Se connecter / S'enregistrer
Votre question

grand malade

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Février 2008 09:36:11

bonjour
je suis une petite nouvelle sur le forum
j'ai récupéré l'ordi d'un petit cousin
bien malade (l'ordi pas lui)
son antivirus était périmé depuis 6 mois
j'ai installé avast qui a détecté un nombre impressionnant de virus
ci dessous le rapport d'avast
13/02/2008 21:20:49 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00F2745.dat" file.
13/02/2008 21:20:56 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\SYSTEM32\__C0084FE6.DAT" file.
13/02/2008 21:22:07 SYSTEM 1280 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\SYSTEM32\JKHFE.DLL" file.
13/02/2008 21:22:28 SYSTEM 1280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\BSDHYYVS.DLL" file.
13/02/2008 21:24:36 SYSTEM 1280 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\SYSTEM32\BANWMMFW.DLL" file.
13/02/2008 21:27:22 Admin 2176 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
13/02/2008 21:54:10 SYSTEM 1280 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
13/02/2008 21:55:18 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00F2745.dat" file.
13/02/2008 21:55:40 SYSTEM 1280 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\SYSTEM32\__C0084FE6.DAT" file.
13/02/2008 22:00:43 SYSTEM 1608 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 08:03:13 SYSTEM 1600 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 08:06:52 Admin 1712 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "c:\windows\system32\jkhfe.dll" file.
14/02/2008 08:07:08 Admin 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "c:\windows\system32\mlljg.dll" file.
14/02/2008 08:07:17 Admin 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "c:\windows\system32\vtsqp.dll" file.
14/02/2008 08:07:41 SYSTEM 1600 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 08:10:17 Admin 3380 Sign of "VBS:Malware-gen" has been found in "C:\Documents and Settings\Admin\Bureau\AUTORUN.INF" file.
14/02/2008 08:41:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\aavtgtmr.dll.vir" file.
14/02/2008 09:00:53 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP240\A0041545.dll" file.
14/02/2008 09:01:10 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP240\A0041559.dll" file.
14/02/2008 09:01:24 Admin 3380 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP241\A0041666.INF" file.
14/02/2008 09:07:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\adgqfglj.dll" file.
14/02/2008 09:07:36 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\aihpqmkb.dll" file.
14/02/2008 09:07:40 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\aprnpsba.dll" file.
14/02/2008 09:07:43 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\bbwshmef.dll" file.
14/02/2008 09:07:45 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\bsdhyyvs.dll" file.
14/02/2008 09:07:49 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\ccwiymgy.dll" file.
14/02/2008 09:08:19 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\dlpjspjv.dll" file.
14/02/2008 09:08:32 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\dmyccplv.dll" file.
14/02/2008 09:08:44 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\ejkbguqx.dll" file.
14/02/2008 09:08:45 Admin 3380 Sign of "Win32:BHO-JG [Trj]" has been found in "C:\WINDOWS\system32\eniaorxe.dll" file.
14/02/2008 09:08:46 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ewysghvc.dll" file.
14/02/2008 09:08:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\fakkkjhr.dll" file.
14/02/2008 09:08:48 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\fbnuuqyw.dll" file.
14/02/2008 09:08:49 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\fevhuexq.dll" file.
14/02/2008 09:08:52 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ghdrrfoa.dll" file.
14/02/2008 09:08:54 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\gkbnnbmt.dll" file.
14/02/2008 09:08:55 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\gmglxpal.dll" file.
14/02/2008 09:08:55 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\gpvxiear.dll" file.
14/02/2008 09:09:03 Admin 3380 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\ihbjxvxt.dll" file.
14/02/2008 09:09:13 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\itxwfchc.dll" file.
14/02/2008 09:09:14 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\jghaowoe.dll" file.
14/02/2008 09:09:15 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\jiaasiue.dll" file.
14/02/2008 09:09:16 Admin 3380 Sign of "Win32:Virtumonde-EL [Adw]" has been found in "C:\WINDOWS\system32\jkhfe.dll" file.
14/02/2008 09:09:18 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\kgwtngce.dll" file.
14/02/2008 09:09:20 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\kurvxogg.dll" file.
14/02/2008 09:09:20 Admin 3380 Sign of "Win32:BHO-JF [Trj]" has been found in "C:\WINDOWS\system32\kvteuqle.dll" file.
14/02/2008 09:09:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\lsionlbu.dll" file.
14/02/2008 09:09:25 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\lwfgtdmy.dll" file.
14/02/2008 09:09:26 Admin 3380 Sign of "Win32:TratBHO [Trj]" has been found in "C:\WINDOWS\system32\lybvgbfw.dll" file.
14/02/2008 09:09:27 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\mbkhogri.dll" file.
14/02/2008 09:09:28 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\menacspj.dll" file.
