 2005-04-15 16:53 28,672 --a------ c:\windows\system32\Unusb20.exe
2008-11-03 20:54 . 2003-03-07 10:15 28,672 --a------ c:\windows\system32\UnAudio.exe
2008-11-03 20:54 . 2002-11-27 10:57 20,480 --a------ c:\windows\system32\ALi51Snd.exe
2008-11-03 20:54 . 2003-04-08 13:30 18,498 --a------ c:\windows\system32\drivers\ALi51WDM.cat
2008-11-03 20:54 . 2000-01-07 15:20 12,288 --a------ c:\windows\system32\PCIVP.SYS
2008-11-03 20:54 . 2008-11-03 21:04 6,958 --a------ c:\windows\system32\ALiEHCI.isu
2008-11-03 20:54 . 2008-11-03 21:03 3,862 --a------ c:\windows\system32\ALiAudio.isu
2008-11-03 20:50 . 2001-09-19 14:32 720,896 --a--c--- c:\windows\system32\dllcache\a3d.dll
2008-11-03 20:50 . 2001-09-19 14:32 720,896 --a------ c:\windows\system32\a3d.dll
2008-11-03 20:50 . 2003-10-24 12:02 578,816 --a------ c:\windows\system32\drivers\smwdm.sys
2008-11-03 20:50 . 2003-10-23 12:17 100,384 --a------ c:\windows\system32\drivers\aeaudio.sys
2008-11-03 20:50 . 2003-04-08 11:30 3,744 --a------ c:\windows\system32\drivers\smsens.sys
2008-11-03 20:40 . 2008-11-03 20:42 <DIR> d-------- c:\program files\QuickTime
2008-11-03 20:40 . 2008-11-03 20:40 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-03 20:39 . 2008-11-03 20:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-03 20:36 . 2008-12-13 10:09 <DIR> d-------- c:\documents and settings\Christina\Application Data\Uniblue
2008-11-03 20:36 . 2008-12-13 10:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-03 19:25 . 2008-11-03 19:25 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-03 19:19 . 2008-11-03 19:22 <DIR> d-------- c:\windows\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 08:36 --------- d-----w c:\documents and settings\Christina\Application Data\uTorrent
2008-12-26 18:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 16:27 --------- d-----w c:\program files\eMule
2008-12-15 15:53 --------- d-----w c:\program files\Java
2008-12-13 09:06 --------- d-----w c:\program files\Project64 1.6
2008-12-13 09:02 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-04 17:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-06 21:21 --------- d-----w c:\program files\CCleaner
2008-11-06 17:26 --------- d-----w c:\documents and settings\Christina\Application Data\dvdcss
2008-11-03 21:50 --------- d-----w c:\program files\Lenovo
2008-11-03 20:52 --------- d-----w c:\program files\Common Files\Real
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-06-28 22:01 2512128 c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 00:50 233472 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2008-03-04 10:34 487424 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Christina\\Desktop\\utorrent161.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\Christina\\Desktop\\RatioMaster-1.7.5\\RatioMaster.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2005-07-12 13840]
S3 afd1E4;afd1E4;\??\c:\windows\system32\afd1E4.sys [2008-11-18 54624]
S3 Droppix Service;Droppix Service;"c:\program files\Common Files\Droppix\DxService.exe" [2008-05-22 151552]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Reg/setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cae97a0-63ea-11dd-a0f1-00061bda8d0a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AutoRun\Autorun.exe
\Shell\´ò¿ª(&O)\command - e:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f8d6e6a-7a54-11dd-a11e-00061bda8d0a}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9a60b5-27fe-11dd-a0e5-00061bda8d0a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AutoRun\Autorun.exe
\Shell\´ò¿ª(&O)\command - f:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c75e9b39-7e0d-11dd-a123-00061bda8d0a}]
\Shell\AutoRun\command - F:\memorybar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb979057-1f58-11dd-a0e2-00061bda8d0a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AutoRun\Autorun.exe
\Shell\´ò¿ª(&O)\command - f:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb979058-1f58-11dd-a0e2-00061bda8d0a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AutoRun\Autorun.exe
\Shell\´ò¿ª(&O)\command - g:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb979060-1f58-11dd-a0e2-00061bda8d0a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AutoRun\Autorun.exe
\Shell\´ò¿ª(&O)\command - f:\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e11877a3-7aec-11dd-a11f-00061bda8d0a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AutoRun\Autorun.exe
\Shell\´ò¿ª(&O)\command - e:\autorun\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7B58E9F9-1757-C093-ADC6-C41E9EE5ABCD}]
c:\program files\svchostt\svchost.exe s
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {9105C663-5A7A-488A-BEC7-5B96943423AB} = 211.103.158.182,202.106.0.20
FF - ProfilePath - c:\documents and settings\Christina\Application Data\Mozilla\Firefox\Profiles\rsc9mw07.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 09:41:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C39A52E0-B90F-3972-349B-89959FEA01B9}*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1644491937-1708537768-1957994488-1003
@Allowed: (Full) (S-1-5-21-1644491937-1708537768-1957994488-1003)
@Allowed: (Full) (S-1-5-21-1644491937-1708537768-1957994488-1003)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
@Owner=S-1-5-21-1644491937-1708537768-1957994488-1003
"OODEFRAG10.00.00.01WORKSTATION"="A7E0682F14FD6F6757998DE2D93445552D682438A7998727B39DE96A6EF11E7B7951D3E128BDD0ACE950CAF216EB2A96FC94C0305D1A316C314E8FBF63ECF5A15C042754096CE35CC0B413A3AAF9EE7E041CC4FA7751083EDFF3B9D8169BEBC7B855E71D13133378F31F7F4B30B0C2A02771FD51EE78FE5F92398BEC7A405604EFCA2B17599A9A080F0ABC84F5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB34528EDD5E5BE2F6E667683F4BB4339EACCD0F016A14C5BC286516CB028D04BE4AD99F9FE743B14AD9BB4D8A859B21E7C0C1A2875AD75C0609CDF9A4F98363C66F3B8079A8307121008B5073FC825CD5C3D50EE81A8A7CA9008A1C89747928F6840BDD8FA813BE128C8D8C4A5F02BFF6A752937AC972F84B3F2289F4247D41A99EABAD9EC8E5C04A95A2FE35DEA4C96E24B45BE40CC64A223F4FB2B43A96BE4B14B448BCED1DBF8CF2DC0B2CB16A9EF3B3AEF0A786328C7CBA816BEDEEBCD4DE03726C50809E2CAE430777FB104584D192A64393E4D6FE39305AEC957E5E5D774B63BA156DC2169BE61DED45391C67E844B5A54E554705CD62B1D276295A54BF103BB79C2559B3D103CEFBFDED4A542B8DA950D10A8C28425B8F9E30B0075CF43AE24E489CA3DE630281956D729F7E1F7A82DDEC392213326334B3345DAC386875F24B514B5895750F4D113193DDBD62D877CE3F1F7716CD89135BCBFC89517FB23F6043AFA0F9449B7FA73A1CBC8D23B9F184BF797126D923D0C00FDCCD3532A4C6227EC99AD19C5F97F8CBDF678A24F20FC8B80BE7D8AEC4C8766E501E950FC4448AB41D5886E04FCA8601B2FCF8BC212045C71B276BB8CB09EDAB3115C4B64E22F66F33E0A707AC8037C46E8FC0D89F2A8A5EF36FBDF7D6D302DDD83EBE5FC200298A99ACE49B7657D458F227EBF792670A4262F2540048216EF0289A9ED165B0C535DEAA153A711E8E5120BE282C5FC51E0D3C5B5579489BD1A183A0A4E93EBC56F31A3D3396285A7718DA44C99E2F6700ACD5458DA1C09F338451B7371B1ADFC99DE0B9DA76E64304680E9CC708F11F50E28BBE6E48E1417A7FFDBDDE6908096F5E53E950B43FC60FD4A61DBCB959F891C53ACD8AD19EC6F2CDF703C8EE5D5BFC35100D773F0685D8401891E5955AB12BBEC5E91836ADAA4DFD34CDC4D8312E0E77BB545C97545281E455382915AF3BE80C14FCF5010A1C9EF1AA564868608E9C4C7F652BD48737114E59458BC15939F9BE116A2353F3FB5E61554A6C718B3A0DAF885BB62140F070DEA25FB8BA1609723D298342616EE1695734C96EDE95A6A3EF0642743BE4EDEFC932A100B36FB3C8C151929CF33F9880B24CE92EAD277988322E1FFD751E55C0988D"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\oodag.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Completion time: 2008-12-31 9:44:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 08:43:09

Pre-Run: 28,814,598,144 bytes free
Post-Run: 28,688,064,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

282











et voici le rapport de USBFIX :

PS : doit je faire la vaccination qu'il propose en option 2 ???