14/02/2008 09:09:30 Admin 3380 Sign of "Win32:BHO-JL [Trj]" has been found in "C:\WINDOWS\system32\mfvqsptx.dll" file.
14/02/2008 09:09:31 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\mlljg.dll" file.
14/02/2008 09:09:44 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\mxxsrerx.dll" file.
14/02/2008 09:09:45 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\nbnaahfe.dll" file.
14/02/2008 09:09:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\nobmvfri.dll" file.
14/02/2008 09:09:50 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\oalbsqcf.dll" file.
14/02/2008 09:09:55 Admin 3380 Sign of "Win32:BHO-JG [Trj]" has been found in "C:\WINDOWS\system32\ovugwfwb.dll" file.
14/02/2008 09:09:57 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\paxgdmej.dll" file.
14/02/2008 09:10:00 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\puteappe.dll" file.
14/02/2008 09:10:01 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\puvedajl.dll" file.
14/02/2008 09:10:04 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\rdrmrjyf.dll" file.
14/02/2008 09:10:06 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\rnxayebd.dll" file.
14/02/2008 09:10:07 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\ropnjque.dll" file.
14/02/2008 09:10:11 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\rvfwojdm.dll" file.
14/02/2008 09:10:13 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\sduralfr.dll" file.
14/02/2008 09:10:33 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\tgcjbfwm.dll" file.
14/02/2008 09:10:35 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\tqwbsptb.dll" file.
14/02/2008 09:10:36 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\trefncwf.dll" file.
14/02/2008 09:10:39 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\ttohixpq.dll" file.
14/02/2008 09:10:41 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\udqoynsf.dll" file.
14/02/2008 09:10:42 Admin 3380 Sign of "Win32:BHO-JX [Trj]" has been found in "C:\WINDOWS\system32\ukqgfioo.dll" file.
14/02/2008 09:10:43 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\uoegvlct.dll" file.
14/02/2008 09:10:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vfwjdfxc.dll" file.
14/02/2008 09:10:47 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vkqgsqch.dll" file.
14/02/2008 09:10:48 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vqmjiatj.dll" file.
14/02/2008 09:10:49 Admin 3380 Sign of "Win32:BHO-JX [Trj]" has been found in "C:\WINDOWS\system32\vraqiwjo.dll" file.
14/02/2008 09:10:49 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\vsilkcrj.dll" file.
14/02/2008 09:10:50 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\vtsqp.dll" file.
14/02/2008 09:10:51 Admin 3380 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\system32\vuqjiedg.dll" file.
14/02/2008 09:10:59 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\wfwvblxl.dll" file.
14/02/2008 09:11:08 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\wslkbknn.dll" file.
14/02/2008 09:11:13 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\xgdkxsbc.dll" file.
14/02/2008 09:11:13 Admin 3380 Sign of "Win32:BHO-JM [Trj]" has been found in "C:\WINDOWS\system32\xhlxdugo.dll" file.
14/02/2008 09:11:14 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\xhnrcfqd.dll" file.
14/02/2008 09:11:15 Admin 3380 Sign of "Win32:Vundo-gen55 [Adw]" has been found in "C:\WINDOWS\system32\xkpbrghn.dll" file.
14/02/2008 09:11:16 Admin 3380 Sign of "Win32:BHO-JC [Trj]" has been found in "C:\WINDOWS\system32\xublrtcp.dll" file.
14/02/2008 09:11:17 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\xwvgwcma.dll" file.
14/02/2008 09:11:18 Admin 3380 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\yltnmkvs.dll" file.
14/02/2008 09:11:18 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c001998E.dat" file.
14/02/2008 09:11:19 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c001DD10.dat" file.
14/02/2008 09:11:20 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c0022E10.dat" file.
14/02/2008 09:11:20 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c0035A90.dat" file.
14/02/2008 09:11:21 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c0038CD8.dat" file.
14/02/2008 09:11:21 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c004DB46.dat" file.
14/02/2008 09:11:22 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c005180E.dat" file.
14/02/2008 09:11:22 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c005872C.dat" file.
14/02/2008 09:11:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c006693C.dat" file.
14/02/2008 09:11:23 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c006BF7C.dat" file.
14/02/2008 09:11:24 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c007BD62.dat" file.
14/02/2008 09:11:24 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c009AC40.dat" file.
14/02/2008 09:11:25 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00A7D4D.dat" file.
14/02/2008 09:11:26 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00BE73.dat" file.
14/02/2008 09:11:26 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00C5B60.dat" file.
14/02/2008 09:11:27 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00D821C.dat" file.
14/02/2008 09:11:27 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c00DF8C9.dat" file.
14/02/2008 09:11:28 Admin 3380 Sign of "Win32:Agent-QHK [Trj]" has been found in "C:\WINDOWS\system32\__c

j'ai fait également un scan avec hijack
Logfile of HijackThis v1.99.1
Scan saved at 09:33:07, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {945DB755-2EF7-42B7-BA33-2A0D16DAA0F6} - C:\WINDOWS\system32\jkhfe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF0C7B39-0517-47D6-832C-EC091C3A6861} - C:\WINDOWS\system32\geeba.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {06b89d96-c557-f2ca-dd74-7243fabaaece} - {eceaabaf-3427-47dd-ac2f-755c69d98b60} - C:\WINDOWS\system32\lixgsbgr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [d0551a2b] rundll32.exe "C:\WINDOWS\system32\gxafjssx.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C8AEB8-1D2B-47FB-8E12-288682574BEE}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F2745.dat
O20 - Winlogon Notify: geeba - C:\WINDOWS\system32\geeba.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

je remercie à l'avance la personne qui veut bien m'envoyer une bouée de sauvetage voir un canot de survi.

Autres pages sur : grand malade

14 Février 2008 10:16:22

Salut,

Bonne infection Vundo ;) 

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
14 Février 2008 10:45:14

merci de t'occuper de mon cas !

le rapport combo :
ComboFix 08-02-14.2 - Admin 2008-02-14 10:25:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.536 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkhfe.dll
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\#SharedObjects\L9TD2FBF\iforex.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\#SharedObjects\L9TD2FBF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Admin\Application Data\ShoppingReport
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Admin\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\seekmo
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\__c001998E.dat
C:\WINDOWS\system32\__c001DD10.dat
C:\WINDOWS\system32\__c0022E10.dat
C:\WINDOWS\system32\__c0035A90.dat
C:\WINDOWS\system32\__c0038CD8.dat
C:\WINDOWS\system32\__c004DB46.dat
C:\WINDOWS\system32\__c005180E.dat
C:\WINDOWS\system32\__c005872C.dat
C:\WINDOWS\system32\__c006693C.dat
C:\WINDOWS\system32\__c006BF7C.dat
C:\WINDOWS\system32\__c007BD62.dat
C:\WINDOWS\system32\__C0084FE6.DAT
C:\WINDOWS\system32\__c009AC40.dat
C:\WINDOWS\system32\__c00A7D4D.dat
C:\WINDOWS\system32\__c00BE73.dat
C:\WINDOWS\system32\__c00C5B60.dat
C:\WINDOWS\system32\__c00D821C.dat
C:\WINDOWS\system32\__c00DF8C9.dat
C:\WINDOWS\system32\__c00E2B70.dat
C:\WINDOWS\system32\adgqfglj.dll
C:\WINDOWS\system32\aihpqmkb.dll
C:\WINDOWS\system32\aprnpsba.dll
C:\WINDOWS\system32\bsdhyyvs.dll
C:\WINDOWS\system32\ceuqqgkp.dll
C:\WINDOWS\system32\daibfhio.ini
C:\WINDOWS\system32\dlpjspjv.dll
C:\WINDOWS\system32\dmyccplv.dll
C:\WINDOWS\system32\dxqcajpu.ini
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\efhkj.ini2
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\ejkbguqx.dll
C:\WINDOWS\system32\ewysghvc.dll
C:\WINDOWS\system32\fakkkjhr.dll
C:\WINDOWS\system32\fbnuuqyw.dll
C:\WINDOWS\system32\fevhuexq.dll
C:\WINDOWS\system32\ghdrrfoa.dll
C:\WINDOWS\system32\gkbnnbmt.dll
C:\WINDOWS\system32\gpvxiear.dll
C:\WINDOWS\system32\gxafjssx.dll
C:\WINDOWS\system32\ihbjxvxt.dll
C:\WINDOWS\system32\iisyxtek.ini
C:\WINDOWS\system32\itxwfchc.dll
C:\WINDOWS\system32\jghaowoe.dll
C:\WINDOWS\system32\jiaasiue.dll
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\ketxysii.dll
C:\WINDOWS\system32\kgwtngce.dll
C:\WINDOWS\system32\kurvxogg.dll
C:\WINDOWS\system32\lixgsbgr.dll
C:\WINDOWS\system32\lsionlbu.dll
C:\WINDOWS\system32\lwfgtdmy.dll
C:\WINDOWS\system32\lybvgbfw.dll
C:\WINDOWS\system32\mbkhogri.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\menacspj.dll
C:\WINDOWS\system32\mfvqsptx.dll
c:\WINDOWS\system32\mkfitppms.dat
C:\WINDOWS\system32\mkfitppms.exe
c:\WINDOWS\system32\mkfitppms_nav.dat
c:\WINDOWS\system32\mkfitppms_navps.dat
C:\WINDOWS\system32\mxxsrerx.dll
C:\WINDOWS\system32\nbnaahfe.dll
C:\WINDOWS\system32\nobmvfri.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\oalbsqcf.dll
C:\WINDOWS\system32\paxgdmej.dll
C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\puteappe.dll
C:\WINDOWS\system32\puvedajl.dll
C:\WINDOWS\system32\pvgcxpmf.ini
C:\WINDOWS\system32\rdrmrjyf.dll
C:\WINDOWS\system32\sduralfr.dll
C:\WINDOWS\system32\svyyhdsb.ini
C:\WINDOWS\system32\tqwbsptb.dll
C:\WINDOWS\system32\trefncwf.dll
C:\WINDOWS\system32\ttohixpq.dll
C:\WINDOWS\system32\udqoynsf.dll
C:\WINDOWS\system32\ukqgfioo.dll
C:\WINDOWS\system32\uoegvlct.dll
C:\WINDOWS\system32\vfwjdfxc.dll
C:\WINDOWS\system32\vkqgsqch.dll
C:\WINDOWS\system32\vqmjiatj.dll
C:\WINDOWS\system32\vraqiwjo.dll
C:\WINDOWS\system32\vsilkcrj.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\vuqjiedg.dll
C:\WINDOWS\system32\wfwvblxl.dll
C:\WINDOWS\system32\wslkbknn.dll
C:\WINDOWS\system32\xgdkxsbc.dll
C:\WINDOWS\system32\xhlxdugo.dll
C:\WINDOWS\system32\xhnrcfqd.dll
C:\WINDOWS\system32\xssjfaxg.ini
C:\WINDOWS\system32\xublrtcp.dll
C:\WINDOWS\system32\xwvgwcma.dll
C:\WINDOWS\system32\yltnmkvs.dll
C:\WINDOWS\system32\yqmlhwie.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.