-------------- UsbFix V2.413.8 ---------------

* User : Christina - CHRSITINA
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 10:00:38 le Wed 12/31/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------- [ Informations lecteurs ] ----------------

C: - Fixed DriveE: - Fixed DriveF: - Fixed DriveG: - Fixed Drive
+- Contenu de l'autorun : E:\autorun.inf

[autorun]
icon = .\Maxtor_Desktop.ico

--------------- [ Lecteur C ] ----------------

C: - Fixed Drive
+- Listing des fichiers présents :

[05/01/2008 03:57 PM][--a------] C:\AUTOEXEC.BAT
[08/03/2004 10:38 PM][-rahs----] C:\NTDETECT.COM
[12/31/2008 09:35 AM][-rahs----] C:\boot.ini
[12/31/2008 09:44 AM][--a------] C:\ComboFix.txt
[12/31/2008 09:44 AM][--a------] C:\UsbFix.txt
[05/01/2008 03:57 PM][--a------] C:\CONFIG.SYS
[05/01/2008 03:57 PM][--a------] C:\IO.SYS
[05/01/2008 03:57 PM][--a------] C:\MSDOS.SYS
[05/01/2008 03:57 PM][--a------] C:\pagefile.sys

--------------- [ Lecteur E ] ----------------

E: - Fixed Drive
+- Listing des fichiers présents :

[08/08/2007 08:49 PM][--a------] E:\autorun.inf

--------------- [ Lecteur F ] ----------------

F: - Fixed Drive
+- Listing des fichiers présents :


--------------- [ Lecteur G ] ----------------

G: - Fixed Drive
+- Listing des fichiers présents :


--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
egui="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cae97a0-63ea-11dd-a0f1-00061bda8d0a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f8d6e6a-7a54-11dd-a11e-00061bda8d0a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab9a60b5-27fe-11dd-a0e5-00061bda8d0a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c75e9b39-7e0d-11dd-a123-00061bda8d0a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979057-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979058-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb979060-1f58-11dd-a0e2-00061bda8d0a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e11877a3-7aec-11dd-a11f-00061bda8d0a}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [08/08/2007 08:49 PM][--a------] E:\autorun.inf
Supprimé ! - [12/05/2008 06:23 AM][dr-h-----] E:\AutoRun
Supprimé ! - [05/31/2008 11:34 AM][dr-h-----] F:\AutoRun
Supprimé ! - [07/17/2008 09:16 AM][dr-h-----] G:\AutoRun

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[05/01/2008 03:57 PM][--a------] C:\AUTOEXEC.BAT
[08/03/2004 10:38 PM][-rahs----] C:\NTDETECT.COM
[12/31/2008 09:35 AM][-rahs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------






voila et enfin le scan complet avec tous mes supports avec Malwarebytes' Anti-Malware




Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1581
Windows 5.1.2600 Service Pack 3

12/31/2008 13:06:00
mbam-log-2008-12-31 (13-05-55).txt

Type de recherche: Examen complet (C:\|E:\|F:\|G:\|)
Eléments examinés: 141856
Temps écoulé: 2 hour(s), 56 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)




Donc rien a signaler apparemment pour Malwarebytes' Anti-Malware.


Résultat final j'ai vraiment l'impression que ça c'est amélioré mais j'ai pas pu trop faire de PC aujourd'hui, mais par exemple mon CPU quand je lance Mozilla ne reste plus bloquer a 100% quand j'ai 3 ou 4 onglets d'ouvert, avec la même situation maintenant le cpu est autours de 40/50% c'est déjà plus raisonnable et ça rame plus,

pense tu que c'est normal les 40/50% d'occupation du cpu ?

sinon que penser des autres résultats ???

Un Grand Merci a toi Curson pour tout !!!

Bonjour Christina,

L'opération ne s'est pas correctement déroulée ; ton antivirus était toujours activé.
Ton ordinateur est encore très infecté. Ne fais donc pas encore la vaccination avec USBFIX.


1) Désinstalle les applications ci-dessous par ajout/suppression de programmes :

2) Désactive les logiciels de protection (Antivirus, Antispywares) puis :


3) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

- Enregistre-le sous le nom de CFScript

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


4) Analyse ton système avec le Kaspersky Online Scanner. Tutorial.
Poste le résultat de l'analyse ici.


A plus tard.

Bonjour Curson,

Vacance oblige me voici enfin de retour sur mon ordi

Alors voici ce que g fait la dernière fois,
désinstallation de mon anti virus car j'arrive pas a le désactiver, ainsi que les autres programmes qu'il fallait désinstaller,

ensuite le CFScript dans combofix et voici le resultat :