2008-02-14 09:12 . 2008-02-14 09:12 78,912 --a------ C:\WINDOWS\system32\BANWMMFW.DLL
2008-02-13 22:19 . 2008-02-13 22:19 <REP> d-------- C:\VundoFix Backups
2008-02-13 22:18 . 2008-02-13 22:18 132,608 --a------ C:\VundoFix.exe
2008-02-13 22:09 . 2008-02-14 09:32 <REP> d-------- C:\hijack
2008-02-13 22:08 . 2008-02-13 22:08 212,849 --a------ C:\antivirus sonia.zip
2008-02-13 20:50 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 20:50 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-13 20:50 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-13 20:49 . 2008-02-13 20:49 <REP> d-------- C:\Program Files\Alwil Software
2008-02-13 20:49 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-13 20:49 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-13 20:49 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-13 20:49 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 20:49 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 14:34 . 2008-02-13 14:35 <REP> d-------- C:\Program Files\Google
2008-02-13 14:34 . 2008-02-13 14:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 13:44 . 2008-02-13 13:44 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-02-03 20:36 . 2008-02-03 20:36 268 --ah----- C:\sqmdata06.sqm
2008-02-03 20:36 . 2008-02-03 20:36 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 16:24 . 2008-02-03 16:24 268 --ah----- C:\sqmdata05.sqm
2008-02-03 16:24 . 2008-02-03 16:24 244 --ah----- C:\sqmnoopt05.sqm
2008-01-27 18:01 . 2008-01-27 18:01 <REP> d-------- C:\Program Files\Ubi Soft
2008-01-26 16:06 . 2008-02-08 18:26 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-14 16:45 . 2008-01-27 16:06 29,080 ---hs---- C:\WINDOWS\system32\otqtyili.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-27 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 12:44 --------- d-----w C:\Program Files\EA GAMES
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-06-29 11:47 461 ----a-w C:\Program Files\INSTALL.LOG
2007-10-11 13:34 144,346 --sh--w C:\WINDOWS\system32\abeeg.bak1
2007-10-15 13:21 163,146 --sh--w C:\WINDOWS\system32\abeeg.bak2
2007-09-20 13:39 6,729 --sh--w C:\WINDOWS\system32\gjllm.bak1
2007-09-27 18:17 14,915 --sh--w C:\WINDOWS\system32\gjllm.bak2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF0C7B39-0517-47D6-832C-EC091C3A6861}]
C:\WINDOWS\system32\geeba.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-13 14:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 19:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 19:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 19:10 114688]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 18:16 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 09:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 13:04 671744]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 18:11 53248]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 15:49 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 10:14 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"TFncKy"="TFncKy.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 11:31 1077328]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 15:25 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 00:37 57344]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeba]
C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]
C:\WINDOWS\system32\mlljg.dll 2007-09-16 15:10 283232 C:\WINDOWS\system32\mlljg.dll

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-06-03 18:49]
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\Admin\LOCALS~1\Temp\DMSKSSRh.sys []
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70256860-f0dd-11db-b3eb-000fb0e29385}]
\Shell\AutoRun\command - Scooter07.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 10:33:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-14 10:35:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 09:35:08
.
2008-02-13 20:59:21 --- E O F ---
Contenus similaires
14 Février 2008 18:16:58

Re,

Copie le texte se situant dans le cadre ci-dessous :

Driver::
DMSKSSRh

File::
C:\DOCUME~1\Admin\LOCALS~1\Temp\DMSKSSRh.sys
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\otqtyili.ini
C:\WINDOWS\system32\BANWMMFW.DLL

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF0C7B39-0517-47D6-832C-EC091C3A6861}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeba]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
15 Février 2008 13:55:46

voici la suite :

rapport combo

ComboFix 08-02-14.2 - Admin 2008-02-15 13:28:40.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.647 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Bureau\CFSCRIPT.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\DOCUME~1\Admin\LOCALS~1\Temp\DMSKSSRh.sys
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\BANWMMFW.DLL
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\otqtyili.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\BANWMMFW.DLL
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\otqtyili.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DMSKSSRH
-------\DMSKSSRh


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
.

2008-02-13 22:18 . 2008-02-13 22:18 132,608 --a------ C:\VundoFix.exe
2008-02-13 22:09 . 2008-02-14 09:32 <REP> d-------- C:\hijack
2008-02-13 22:08 . 2008-02-13 22:08 212,849 --a------ C:\antivirus sonia.zip
2008-02-13 20:50 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-13 20:50 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-13 20:50 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-13 20:49 . 2008-02-13 20:49 <REP> d-------- C:\Program Files\Alwil Software
2008-02-13 20:49 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-13 20:49 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-13 20:49 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-13 20:49 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-13 20:49 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-13 14:34 . 2008-02-13 14:35 <REP> d-------- C:\Program Files\Google
2008-02-13 14:34 . 2008-02-13 14:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-13 13:44 . 2008-02-13 13:44 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-02-03 20:36 . 2008-02-03 20:36 268 --ah----- C:\sqmdata06.sqm
2008-02-03 20:36 . 2008-02-03 20:36 244 --ah----- C:\sqmnoopt06.sqm
2008-02-03 16:24 . 2008-02-03 16:24 268 --ah----- C:\sqmdata05.sqm
2008-02-03 16:24 . 2008-02-03 16:24 244 --ah----- C:\sqmnoopt05.sqm
2008-01-27 18:01 . 2008-01-27 18:01 <REP> d-------- C:\Program Files\Ubi Soft
2008-01-26 16:06 . 2008-02-08 18:26 <REP> d-------- C:\WINDOWS\system32\fr-fr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 19:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-27 17:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 12:44 --------- d-----w C:\Program Files\EA GAMES
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-06-29 11:47 461 ----a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-13 14:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 19:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 19:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 19:10 114688]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-06 18:16 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 09:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 06:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 13:04 671744]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 18:11 53248]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 12:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 12:45 65536]
"Zooming"="ZoomingHook.exe" [2005-06-06 08:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 15:49 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 10:14 266240 C:\WINDOWS\system32\TPSMain.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784]
"TFncKy"="TFncKy.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 11:31 1077328]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 15:25 73728]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [ ]
"CFSServ.exe"="CFSServ.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 00:37 57344]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]

R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-06-03 18:49]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-03-24 15:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70256860-f0dd-11db-b3eb-000fb0e29385}]
\Shell\AutoRun\command - Scooter07.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 13:32:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-15 13:35:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 12:34:56
ComboFix2.txt 2008-02-14 09:35:12
.
2008-02-13 20:59:21 --- E O F ---

rapport hijack :
Logfile of HijackThis v1.99.1
Scan saved at 13:47:54, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C8AEB8-1D2B-47FB-8E12-288682574BEE}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe



15 Février 2008 16:22:02

Re,

C'est quoi ça ? --> C:\antivirus sonia.zip

*****************

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
Le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

**************

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète, poste le rapport.
15 Février 2008 16:42:05

VOICI LE RAPPORT CLEAN
15/02/2008 a 16:39:31,73

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND

*** Recherche des fichiers dans C:\Program Files
15 Février 2008 17:02:45

Continue et réponds à ma question stp
15 Février 2008 17:09:57

si tu parles du fichier antivirus sonia.zip c'est moi qui ai renomé l'archive téléchargée hijackthis
15 Février 2008 17:29:13

Ok ;) 
15 Février 2008 18:35:47

voici la suite
rapport antivir
AntiVir PersonalEdition Classic
Report file date: vendredi 15 février 2008 17:48

Scanning for 1110498 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PMOCQUILLON

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:46:46
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 16:46:46
ANTIVIR3.VDF : 7.0.2.147 199168 Bytes 15/02/2008 16:46:46
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 16:46:47
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/02/2008 16:46:47
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 15 février 2008 17:48