ComboFix 08-12-30.02 - Christina 2008-12-31 16:06:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1007.723 [GMT 1:00]
Running from: c:\documents and settings\Christina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Christina\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\BPMNT.dll
c:\windows\hcextoutput.dll
c:\windows\PATCH.EXE
c:\windows\system32\1beA8.mht
c:\windows\system32\3dbB1.sys
c:\windows\system32\53b1E3.mht
c:\windows\system32\742B0.mht
c:\windows\system32\797A9.sys
c:\windows\system32\afd1E4.sys
c:\windows\TMUPDATE.DLL
c:\windows\tsc.exe
c:\windows\TSC.INI
c:\windows\tsc.ptn
c:\windows\UNZIP.DLL
c:\windows\vsapi32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fsaua.data
c:\windows\BDOSCAN8
c:\windows\BDOSCAN8\avxdisk.dll
c:\windows\BDOSCAN8\avxs.dll
c:\windows\BDOSCAN8\avxt.dll
c:\windows\BDOSCAN8\bdcore.dll
c:\windows\BDOSCAN8\bdoscan.ini
c:\windows\BDOSCAN8\bdoscan.log
c:\windows\BDOSCAN8\bdupd.dll
c:\windows\BDOSCAN8\bdupd.dll.updpnd
c:\windows\BDOSCAN8\boot.xmd
c:\windows\BDOSCAN8\ipsupd.dll
c:\windows\BDOSCAN8\lang.ini
c:\windows\BDOSCAN8\libfn.dll
c:\windows\BDOSCAN8\librtvr.dll
c:\windows\BDOSCAN8\live.ini
c:\windows\BDOSCAN8\oscan82.ocx
c:\windows\BDOSCAN8\plugins.htm
c:\windows\BDOSCAN8\plugins\7zip.xmd
c:\windows\BDOSCAN8\plugins\access.xmd
c:\windows\BDOSCAN8\plugins\ace.xmd
c:\windows\BDOSCAN8\plugins\adsntfs.xmd
c:\windows\BDOSCAN8\plugins\alz.xmd
c:\windows\BDOSCAN8\plugins\arc.xmd
c:\windows\BDOSCAN8\plugins\arj.xmd
c:\windows\BDOSCAN8\plugins\aspy_emu.cvd
c:\windows\BDOSCAN8\plugins\bach.xmd
c:\windows\BDOSCAN8\plugins\boot.xmd
c:\windows\BDOSCAN8\plugins\bzip2.xmd
c:\windows\BDOSCAN8\plugins\cab.xmd
c:\windows\BDOSCAN8\plugins\ceva_dll.cvd
c:\windows\BDOSCAN8\plugins\ceva_emu.cvd
c:\windows\BDOSCAN8\plugins\ceva_vfs.cvd
c:\windows\BDOSCAN8\plugins\ceva_vfs.ivd
c:\windows\BDOSCAN8\plugins\cevakrnl.cvd
c:\windows\BDOSCAN8\plugins\cevakrnl.ivd
c:\windows\BDOSCAN8\plugins\cevakrnl.rv0
c:\windows\BDOSCAN8\plugins\cevakrnl.rvd
c:\windows\BDOSCAN8\plugins\cevakrnl.xmd
c:\windows\BDOSCAN8\plugins\chm.xmd
c:\windows\BDOSCAN8\plugins\cookie.cvd
c:\windows\BDOSCAN8\plugins\cookie.xmd
c:\windows\BDOSCAN8\plugins\cpio.xmd
c:\windows\BDOSCAN8\plugins\cran.cvd
c:\windows\BDOSCAN8\plugins\cran.ivd
c:\windows\BDOSCAN8\plugins\cran.xmd
c:\windows\BDOSCAN8\plugins\dbx.xmd
c:\windows\BDOSCAN8\plugins\docfile.xmd
c:\windows\BDOSCAN8\plugins\dummyarch.xmd
c:\windows\BDOSCAN8\plugins\dummyscan.xmd
c:\windows\BDOSCAN8\plugins\e_spyw.cvd
c:\windows\BDOSCAN8\plugins\e_spyw.i01
c:\windows\BDOSCAN8\plugins\e_spyw.i02
c:\windows\BDOSCAN8\plugins\e_spyw.i03
c:\windows\BDOSCAN8\plugins\e_spyw.i04
c:\windows\BDOSCAN8\plugins\e_spyw.i05
c:\windows\BDOSCAN8\plugins\e_spyw.i06
c:\windows\BDOSCAN8\plugins\e_spyw.i07
c:\windows\BDOSCAN8\plugins\e_spyw.i08
c:\windows\BDOSCAN8\plugins\e_spyw.i09
c:\windows\BDOSCAN8\plugins\e_spyw.i10
c:\windows\BDOSCAN8\plugins\e_spyw.i11
c:\windows\BDOSCAN8\plugins\e_spyw.i12
c:\windows\BDOSCAN8\plugins\e_spyw.i13
c:\windows\BDOSCAN8\plugins\e_spyw.i14
c:\windows\BDOSCAN8\plugins\e_spyw.i15
c:\windows\BDOSCAN8\plugins\e_spyw.i16
c:\windows\BDOSCAN8\plugins\e_spyw.i17
c:\windows\BDOSCAN8\plugins\e_spyw.i18
c:\windows\BDOSCAN8\plugins\e_spyw.i19
c:\windows\BDOSCAN8\plugins\e_spyw.i20
c:\windows\BDOSCAN8\plugins\e_spyw.i21
c:\windows\BDOSCAN8\plugins\e_spyw.i22
c:\windows\BDOSCAN8\plugins\e_spyw.i23
c:\windows\BDOSCAN8\plugins\e_spyw.i24
c:\windows\BDOSCAN8\plugins\e_spyw.i25
c:\windows\BDOSCAN8\plugins\e_spyw.i26
c:\windows\BDOSCAN8\plugins\e_spyw.i27
c:\windows\BDOSCAN8\plugins\e_spyw.i28
c:\windows\BDOSCAN8\plugins\e_spyw.i29
c:\windows\BDOSCAN8\plugins\e_spyw.i30
c:\windows\BDOSCAN8\plugins\e_spyw.i31
c:\windows\BDOSCAN8\plugins\e_spyw.i32
c:\windows\BDOSCAN8\plugins\e_spyw.i33
c:\windows\BDOSCAN8\plugins\e_spyw.i34
c:\windows\BDOSCAN8\plugins\e_spyw.i35
c:\windows\BDOSCAN8\plugins\e_spyw.i36
c:\windows\BDOSCAN8\plugins\e_spyw.i37
c:\windows\BDOSCAN8\plugins\e_spyw.i38
c:\windows\BDOSCAN8\plugins\e_spyw.i39
c:\windows\BDOSCAN8\plugins\e_spyw.i40
c:\windows\BDOSCAN8\plugins\e_spyw.i41
c:\windows\BDOSCAN8\plugins\e_spyw.i42
c:\windows\BDOSCAN8\plugins\e_spyw.i43
c:\windows\BDOSCAN8\plugins\e_spyw.i44
c:\windows\BDOSCAN8\plugins\e_spyw.i45
c:\windows\BDOSCAN8\plugins\e_spyw.i46
c:\windows\BDOSCAN8\plugins\e_spyw.i47
c:\windows\BDOSCAN8\plugins\e_spyw.i48
c:\windows\BDOSCAN8\plugins\e_spyw.i49
c:\windows\BDOSCAN8\plugins\e_spyw.ivd
c:\windows\BDOSCAN8\plugins\emalware.001
c:\windows\BDOSCAN8\plugins\emalware.002
c:\windows\BDOSCAN8\plugins\emalware.003
c:\windows\BDOSCAN8\plugins\emalware.004
c:\windows\BDOSCAN8\plugins\emalware.005
c:\windows\BDOSCAN8\plugins\emalware.006
c:\windows\BDOSCAN8\plugins\emalware.007
c:\windows\BDOSCAN8\plugins\emalware.008
c:\windows\BDOSCAN8\plugins\emalware.009
c:\windows\BDOSCAN8\plugins\emalware.010
c:\windows\BDOSCAN8\plugins\emalware.011
c:\windows\BDOSCAN8\plugins\emalware.012
c:\windows\BDOSCAN8\plugins\emalware.013
c:\windows\BDOSCAN8\plugins\emalware.014
c:\windows\BDOSCAN8\plugins\emalware.015
c:\windows\BDOSCAN8\plugins\emalware.016
c:\windows\BDOSCAN8\plugins\emalware.017
c:\windows\BDOSCAN8\plugins\emalware.018
c:\windows\BDOSCAN8\plugins\emalware.019
c:\windows\BDOSCAN8\plugins\emalware.020
c:\windows\BDOSCAN8\plugins\emalware.021
c:\windows\BDOSCAN8\plugins\emalware.022
c:\windows\BDOSCAN8\plugins\emalware.023
c:\windows\BDOSCAN8\plugins\emalware.024
c:\windows\BDOSCAN8\plugins\emalware.025
c:\windows\BDOSCAN8\plugins\emalware.026
c:\windows\BDOSCAN8\plugins\emalware.027
c:\windows\BDOSCAN8\plugins\emalware.028
c:\windows\BDOSCAN8\plugins\emalware.029
c:\windows\BDOSCAN8\plugins\emalware.030
c:\windows\BDOSCAN8\plugins\emalware.031
c:\windows\BDOSCAN8\plugins\emalware.032
c:\windows\BDOSCAN8\plugins\emalware.033
c:\windows\BDOSCAN8\plugins\emalware.034
c:\windows\BDOSCAN8\plugins\emalware.035
c:\windows\BDOSCAN8\plugins\emalware.036
c:\windows\BDOSCAN8\plugins\emalware.037
c:\windows\BDOSCAN8\plugins\emalware.038
c:\windows\BDOSCAN8\plugins\emalware.039
c:\windows\BDOSCAN8\plugins\emalware.040
c:\windows\BDOSCAN8\plugins\emalware.041
c:\windows\BDOSCAN8\plugins\emalware.042
c:\windows\BDOSCAN8\plugins\emalware.043
c:\windows\BDOSCAN8\plugins\emalware.044
c:\windows\BDOSCAN8\plugins\emalware.045
c:\windows\BDOSCAN8\plugins\emalware.046
c:\windows\BDOSCAN8\plugins\emalware.047
c:\windows\BDOSCAN8\plugins\emalware.048
c:\windows\BDOSCAN8\plugins\emalware.049
c:\windows\BDOSCAN8\plugins\emalware.050
c:\windows\BDOSCAN8\plugins\emalware.051
c:\windows\BDOSCAN8\plugins\emalware.052
c:\windows\BDOSCAN8\plugins\emalware.053
c:\windows\BDOSCAN8\plugins\emalware.054
c:\windows\BDOSCAN8\plugins\emalware.055
c:\windows\BDOSCAN8\plugins\emalware.056
c:\windows\BDOSCAN8\plugins\emalware.057
c:\windows\BDOSCAN8\plugins\emalware.058
c:\windows\BDOSCAN8\plugins\emalware.059
c:\windows\BDOSCAN8\plugins\emalware.060
c:\windows\BDOSCAN8\plugins\emalware.061
c:\windows\BDOSCAN8\plugins\emalware.062
c:\windows\BDOSCAN8\plugins\emalware.063
c:\windows\BDOSCAN8\plugins\emalware.064
c:\windows\BDOSCAN8\plugins\emalware.065
c:\windows\BDOSCAN8\plugins\emalware.066
c:\windows\BDOSCAN8\plugins\emalware.067
c:\windows\BDOSCAN8\plugins\emalware.068
c:\windows\BDOSCAN8\plugins\emalware.069
c:\windows\BDOSCAN8\plugins\emalware.070
c:\windows\BDOSCAN8\plugins\emalware.071
c:\windows\BDOSCAN8\plugins\emalware.072
c:\windows\BDOSCAN8\plugins\emalware.073
c:\windows\BDOSCAN8\plugins\emalware.074
c:\windows\BDOSCAN8\plugins\emalware.075
c:\windows\BDOSCAN8\plugins\emalware.076
c:\windows\BDOSCAN8\plugins\emalware.077
c:\windows\BDOSCAN8\plugins\emalware.078
c:\windows\BDOSCAN8\plugins\emalware.079
c:\windows\BDOSCAN8\plugins\emalware.080
c:\windows\BDOSCAN8\plugins\emalware.081
c:\windows\BDOSCAN8\plugins\emalware.082
c:\windows\BDOSCAN8\plugins\emalware.083
c:\windows\BDOSCAN8\plugins\emalware.084
c:\windows\BDOSCAN8\plugins\emalware.085
c:\windows\BDOSCAN8\plugins\emalware.086
c:\windows\BDOSCAN8\plugins\emalware.087
c:\windows\BDOSCAN8\plugins\emalware.088
c:\windows\BDOSCAN8\plugins\emalware.089
c:\windows\BDOSCAN8\plugins\emalware.090
c:\windows\BDOSCAN8\plugins\emalware.091
c:\windows\BDOSCAN8\plugins\emalware.092
c:\windows\BDOSCAN8\plugins\emalware.093
c:\windows\BDOSCAN8\plugins\emalware.094
c:\windows\BDOSCAN8\plugins\emalware.095
c:\windows\BDOSCAN8\plugins\emalware.096
c:\windows\BDOSCAN8\plugins\emalware.097
c:\windows\BDOSCAN8\plugins\emalware.098
c:\windows\BDOSCAN8\plugins\emalware.099
c:\windows\BDOSCAN8\plugins\emalware.100
c:\windows\BDOSCAN8\plugins\emalware.101
c:\windows\BDOSCAN8\plugins\emalware.102
c:\windows\BDOSCAN8\plugins\emalware.103
c:\windows\BDOSCAN8\plugins\emalware.104
c:\windows\BDOSCAN8\plugins\emalware.105
c:\windows\BDOSCAN8\plugins\emalware.106
c:\windows\BDOSCAN8\plugins\emalware.107
c:\windows\BDOSCAN8\plugins\emalware.108
c:\windows\BDOSCAN8\plugins\emalware.109
c:\windows\BDOSCAN8\plugins\emalware.110
c:\windows\BDOSCAN8\plugins\emalware.111
c:\windows\BDOSCAN8\plugins\emalware.112
c:\windows\BDOSCAN8\plugins\emalware.113
c:\windows\BDOSCAN8\plugins\emalware.114
c:\windows\BDOSCAN8\plugins\emalware.115
c:\windows\BDOSCAN8\plugins\emalware.116
c:\windows\BDOSCAN8\plugins\emalware.117
c:\windows\BDOSCAN8\plugins\emalware.118
c:\windows\BDOSCAN8\plugins\emalware.119
c:\windows\BDOSCAN8\plugins\emalware.120
c:\windows\BDOSCAN8\plugins\emalware.121
c:\windows\BDOSCAN8\plugins\emalware.122
c:\windows\BDOSCAN8\plugins\emalware.123
c:\windows\BDOSCAN8\plugins\emalware.124
c:\windows\BDOSCAN8\plugins\emalware.125
c:\windows\BDOSCAN8\plugins\emalware.126
c:\windows\BDOSCAN8\plugins\emalware.127
c:\windows\BDOSCAN8\plugins\emalware.128
c:\windows\BDOSCAN8\plugins\emalware.129
c:\windows\BDOSCAN8\plugins\emalware.130
c:\windows\BDOSCAN8\plugins\emalware.131
c:\windows\BDOSCAN8\plugins\emalware.132
c:\windows\BDOSCAN8\plugins\emalware.133
c:\windows\BDOSCAN8\plugins\emalware.134
c:\windows\BDOSCAN8\plugins\emalware.135
c:\windows\BDOSCAN8\plugins\emalware.136
c:\windows\BDOSCAN8\plugins\emalware.137
c:\windows\BDOSCAN8\plugins\emalware.138
c:\windows\BDOSCAN8\plugins\emalware.139
c:\windows\BDOSCAN8\plugins\emalware.140
c:\windows\BDOSCAN8\plugins\emalware.141
c:\windows\BDOSCAN8\plugins\emalware.142
c:\windows\BDOSCAN8\plugins\emalware.143
c:\windows\BDOSCAN8\plugins\emalware.144
c:\windows\BDOSCAN8\plugins\emalware.145
c:\windows\BDOSCAN8\plugins\emalware.146
c:\windows\BDOSCAN8\plugins\emalware.147
c:\windows\BDOSCAN8\plugins\emalware.148
c:\windows\BDOSCAN8\plugins\emalware.149
c:\windows\BDOSCAN8\plugins\emalware.150
c:\windows\BDOSCAN8\plugins\emalware.151
c:\windows\BDOSCAN8\plugins\emalware.152
c:\windows\BDOSCAN8\plugins\emalware.153
c:\windows\BDOSCAN8\plugins\emalware.154
c:\windows\BDOSCAN8\plugins\emalware.155
c:\windows\BDOSCAN8\plugins\emalware.156
c:\windows\BDOSCAN8\plugins\emalware.157
c:\windows\BDOSCAN8\plugins\emalware.158
c:\windows\BDOSCAN8\plugins\emalware.159
c:\windows\BDOSCAN8\plugins\emalware.160
c:\windows\BDOSCAN8\plugins\emalware.161
c:\windows\BDOSCAN8\plugins\emalware.162
c:\windows\BDOSCAN8\plugins\emalware.163
c:\windows\BDOSCAN8\plugins\emalware.164
c:\windows\BDOSCAN8\plugins\emalware.165
c:\windows\BDOSCAN8\plugins\emalware.166
c:\windows\BDOSCAN8\plugins\emalware.167
c:\windows\BDOSCAN8\plugins\emalware.168
c:\windows\BDOSCAN8\plugins\emalware.169
c:\windows\BDOSCAN8\plugins\emalware.170
c:\windows\BDOSCAN8\plugins\emalware.171
c:\windows\BDOSCAN8\plugins\emalware.172
c:\windows\BDOSCAN8\plugins\emalware.173
c:\windows\BDOSCAN8\plugins\emalware.174
c:\windows\BDOSCAN8\plugins\emalware.175
c:\windows\BDOSCAN8\plugins\emalware.176
c:\windows\BDOSCAN8\plugins\emalware.177
c:\windows\BDOSCAN8\plugins\emalware.178
c:\windows\BDOSCAN8\plugins\emalware.179
c:\windows\BDOSCAN8\plugins\emalware.180
c:\windows\BDOSCAN8\plugins\emalware.181
c:\windows\BDOSCAN8\plugins\emalware.182
c:\windows\BDOSCAN8\plugins\emalware.183
c:\windows\BDOSCAN8\plugins\emalware.184
c:\windows\BDOSCAN8\plugins\emalware.185
c:\windows\BDOSCAN8\plugins\emalware.186
c:\windows\BDOSCAN8\plugins\emalware.187
c:\windows\BDOSCAN8\plugins\emalware.188
c:\windows\BDOSCAN8\plugins\emalware.189
c:\windows\BDOSCAN8\plugins\emalware.190
c:\windows\BDOSCAN8\plugins\emalware.191
c:\windows\BDOSCAN8\plugins\emalware.192
c:\windows\BDOSCAN8\plugins\emalware.193
c:\windows\BDOSCAN8\plugins\emalware.194
c:\windows\BDOSCAN8\plugins\emalware.195
c:\windows\BDOSCAN8\plugins\emalware.196
c:\windows\BDOSCAN8\plugins\emalware.197
c:\windows\BDOSCAN8\plugins\emalware.198
c:\windows\BDOSCAN8\plugins\emalware.199
c:\windows\BDOSCAN8\plugins\emalware.200
c:\windows\BDOSCAN8\plugins\emalware.201
c:\windows\BDOSCAN8\plugins\emalware.202
c:\windows\BDOSCAN8\plugins\emalware.203
c:\windows\BDOSCAN8\plugins\emalware.204
c:\windows\BDOSCAN8\plugins\emalware.205
c:\windows\BDOSCAN8\plugins\emalware.206
c:\windows\BDOSCAN8\plugins\emalware.207
c:\windows\BDOSCAN8\plugins\emalware.208
c:\windows\BDOSCAN8\plugins\emalware.209
c:\windows\BDOSCAN8\plugins\emalware.210
c:\windows\BDOSCAN8\plugins\emalware.211
c:\windows\BDOSCAN8\plugins\emalware.212
c:\windows\BDOSCAN8\plugins\emalware.213
c:\windows\BDOSCAN8\plugins\emalware.214
c:\windows\BDOSCAN8\plugins\emalware.215
c:\windows\BDOSCAN8\plugins\emalware.216
c:\windows\BDOSCAN8\plugins\emalware.217
c:\windows\BDOSCAN8\plugins\emalware.218
c:\windows\BDOSCAN8\plugins\emalware.219
c:\windows\BDOSCAN8\plugins\emalware.220
c:\windows\BDOSCAN8\plugins\emalware.221
c:\windows\BDOSCAN8\plugins\emalware.222
c:\windows\BDOSCAN8\plugins\emalware.223
c:\windows\BDOSCAN8\plugins\emalware.224
c:\windows\BDOSCAN8\plugins\emalware.225
c:\windows\BDOSCAN8\plugins\emalware.226
c:\windows\BDOSCAN8\plugins\emalware.227
c:\windows\BDOSCAN8\plugins\emalware.228
c:\windows\BDOSCAN8\plugins\emalware.229
c:\windows\BDOSCAN8\plugins\emalware.230
c:\windows\BDOSCAN8\plugins\emalware.231
c:\windows\BDOSCAN8\plugins\emalware.232
c:\windows\BDOSCAN8\plugins\emalware.233
c:\windows\BDOSCAN8\plugins\emalware.234
c:\windows\BDOSCAN8\plugins\emalware.235
c:\windows\BDOSCAN8\plugins\emalware.236
c:\windows\BDOSCAN8\plugins\emalware.237
c:\windows\BDOSCAN8\plugins\emalware.238
c:\windows\BDOSCAN8\plugins\emalware.239
c:\windows\BDOSCAN8\plugins\emalware.240
c:\windows\BDOSCAN8\plugins\emalware.241
c:\windows\BDOSCAN8\plugins\emalware.242
c:\windows\BDOSCAN8\plugins\emalware.243
c:\windows\BDOSCAN8\plugins\emalware.244
c:\windows\BDOSCAN8\plugins\emalware.245
c:\windows\BDOSCAN8\plugins\emalware.246
c:\windows\BDOSCAN8\plugins\emalware.247
c:\windows\BDOSCAN8\plugins\emalware.248
c:\windows\BDOSCAN8\plugins\emalware.249
c:\windows\BDOSCAN8\plugins\emalware.250
c:\windows\BDOSCAN8\plugins\emalware.251
c:\windows\BDOSCAN8\plugins\emalware.252
c:\windows\BDOSCAN8\plugins\emalware.253
c:\windows\BDOSCAN8\plugins\emalware.254
c:\windows\BDOSCAN8\plugins\emalware.255
c:\windows\BDOSCAN8\plugins\emalware.256
c:\windows\BDOSCAN8\plugins\emalware.257
c:\windows\BDOSCAN8\plugins\emalware.258
c:\windows\BDOSCAN8\plugins\emalware.259
c:\windows\BDOSCAN8\plugins\emalware.260
c:\windows\BDOSCAN8\plugins\emalware.261
c:\windows\BDOSCAN8\plugins\emalware.262
c:\windows\BDOSCAN8\plugins\emalware.263
c:\windows\BDOSCAN8\plugins\emalware.264
c:\windows\BDOSCAN8\plugins\emalware.265
c:\windows\BDOSCAN8\plugins\emalware.266
c:\windows\BDOSCAN8\plugins\emalware.267
c:\windows\BDOSCAN8\plugins\emalware.268
c:\windows\BDOSCAN8\plugins\emalware.269
c:\windows\BDOSCAN8\plugins\emalware.270
c:\windows\BDOSCAN8\plugins\emalware.271
c:\windows\BDOSCAN8\plugins\emalware.272
c:\windows\BDOSCAN8\plugins\emalware.273
c:\windows\BDOSCAN8\plugins\emalware.274
c:\windows\BDOSCAN8\plugins\emalware.275
c:\windows\BDOSCAN8\plugins\emalware.276
c:\windows\BDOSCAN8\plugins\emalware.277
c:\windows\BDOSCAN8\plugins\emalware.278
c:\windows\BDOSCAN8\plugins\emalware.279
c:\windows\BDOSCAN8\plugins\emalware.280
c:\windows\BDOSCAN8\plugins\emalware.281
c:\windows\BDOSCAN8\plugins\emalware.282
c:\windows\BDOSCAN8\plugins\emalware.283
c:\windows\BDOSCAN8\plugins\emalware.284
c:\windows\BDOSCAN8\plugins\emalware.285
c:\windows\BDOSCAN8\plugins\emalware.286
c:\windows\BDOSCAN8\plugins\emalware.287
c:\windows\BDOSCAN8\plugins\emalware.288
c:\windows\BDOSCAN8\plugins\emalware.289
c:\windows\BDOSCAN8\plugins\emalware.290
c:\windows\BDOSCAN8\plugins\emalware.291
c:\windows\BDOSCAN8\plugins\emalware.292
c:\windows\BDOSCAN8\plugins\emalware.293
c:\windows\BDOSCAN8\plugins\emalware.294
c:\windows\BDOSCAN8\plugins\emalware.295
c:\windows\BDOSCAN8\plugins\emalware.296
c:\windows\BDOSCAN8\plugins\emalware.297
c:\windows\BDOSCAN8\plugins\emalware.298
c:\windows\BDOSCAN8\plugins\emalware.299
c:\windows\BDOSCAN8\plugins\emalware.300
c:\windows\BDOSCAN8\plugins\emalware.301
c:\windows\BDOSCAN8\plugins\emalware.302
c:\windows\BDOSCAN8\plugins\emalware.303
c:\windows\BDOSCAN8\plugins\emalware.304
c:\windows\BDOSCAN8\plugins\emalware.305
c:\windows\BDOSCAN8\plugins\emalware.306
c:\windows\BDOSCAN8\plugins\emalware.307
c:\windows\BDOSCAN8\plugins\emalware.308
c:\windows\BDOSCAN8\plugins\emalware.309
c:\windows\BDOSCAN8\plugins\emalware.310
c:\windows\BDOSCAN8\plugins\emalware.311
c:\windows\BDOSCAN8\plugins\emalware.312
c:\windows\BDOSCAN8\plugins\emalware.313
c:\windows\BDOSCAN8\plugins\emalware.314
c:\windows\BDOSCAN8\plugins\emalware.315
c:\windows\BDOSCAN8\plugins\emalware.316
c:\windows\BDOSCAN8\plugins\emalware.317
c:\windows\BDOSCAN8\plugins\emalware.318
c:\windows\BDOSCAN8\plugins\emalware.319
c:\windows\BDOSCAN8\plugins\emalware.320
c:\windows\BDOSCAN8\plugins\emalware.321
c:\windows\BDOSCAN8\plugins\emalware.322
c:\windows\BDOSCAN8\plugins\emalware.323
c:\windows\BDOSCAN8\plugins\emalware.324
c:\windows\BDOSCAN8\plugins\emalware.325
c:\windows\BDOSCAN8\plugins\emalware.326
c:\windows\BDOSCAN8\plugins\emalware.327
c:\windows\BDOSCAN8\plugins\emalware.328
c:\windows\BDOSCAN8\plugins\emalware.329
c:\windows\BDOSCAN8\plugins\emalware.330
c:\windows\BDOSCAN8\plugins\emalware.331
c:\windows\BDOSCAN8\plugins\emalware.332
c:\windows\BDOSCAN8\plugins\emalware.333
c:\windows\BDOSCAN8\plugins\emalware.334
c:\windows\BDOSCAN8\plugins\emalware.335
c:\windows\BDOSCAN8\plugins\emalware.336
c:\windows\BDOSCAN8\plugins\emalware.337
c:\windows\BDOSCAN8\plugins\emalware.338
c:\windows\BDOSCAN8\plugins\emalware.339
c:\windows\BDOSCAN8\plugins\emalware.340
c:\windows\BDOSCAN8\plugins\emalware.341
c:\windows\BDOSCAN8\plugins\emalware.342
c:\windows\BDOSCAN8\plugins\emalware.343
c:\windows\BDOSCAN8\plugins\emalware.344