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'CFSServ.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'PadExe.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'TCtrlIOHook.exe' - '1' Module(s) have been scanned
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TPTray.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_PMOCQUILLON.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> qoobox/Quarantine/C/Program Files/ShoppingReport/Uninst.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
--> qoobox/Quarantine/C/WINDOWS/system32/adgqfglj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/aihpqmkb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/aprnpsba.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/BANWMMFW.DLL.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/bsdhyyvs.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ceuqqgkp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/dlpjspjv.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/dmyccplv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/ewysghvc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/fakkkjhr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/fbnuuqyw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/fevhuexq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/ghdrrfoa.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/gkbnnbmt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/gpvxiear.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/ihbjxvxt.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVA
--> qoobox/Quarantine/C/WINDOWS/system32/itxwfchc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/jghaowoe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/jiaasiue.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/jkhfe.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/kgwtngce.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/kurvxogg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/lsionlbu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/lwfgtdmy.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/lybvgbfw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/mbkhogri.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/menacspj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/mfvqsptx.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/mlljg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/mxxsrerx.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/nbnaahfe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/nobmvfri.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/oalbsqcf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/paxgdmej.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/puteappe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/puvedajl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/rdrmrjyf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/sduralfr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/tqwbsptb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/trefncwf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/ttohixpq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/udqoynsf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/ukqgfioo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/uoegvlct.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/vfwjdfxc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/vkqgsqch.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/vqmjiatj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/vraqiwjo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/vsilkcrj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/vtsqp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> qoobox/Quarantine/C/WINDOWS/system32/vuqjiedg.dll.vir
[DETECTION] Is the Trojan horse TR/Virtumonde.C
--> qoobox/Quarantine/C/WINDOWS/system32/wfwvblxl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/wslkbknn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/xgdkxsbc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/xhlxdugo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AW
--> qoobox/Quarantine/C/WINDOWS/system32/xhnrcfqd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/xublrtcp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.dqo.1
--> qoobox/Quarantine/C/WINDOWS/system32/xwvgwcma.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/yltnmkvs.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVA
--> qoobox/Quarantine/C/WINDOWS/system32/__c001998E.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c001DD10.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c0022E10.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c0035A90.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c0038CD8.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c004DB46.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c005180E.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c005872C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c006693C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c006BF7C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c007BD62.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__C0084FE6.DAT.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c009AC40.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c00A7D4D.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c00BE73.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c00C5B60.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c00D821C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c00DF8C9.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/C/WINDOWS/system32/__c00E2B70.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
--> qoobox/Quarantine/catchme2008-02-14_103249.32.zip
[2] Archive type: ZIP
--> jkhfe.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4821c2e5.qua'!
C:\QooBox\Quarantine\catchme2008-02-14_103249.32.zip
[0] Archive type: ZIP
--> jkhfe.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4829cb42.qua'!
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Uninst.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '481ecb54.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\adgqfglj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481ccb52.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\aihpqmkb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481dcb57.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\aprnpsba.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4827cb5f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\BANWMMFW.DLL.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4803cb30.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bsdhyyvs.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4819cb62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ceuqqgkp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482acb54.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dlpjspjv.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4825cb5c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dmyccplv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482ecb5d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ewysghvc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482ecb68.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fakkkjhr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4820cb52.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fbnuuqyw.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4823cb53.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fevhuexq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482bcb56.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ghdrrfoa.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4819cb5a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gkbnnbmt.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4817cb5d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gpvxiear.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482bcb62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ihbjxvxt.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVA
[INFO] The file was moved to '4817cb5b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\itxwfchc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '482dcb67.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jghaowoe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481dcb5a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jiaasiue.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4816cb5d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\jkhfe.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '481dcb5f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kgwtngce.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482ccb5b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kurvxogg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4827cb69.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lsionlbu.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481ecb68.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lwfgtdmy.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481bcb6c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lybvgbfw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4817cb6f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mbkhogri.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4820cb58.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\menacspj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4823cb5b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mfvqsptx.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '482bcb5c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mlljg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4821cb63.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mxxsrerx.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482dcb6f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nbnaahfe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4823cb59.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nobmvfri.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4817cb67.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\oalbsqcf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4821cb59.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\paxgdmej.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482dcb59.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\puteappe.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4829cb6d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\puvedajl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482bcb6e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rdrmrjyf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4827cb5d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\sduralfr.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482acb5d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tqwbsptb.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482ccb6b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\trefncwf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481acb6c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ttohixpq.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4824cb6e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\udqoynsf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4826cb5e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ukqgfioo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4826cb66.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\uoegvlct.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481acb6a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vfwjdfxc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482ccb61.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vkqgsqch.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4959b277.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vqmjiatj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4822cb6d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vraqiwjo.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4816cb6e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vsilkcrj.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '481ecb6f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vtsqp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4828cb71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vuqjiedg.dll.vir
[DETECTION] Is the Trojan horse TR/Virtumonde.C
[INFO] The file was moved to '4826cb72.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wfwvblxl.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482ccb63.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wslkbknn.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4821cb71.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xgdkxsbc.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4819cb65.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xhlxdugo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AW
[INFO] The file was moved to '4821cb66.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xhnrcfqd.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4823cb66.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xublrtcp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.dqo.1
[INFO] The file was moved to '4817cb74.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xwvgwcma.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '482bcb76.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yltnmkvs.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVA
[INFO] The file was moved to '4829cb6b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c001998E.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb5f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c001DD10.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b270.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c0022E10.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb61.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c0035A90.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b272.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c0038CD8.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb60.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c004DB46.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b271.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c005180E.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c005872C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b273.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c006693C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb63.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c006BF7C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b274.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c007BD62.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb65.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__C0084FE6.DAT.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47f8cb62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c009AC40.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb64.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c00A7D4D.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b275.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c00BE73.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb66.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c00C5B60.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b276.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c00D821C.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb67.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c00DF8C9.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4967b278.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\__c00E2B70.dat.vir
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4818cb69.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP234\A0037979.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47e5cb62.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP237\A0041235.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47e5cb6c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP240\A0041545.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb76.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP240\A0041559.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4698a577.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041673.exe
[DETECTION] Contains detection pattern of the dropper DR/MartShop.2
[INFO] The file was moved to '47e5cb7c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041678.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb7d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041679.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a57e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041680.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb7f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041681.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4698a580.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041682.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5cb7e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041683.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a57f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041684.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5cb80.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041686.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a581.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041687.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb81.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041688.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a582.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041689.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb83.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041690.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a584.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041691.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb82.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041692.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a583.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041694.dll
[DETECTION] Is the Trojan horse TR/Vundo.DVA
[INFO] The file was moved to '47e5cb84.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041695.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4698a585.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041696.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb85.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041697.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a586.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041699.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb87.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041700.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4698a588.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041702.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb86.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041703.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a587.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041704.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5cb88.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041705.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb89.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041706.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a58a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041707.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e5cb8b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041708.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a58c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041709.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a589.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041710.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb8a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041711.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a58b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041712.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb8c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041713.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb8d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041714.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a58e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041715.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb8f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041716.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a590.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041717.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb91.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041718.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a58d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041719.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb8e.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041720.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a58f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041721.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4698a592.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041722.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb93.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041723.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a594.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041724.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb95.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041725.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb90.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041726.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4698a591.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041727.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb92.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041728.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4698a593.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041729.dll
[DETECTION] Is the Trojan horse TR/Virtumonde.C
[INFO] The file was moved to '4698a596.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041730.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb97.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041731.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a598.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041732.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47e5cb99.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041733.dll
[DETECTION] Is the Trojan horse TR/Vundo.AW
[INFO] The file was moved to '47e5cb94.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041734.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a595.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041735.dll
[DETECTION] Is the Trojan horse TR/Vundo.dqo.1
[INFO] The file was moved to '47e5cb96.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041736.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '4698a597.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041737.dll
[DETECTION] Is the Trojan horse TR/Vundo.DVA
[INFO] The file was moved to '4698a59a.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP242\A0041749.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5cb9b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP243\A0041821.DLL
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4698a59c.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP243\A0041822.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5cb98.qua'!
C:\WINDOWS\system32\aldxvbbccb.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '4819ccf5.qua'!
C:\WINDOWS\system32\bbwshmef.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '482ccced.qua'!
C:\WINDOWS\system32\ccwiymgy.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '482cccf0.qua'!
C:\WINDOWS\system32\eniaorxe.dll
[DETECTION] Is the Trojan horse TR/Vundo.AV
[INFO] The file was moved to '481ecd05.qua'!
C:\WINDOWS\system32\gmglxpal.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '481ccd06.qua'!
C:\WINDOWS\system32\kvteuqle.dll
[DETECTION] Is the Trojan horse TR/Vundo.AS
[INFO] The file was moved to '4829cd17.qua'!
C:\WINDOWS\system32\ovugwfwb.dll
[DETECTION] Is the Trojan horse TR/Vundo.AV
[INFO] The file was moved to '482acd26.qua'!
C:\WINDOWS\system32\rnxayebd.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '482dcd23.qua'!
C:\WINDOWS\system32\ropnjque.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4825cd24.qua'!
C:\WINDOWS\system32\rvfwojdm.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '481bcd2c.qua'!
C:\WINDOWS\system32\tgcjbfwm.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4818cd24.qua'!
C:\WINDOWS\system32\xkpbrghn.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4825cd33.qua'!