c:\windows\BDOSCAN8\plugins\emalware.345
c:\windows\BDOSCAN8\plugins\emalware.346
c:\windows\BDOSCAN8\plugins\emalware.347
c:\windows\BDOSCAN8\plugins\emalware.348
c:\windows\BDOSCAN8\plugins\emalware.349
c:\windows\BDOSCAN8\plugins\emalware.350
c:\windows\BDOSCAN8\plugins\emalware.351
c:\windows\BDOSCAN8\plugins\emalware.352
c:\windows\BDOSCAN8\plugins\emalware.353
c:\windows\BDOSCAN8\plugins\emalware.354
c:\windows\BDOSCAN8\plugins\emalware.355
c:\windows\BDOSCAN8\plugins\emalware.356
c:\windows\BDOSCAN8\plugins\emalware.357
c:\windows\BDOSCAN8\plugins\emalware.358
c:\windows\BDOSCAN8\plugins\emalware.359
c:\windows\BDOSCAN8\plugins\emalware.360
c:\windows\BDOSCAN8\plugins\emalware.361
c:\windows\BDOSCAN8\plugins\emalware.362
c:\windows\BDOSCAN8\plugins\emalware.363
c:\windows\BDOSCAN8\plugins\emalware.364
c:\windows\BDOSCAN8\plugins\emalware.365
c:\windows\BDOSCAN8\plugins\emalware.366
c:\windows\BDOSCAN8\plugins\emalware.367
c:\windows\BDOSCAN8\plugins\emalware.368
c:\windows\BDOSCAN8\plugins\emalware.369
c:\windows\BDOSCAN8\plugins\emalware.c00
c:\windows\BDOSCAN8\plugins\emalware.c01
c:\windows\BDOSCAN8\plugins\emalware.c02
c:\windows\BDOSCAN8\plugins\emalware.c03
c:\windows\BDOSCAN8\plugins\emalware.c04
c:\windows\BDOSCAN8\plugins\emalware.c05
c:\windows\BDOSCAN8\plugins\emalware.c06
c:\windows\BDOSCAN8\plugins\emalware.c07
c:\windows\BDOSCAN8\plugins\emalware.c08
c:\windows\BDOSCAN8\plugins\emalware.c09
c:\windows\BDOSCAN8\plugins\emalware.c10
c:\windows\BDOSCAN8\plugins\emalware.cvd
c:\windows\BDOSCAN8\plugins\emalware.i01
c:\windows\BDOSCAN8\plugins\emalware.i02
c:\windows\BDOSCAN8\plugins\emalware.i03
c:\windows\BDOSCAN8\plugins\emalware.i04
c:\windows\BDOSCAN8\plugins\emalware.i05
c:\windows\BDOSCAN8\plugins\emalware.i06
c:\windows\BDOSCAN8\plugins\emalware.i07
c:\windows\BDOSCAN8\plugins\emalware.i08
c:\windows\BDOSCAN8\plugins\emalware.i09
c:\windows\BDOSCAN8\plugins\emalware.i10
c:\windows\BDOSCAN8\plugins\emalware.i11
c:\windows\BDOSCAN8\plugins\emalware.i12
c:\windows\BDOSCAN8\plugins\emalware.i13
c:\windows\BDOSCAN8\plugins\emalware.i14
c:\windows\BDOSCAN8\plugins\emalware.i15
c:\windows\BDOSCAN8\plugins\emalware.i16
c:\windows\BDOSCAN8\plugins\emalware.i17
c:\windows\BDOSCAN8\plugins\emalware.i18
c:\windows\BDOSCAN8\plugins\emalware.i19
c:\windows\BDOSCAN8\plugins\emalware.i20
c:\windows\BDOSCAN8\plugins\emalware.i21
c:\windows\BDOSCAN8\plugins\emalware.i22
c:\windows\BDOSCAN8\plugins\emalware.i23
c:\windows\BDOSCAN8\plugins\emalware.i24
c:\windows\BDOSCAN8\plugins\emalware.i25
c:\windows\BDOSCAN8\plugins\emalware.i26
c:\windows\BDOSCAN8\plugins\emalware.i27
c:\windows\BDOSCAN8\plugins\emalware.i28
c:\windows\BDOSCAN8\plugins\emalware.i29
c:\windows\BDOSCAN8\plugins\emalware.i30
c:\windows\BDOSCAN8\plugins\emalware.i31
c:\windows\BDOSCAN8\plugins\emalware.i32
c:\windows\BDOSCAN8\plugins\emalware.i33
c:\windows\BDOSCAN8\plugins\emalware.i34
c:\windows\BDOSCAN8\plugins\emalware.i35
c:\windows\BDOSCAN8\plugins\emalware.i36
c:\windows\BDOSCAN8\plugins\emalware.i37
c:\windows\BDOSCAN8\plugins\emalware.i38
c:\windows\BDOSCAN8\plugins\emalware.i39
c:\windows\BDOSCAN8\plugins\emalware.i40
c:\windows\BDOSCAN8\plugins\emalware.i41
c:\windows\BDOSCAN8\plugins\emalware.i42
c:\windows\BDOSCAN8\plugins\emalware.i43
c:\windows\BDOSCAN8\plugins\emalware.i44
c:\windows\BDOSCAN8\plugins\emalware.i45
c:\windows\BDOSCAN8\plugins\emalware.i46
c:\windows\BDOSCAN8\plugins\emalware.i47
c:\windows\BDOSCAN8\plugins\emalware.i48
c:\windows\BDOSCAN8\plugins\emalware.i49
c:\windows\BDOSCAN8\plugins\emalware.i50
c:\windows\BDOSCAN8\plugins\emalware.i51
c:\windows\BDOSCAN8\plugins\emalware.i52
c:\windows\BDOSCAN8\plugins\emalware.i53
c:\windows\BDOSCAN8\plugins\emalware.i54
c:\windows\BDOSCAN8\plugins\emalware.i55
c:\windows\BDOSCAN8\plugins\emalware.i56
c:\windows\BDOSCAN8\plugins\emalware.i57
c:\windows\BDOSCAN8\plugins\emalware.i58
c:\windows\BDOSCAN8\plugins\emalware.i59
c:\windows\BDOSCAN8\plugins\emalware.i60
c:\windows\BDOSCAN8\plugins\emalware.i61
c:\windows\BDOSCAN8\plugins\emalware.i62
c:\windows\BDOSCAN8\plugins\emalware.i63
c:\windows\BDOSCAN8\plugins\emalware.i64
c:\windows\BDOSCAN8\plugins\emalware.i65
c:\windows\BDOSCAN8\plugins\emalware.i66
c:\windows\BDOSCAN8\plugins\emalware.i67
c:\windows\BDOSCAN8\plugins\emalware.i68
c:\windows\BDOSCAN8\plugins\emalware.i69
c:\windows\BDOSCAN8\plugins\emalware.i70
c:\windows\BDOSCAN8\plugins\emalware.i71
c:\windows\BDOSCAN8\plugins\emalware.i72
c:\windows\BDOSCAN8\plugins\emalware.i73
c:\windows\BDOSCAN8\plugins\emalware.i74
c:\windows\BDOSCAN8\plugins\emalware.i75
c:\windows\BDOSCAN8\plugins\emalware.i76
c:\windows\BDOSCAN8\plugins\emalware.i77
c:\windows\BDOSCAN8\plugins\emalware.i78
c:\windows\BDOSCAN8\plugins\emalware.i79
c:\windows\BDOSCAN8\plugins\emalware.i80
c:\windows\BDOSCAN8\plugins\emalware.i81
c:\windows\BDOSCAN8\plugins\emalware.i82
c:\windows\BDOSCAN8\plugins\emalware.i83
c:\windows\BDOSCAN8\plugins\emalware.i84
c:\windows\BDOSCAN8\plugins\emalware.i85
c:\windows\BDOSCAN8\plugins\emalware.i86
c:\windows\BDOSCAN8\plugins\emalware.i87
c:\windows\BDOSCAN8\plugins\emalware.i88
c:\windows\BDOSCAN8\plugins\emalware.i89
c:\windows\BDOSCAN8\plugins\emalware.i90
c:\windows\BDOSCAN8\plugins\emalware.i91
c:\windows\BDOSCAN8\plugins\emalware.i92
c:\windows\BDOSCAN8\plugins\emalware.i93
c:\windows\BDOSCAN8\plugins\emalware.i94
c:\windows\BDOSCAN8\plugins\emalware.i95
c:\windows\BDOSCAN8\plugins\emalware.i96
c:\windows\BDOSCAN8\plugins\emalware.i97
c:\windows\BDOSCAN8\plugins\emalware.i98
c:\windows\BDOSCAN8\plugins\emalware.i99
c:\windows\BDOSCAN8\plugins\emalware.ivd
c:\windows\BDOSCAN8\plugins\emalware.xmd
c:\windows\BDOSCAN8\plugins\epoc.xmd
c:\windows\BDOSCAN8\plugins\gvmscripts.cvd
c:\windows\BDOSCAN8\plugins\gzip.xmd
c:\windows\BDOSCAN8\plugins\ha.xmd
c:\windows\BDOSCAN8\plugins\hlp.xmd
c:\windows\BDOSCAN8\plugins\hpe.cvd
c:\windows\BDOSCAN8\plugins\hpe.xmd
c:\windows\BDOSCAN8\plugins\hqx.xmd
c:\windows\BDOSCAN8\plugins\html.xmd
c:\windows\BDOSCAN8\plugins\imp.xmd
c:\windows\BDOSCAN8\plugins\inno.xmd
c:\windows\BDOSCAN8\plugins\instyler.xmd
c:\windows\BDOSCAN8\plugins\iso.xmd
c:\windows\BDOSCAN8\plugins\java.cvd
c:\windows\BDOSCAN8\plugins\java.xmd
c:\windows\BDOSCAN8\plugins\jpeg.xmd
c:\windows\BDOSCAN8\plugins\lha.xmd
c:\windows\BDOSCAN8\plugins\lnk.xmd
c:\windows\BDOSCAN8\plugins\mbox.xmd
c:\windows\BDOSCAN8\plugins\mbx.xmd
c:\windows\BDOSCAN8\plugins\mdx.xmd
c:\windows\BDOSCAN8\plugins\mdx_97.cvd
c:\windows\BDOSCAN8\plugins\mdx_97.ivd
c:\windows\BDOSCAN8\plugins\mdx_w95.cvd
c:\windows\BDOSCAN8\plugins\mdx_x95.cvd
c:\windows\BDOSCAN8\plugins\mdx_xf.cvd
c:\windows\BDOSCAN8\plugins\mime.xmd
c:\windows\BDOSCAN8\plugins\mobmalware.cvd
c:\windows\BDOSCAN8\plugins\mobmalware.xmd
c:\windows\BDOSCAN8\plugins\mso.xmd
c:\windows\BDOSCAN8\plugins\na.cvd
c:\windows\BDOSCAN8\plugins\na.xmd
c:\windows\BDOSCAN8\plugins\nelf.cvd
c:\windows\BDOSCAN8\plugins\nelf.xmd
c:\windows\BDOSCAN8\plugins\nsis.xmd
c:\windows\BDOSCAN8\plugins\objd.xmd
c:\windows\BDOSCAN8\plugins\orice.rvd
c:\windows\BDOSCAN8\plugins\pdf.xmd
c:\windows\BDOSCAN8\plugins\proc.xmd
c:\windows\BDOSCAN8\plugins\pst.xmd
c:\windows\BDOSCAN8\plugins\rar.xmd
c:\windows\BDOSCAN8\plugins\regarch.cvd
c:\windows\BDOSCAN8\plugins\regarch.xmd
c:\windows\BDOSCAN8\plugins\regscan.cvd
c:\windows\BDOSCAN8\plugins\regscan.xmd
c:\windows\BDOSCAN8\plugins\rpm.xmd
c:\windows\BDOSCAN8\plugins\rtf.xmd
c:\windows\BDOSCAN8\plugins\rup.cvd
c:\windows\BDOSCAN8\plugins\rup.xmd
c:\windows\BDOSCAN8\plugins\sdx.cvd
c:\windows\BDOSCAN8\plugins\sdx.ivd
c:\windows\BDOSCAN8\plugins\sdx.xmd
c:\windows\BDOSCAN8\plugins\sfx.xmd
c:\windows\BDOSCAN8\plugins\swf.xmd
c:\windows\BDOSCAN8\plugins\tar.xmd
c:\windows\BDOSCAN8\plugins\td0.xmd
c:\windows\BDOSCAN8\plugins\thebat.xmd
c:\windows\BDOSCAN8\plugins\tnef.xmd
c:\windows\BDOSCAN8\plugins\uif.xmd
c:\windows\BDOSCAN8\plugins\unpack.cvd
c:\windows\BDOSCAN8\plugins\unpack.ivd
c:\windows\BDOSCAN8\plugins\unpack.xmd
c:\windows\BDOSCAN8\plugins\update.txt
c:\windows\BDOSCAN8\plugins\uudecode.xmd
c:\windows\BDOSCAN8\plugins\ve.cvd
c:\windows\BDOSCAN8\plugins\ve.ivd
c:\windows\BDOSCAN8\plugins\ve.xmd
c:\windows\BDOSCAN8\plugins\vedata.cvd
c:\windows\BDOSCAN8\plugins\viza.xmd
c:\windows\BDOSCAN8\plugins\wise.xmd
c:\windows\BDOSCAN8\plugins\xar.xmd
c:\windows\BDOSCAN8\plugins\xcookies.xmd
c:\windows\BDOSCAN8\plugins\xishield.xmd
c:\windows\BDOSCAN8\plugins\xlmrd.cvd
c:\windows\BDOSCAN8\plugins\xlmrd.ivd
c:\windows\BDOSCAN8\plugins\z.xmd
c:\windows\BDOSCAN8\plugins\zip.xmd
c:\windows\BDOSCAN8\plugins\zoo.xmd
c:\windows\BDOSCAN8\rtvr.html
c:\windows\BDOSCAN8\rtvr2.html
c:\windows\BDOSCAN8\scanoptions.tsi
c:\windows\BDOSCAN8\scanoptions.tsk
c:\windows\BDOSCAN8\scanrep.html
c:\windows\BDOSCAN8\scanres.html
c:\windows\BDOSCAN8\scanres2.html
c:\windows\BPMNT.dll
c:\windows\hcextoutput.dll
c:\windows\PATCH.EXE
c:\windows\system32\1beA8.mht
c:\windows\system32\3dbB1.sys
c:\windows\system32\53b1E3.mht
c:\windows\system32\742B0.mht
c:\windows\system32\797A9.sys
c:\windows\system32\afd1E4.sys
c:\windows\TMUPDATE.DLL
c:\windows\tsc.exe
c:\windows\TSC.INI
c:\windows\tsc.ptn
c:\windows\UNZIP.DLL
c:\windows\vsapi32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFD1E4
-------\Service_afd1E4


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-31 09:57 . 2008-12-31 10:01 <DIR> d-------- c:\program files\UsbFix
2008-12-26 19:31 . 2008-12-26 19:31 <DIR> d-------- c:\program files\Happyneuron
2008-12-17 11:50 . 2008-12-17 11:53 <DIR> d-------- c:\program files\FoxTarot4
2008-12-15 16:54 . 2008-12-15 16:53 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-14 11:15 . 2008-12-14 11:15 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 11:13 . 2008-12-14 11:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 11:13 . 2008-12-14 11:13 <DIR> d-------- c:\documents and settings\Christina\Application Data\Malwarebytes
2008-12-14 11:13 . 2008-12-14 11:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 11:13 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 11:13 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 22:13 . 2008-12-13 22:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-12 15:45 . 2008-12-12 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-10 09:34 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-05 09:42 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-04 18:22 . 2008-01-21 17:43 13,576 --a------ c:\windows\system32\wnaspi32.dll
2008-11-17 16:44 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-17 16:43 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-17 15:40 . 2008-11-17 15:40 <DIR> d-------- c:\program files\Seagate
2008-11-17 14:06 . 2008-11-17 14:25 <DIR> d-------- c:\program files\My Video Converter
2008-11-17 14:06 . 2008-11-17 14:18 67 --a------ c:\windows\My Video Converter.INI
2008-11-13 20:38 . 1994-09-21 00:00 92,208 --a------ c:\windows\system\WING.DLL
2008-11-13 20:38 . 1994-09-21 00:00 12,800 --a------ c:\windows\system\WING32.DLL
2008-11-06 17:08 . 2008-12-05 09:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-05 22:21 . 2008-11-05 22:21 <DIR> d-------- c:\documents and settings\Christina\Application Data\Apple Computer
2008-11-03 22:50 . 2008-11-03 22:50 <DIR> d-------- c:\program files\Common Files\Lenovo
2008-11-03 21:52 . 2008-11-03 21:52 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-03 20:54 . 2008-11-03 21:03 <DIR> d-------- c:\windows\system32\ALIEHCI
2008-11-03 20:54 . 2003-04-03 11:13 274,944 --a------ c:\windows\system32\drivers\ALi51WDM.sys
2008-11-03 20:54 . 2002-11-27 10:54 65,536 --a------ c:\windows\system32\ALi51Cpl.cpl
2008-11-03 20:54 . 2001-11-13 21:24 35,587 --a------ c:\windows\system32\rmusb20.EXE
2008-11-03 20:54 . 2001-11-13 21:24 35,587 --a------ c:\windows\system32\remove.exe
2008-11-03 20:54 . 2005-04-15 16:53 28,672 --a------ c:\windows\system32\Unusb20.exe
2008-11-03 20:54 . 2003-03-07 10:15 28,672 --a------ c:\windows\system32\UnAudio.exe
2008-11-03 20:54 . 2002-11-27 10:57 20,480 --a------ c:\windows\system32\ALi51Snd.exe
2008-11-03 20:54 . 2003-04-08 13:30 18,498 --a------ c:\windows\system32\drivers\ALi51WDM.cat
2008-11-03 20:54 . 2000-01-07 15:20 12,288 --a------ c:\windows\system32\PCIVP.SYS
2008-11-03 20:54 . 2008-11-03 21:04 6,958 --a------ c:\windows\system32\ALiEHCI.isu
2008-11-03 20:54 . 2008-11-03 21:03 3,862 --a------ c:\windows\system32\ALiAudio.isu
2008-11-03 20:50 . 2001-09-19 14:32 720,896 --a--c--- c:\windows\system32\dllcache\a3d.dll
2008-11-03 20:50 . 2001-09-19 14:32 720,896 --a------ c:\windows\system32\a3d.dll
2008-11-03 20:50 . 2003-10-24 12:02 578,816 --a------ c:\windows\system32\drivers\smwdm.sys
2008-11-03 20:50 . 2003-10-23 12:17 100,384 --a------ c:\windows\system32\drivers\aeaudio.sys
2008-11-03 20:50 . 2003-04-08 11:30 3,744 --a------ c:\windows\system32\drivers\smsens.sys
2008-11-03 20:40 . 2008-11-03 20:42 <DIR> d-------- c:\program files\QuickTime
2008-11-03 20:40 . 2008-11-03 20:40 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-03 20:39 . 2008-11-03 20:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-03 20:36 . 2008-12-13 10:09 <DIR> d-------- c:\documents and settings\Christina\Application Data\Uniblue
2008-11-03 20:36 . 2008-12-13 10:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-11-03 19:25 . 2008-11-03 19:25 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-03 19:19 . 2008-11-03 19:22 <DIR> d-------- c:\windows\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 14:51 --------- d-----w c:\program files\Webteh
2008-12-31 14:46 --------- d-----w c:\documents and settings\Christina\Application Data\uTorrent
2008-12-26 18:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 15:53 --------- d-----w c:\program files\Java
2008-12-13 09:06 --------- d-----w c:\program files\Project64 1.6
2008-12-13 09:02 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-04 17:54 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-06 21:21 --------- d-----w c:\program files\CCleaner
2008-11-06 17:26 --------- d-----w c:\documents and settings\Christina\Application Data\dvdcss
2008-11-03 21:50 --------- d-----w c:\program files\Lenovo
2008-11-03 20:52 --------- d-----w c:\program files\Common Files\Real
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_ 9.42.06.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 15:10:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_610.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 00:50 233472 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2008-03-04 10:34 487424 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Christina\\Desktop\\utorrent161.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Christina\\Desktop\\RatioMaster-1.7.5\\RatioMaster.exe"=