End of the scan: vendredi 15 février 2008 18:34
Used time: 46:05 min

The scan has been done completely.

4804 Scanning directories
312022 Files were scanned
236 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
157 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
311786 Files not concerned
6721 Archives were scanned
2 Warnings
0 Notes

15 Février 2008 18:42:38

Re,

Apparemment il en restait un peu.

Vérification :

Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

Télécharge DiagHelp.zip (de Malekal) sur ton bureau (Tuto)
Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître ! )
Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve également >> C:\resultat.txt <<
Poste le rapport ici.

Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/.
Tuto
15 Février 2008 18:55:12

je dois partir
je ferai la manip demain
grand merci pour ce soir

pour ce qui concerne ta citation
je dirais même plus :
il n'y a que les cons qui ne changent pas d'avis
sur ce
bye
16 Février 2008 10:03:50

DiagHelp version v1.4 - http://www.malekal.com
excute le 16/02/2008 à 9:56:14,29


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->16/02/2008 09:55:45
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->16/02/2008 09:55:44
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->16/02/2008 09:55:15
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->16/02/2008 09:54:26
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->16/02/2008 09:50:48
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->16/02/2008 09:50:39
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->16/02/2008 09:50:02
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->16/02/2008 09:50:02
C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf -->15/02/2008 18:56:20
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->15/02/2008 18:34:31

C:\WINDOWS\System32\drivers\avipbb.sys -->15/02/2008 17:46:47
C:\WINDOWS\System32\drivers\mrxdav.sys -->18/12/2007 10:51:35
C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:55
C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11
C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19
C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 11:32:54

C:\WINDOWS\System32\wpa.dbl -->16/02/2008 09:49:08
C:\WINDOWS\System32\CONFIG.NT -->15/02/2008 17:16:21
C:\WINDOWS\System32\MRT.INI -->13/02/2008 21:59:20
C:\WINDOWS\System32\bdod.bin -->13/02/2008 20:27:37
C:\WINDOWS\System32\MRT.exe -->05/02/2008 00:09:46
C:\WINDOWS\System32\dxfraopx.ini -->14/01/2008 16:45:05
C:\WINDOWS\System32\ueexydbo.ini -->12/01/2008 22:47:27
C:\WINDOWS\System32\pngfilt.dll -->11/01/2008 06:36:55
C:\WINDOWS\System32\dxtmsft.dll -->19/12/2007 23:53:23
C:\WINDOWS\System32\TZLog.log -->17/12/2007 22:31:44
C:\WINDOWS\System32\d05508a5 -->09/12/2007 19:59:48
C:\WINDOWS\System32\mshtml.dll -->08/12/2007 06:08:36
C:\WINDOWS\System32\wininet.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\webcheck.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\urlmon.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\url.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\occache.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\mstime.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\msrating.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\mshtmled.dll -->07/12/2007 03:08:34
C:\WINDOWS\System32\msfeedsbs.dll -->07/12/2007 03:08:33
C:\WINDOWS\System32\msfeeds.dll -->07/12/2007 03:08:33
C:\WINDOWS\System32\jsproxy.dll -->07/12/2007 03:08:33
C:\WINDOWS\System32\inetcpl.cpl -->07/12/2007 03:08:33
C:\WINDOWS\System32\iertutil.dll -->07/12/2007 03:08:33