R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2005-07-12 13840]
S3 Droppix Service;Droppix Service;"c:\program files\Common Files\Droppix\DxService.exe" [2008-05-22 151552]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {9105C663-5A7A-488A-BEC7-5B96943423AB} = 211.103.158.182,202.106.0.20
FF - ProfilePath - c:\documents and settings\Christina\Application Data\Mozilla\Firefox\Profiles\rsc9mw07.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 16:14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C39A52E0-B90F-3972-349B-89959FEA01B9}*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-1644491937-1708537768-1957994488-1003
@Allowed: (Full) (S-1-5-21-1644491937-1708537768-1957994488-1003)
@Allowed: (Full) (S-1-5-21-1644491937-1708537768-1957994488-1003)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
@Owner=S-1-5-21-1644491937-1708537768-1957994488-1003
"OODEFRAG10.00.00.01WORKSTATION"="A7E0682F14FD6F6757998DE2D93445552D682438A7998727B39DE96A6EF11E7B7951D3E128BDD0ACE950CAF216EB2A96FC94C0305D1A316C314E8FBF63ECF5A15C042754096CE35CC0B413A3AAF9EE7E041CC4FA7751083EDFF3B9D8169BEBC7B855E71D13133378F31F7F4B30B0C2A02771FD51EE78FE5F92398BEC7A405604EFCA2B17599A9A080F0ABC84F5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB34528EDD5E5BE2F6E667683F4BB4339EACCD0F016A14C5BC286516CB028D04BE4AD99F9FE743B14AD9BB4D8A859B21E7C0C1A2875AD75C0609CDF9A4F98363C66F3B8079A8307121008B5073FC825CD5C3D50EE81A8A7CA9008A1C89747928F6840BDD8FA813BE128C8D8C4A5F02BFF6A752937AC972F84B3F2289F4247D41A99EABAD9EC8E5C04A95A2FE35DEA4C96E24B45BE40CC64A223F4FB2B43A96BE4B14B448BCED1DBF8CF2DC0B2CB16A9EF3B3AEF0A786328C7CBA816BEDEEBCD4DE03726C50809E2CAE430777FB104584D192A64393E4D6FE39305AEC957E5E5D774B63BA156DC2169BE61DED45391C67E844B5A54E554705CD62B1D276295A54BF103BB79C2559B3D103CEFBFDED4A542B8DA950D10A8C28425B8F9E30B0075CF43AE24E489CA3DE630281956D729F7E1F7A82DDEC392213326334B3345DAC386875F24B514B5895750F4D113193DDBD62D877CE3F1F7716CD89135BCBFC89517FB23F6043AFA0F9449B7FA73A1CBC8D23B9F184BF797126D923D0C00FDCCD3532A4C6227EC99AD19C5F97F8CBDF678A24F20FC8B80BE7D8AEC4C8766E501E950FC4448AB41D5886E04FCA8601B2FCF8BC212045C71B276BB8CB09EDAB3115C4B64E22F66F33E0A707AC8037C46E8FC0D89F2A8A5EF36FBDF7D6D302DDD83EBE5FC200298A99ACE49B7657D458F227EBF792670A4262F2540048216EF0289A9ED165B0C535DEAA153A711E8E5120BE282C5FC51E0D3C5B5579489BD1A183A0A4E93EBC56F31A3D3396285A7718DA44C99E2F6700ACD5458DA1C09F338451B7371B1ADFC99DE0B9DA76E64304680E9CC708F11F50E28BBE6E48E1417A7FFDBDDE6908096F5E53E950B43FC60FD4A61DBCB959F891C53ACD8AD19EC6F2CDF703C8EE5D5BFC35100D773F0685D8401891E5955AB12BBEC5E91836ADAA4DFD34CDC4D8312E0E77BB545C97545281E455382915AF3BE80C14FCF5010A1C9EF1AA564868608E9C4C7F652BD48737114E59458BC15939F9BE116A2353F3FB5E61554A6C718B3A0DAF885BB62140F070DEA25FB8BA1609723D298342616EE1695734C96EDE95A6A3EF0642743BE4EDEFC932A100B36FB3C8C151929CF33F9880B24CE92EAD277988322E1FFD751E55C0988D"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-31 16:17:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 15:16:23
ComboFix2.txt 2008-12-31 08:44:30

Pre-Run: 25,477,832,704 bytes free
Post-Run: 25,465,098,240 bytes free

878










Voila Voila puis le resultat du scan online de Kaspersky:










--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, January 05, 2009 10:30:35
Records in database: 1562950
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 43946
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 04:21:09


File name / Threat name / Threats count
C:\WINDOWS\system32\TTLService.exe Infected: Worm.Win32.AutoRun.dhb 1

The selected area was scanned.




entre temps un disk usb avait ete pluger sur mon ordi et apparemment il y avais une infection donc j'efface manuellement le fichier : C:\WINDOWS\system32\TTLService.exe, c'est tout pour l'instant,



peut t'on voir si c'est toujours infecter a ce niveau ?
Merci Beaucoup a toi pour tout et Bonne Année

Bonsoir,

1) Supprime le fichier C:\WINDOWS\system32\TTLService.exe


2) Supprime ta version de USBFix via ajout/suppression de programmes


3) Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

- Lance l'installation avec les paramètres par défaut
- Branche tes sources de données externes (clés USB, HDD externes, lecteurs MP3) à ton PC sans les ouvrir
- Double clique sur le raccourci UsbFix sur ton bureau
- Le pc va redémarrer
- Après redémarrage, poste le rapport UsbFix.txt (il est sauvegardé a la racine du disque dur).


4) Comme anti-virus, je te conseille AntiVir.
Tu trouveras un tutorial sur Antivir depuis ce lien : http://www.malekal.com/tutorial_antivir.php

- Fais un scan complet de ton système.
- Poste le rapport de scan dans ta prochaine réponse.


A plus tard.