C:\WINDOWS\WindowsUpdate.log -->16/02/2008 09:50:09
C:\WINDOWS\0.log -->16/02/2008 09:49:01
C:\WINDOWS\wiaservc.log -->16/02/2008 09:48:56
C:\WINDOWS\wiadebug.log -->16/02/2008 09:48:56
C:\WINDOWS\bootstat.dat -->16/02/2008 09:48:30
C:\WINDOWS\SchedLgU.Txt -->15/02/2008 18:56:24
C:\WINDOWS\system.ini -->15/02/2008 13:32:53
C:\WINDOWS\win.ini -->13/02/2008 20:28:35
C:\WINDOWS\TPTray.INI -->07/01/2008 17:46:14
C:\WINDOWS\Thumbs.db -->14/09/2007 20:57:58
C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt -->21/07/2007 16:28:09
C:\WINDOWS\setupapi.log.0.old -->03/07/2007 09:45:05
C:\WINDOWS\explorer.exe -->13/06/2007 14:22:28
C:\WINDOWS\NAVIGMA.INI -->10/03/2007 20:28:24
C:\WINDOWS\RSoftInfo.dat -->23/12/2006 17:57:55

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 144
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16608 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16608 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44160000 0x127000 7.00.6000.16608 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cd000 7.00.6000.16608 C:\WINDOWS\system32\ieframe.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16608 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0xb000 1.00.0008.0000 C:\WINDOWS\system32\TPwrCfg.DLL
0x01ad0000 0x14000 1.00.0004.0000 C:\WINDOWS\system32\TPwrReg.dll
0x01e30000 0xd000 1.00.0003.0000 C:\WINDOWS\system32\TPSTrace.DLL
0x00ee0000 0xe000 7.00.0000.1333 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x02520000 0x1f000 1.04.0008.0000 C:\WINDOWS\system32\dla\tfswshx.dll
0x02050000 0xf000 1.04.0008.0000 C:\WINDOWS\system32\tfswapi.dll
0x02540000 0x9b000 1.04.0008.0000 C:\WINDOWS\system32\dla\tfswcres.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x029a0000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 768
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01090000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D055-1A84

Répertoire de C:\WINDOWS\system32

05/08/2004 11:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 53 430 886 400 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D055-1A84

Répertoire de C:\WINDOWS\Downloaded Program Files

07/10/2007 19:09 <REP> .
07/10/2007 19:09 <REP> ..
16/09/2005 07:36 65 desktop.ini
17/07/2007 09:20 378 ImageUploader4.inf
17/07/2007 09:22 2 635 312 ImageUploader4.ocx
20/06/2006 14:44 379 704 MsnPUpld.dll
19/06/2006 13:40 393 MsnPUpld.inf
20/06/2006 14:44 117 560 PURen-us.dll
09/01/2007 07:30 110 592 PURfr-fr.dll
26/05/2005 03:19 291 wuweb.inf
8 fichier(s) 3 244 295 octets

Total des fichiers listés :
8 fichier(s) 3 244 295 octets
2 Rép(s) 53 430 886 400 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"


Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 09:57:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

IPC error: 2 Le fichier spécifié est introuvable.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
144 - explorer.exe
352 - iexplore.exe
360 - igfxtray.exe
444 - hkcmd.exe
452 - igfxpers.exe
460 - ltmoh.exe
468 - agrsmmsg.exe
500 - Apoint.exe
524 - CeEKey.exe
540 - TPTray.exe
584 - ZoomingHook.exe
632 - TCtrlIOHook.exe
652 - TPSMain.exe
664 - SmoothView.exe
700 - TFncKy.exe
712 - PadExe.exe
732 - TvsTray.exe
744 - csrss.exe
768 - winlogon.exe
788 - NDSTray.exe
812 - services.exe
824 - lsass.exe
828 - tfswctrl.exe
988 - svchost.exe
996 - CFSServ.exe
1048 - svchost.exe
1084 - svchost.exe
1108 - apdproxy.exe
1116 - daemon.exe
1132 - svchost.exe
1220 - ApntEx.exe
1268 - avgnt.exe
1272 - TPSBattM.exe
1288 - PhotoshopElemen
1372 - ctfmon.exe
1420 - TOSCDSPD.exe
1480 - sched.exe
1492 - CFSvcs.exe
1592 - avguard.exe
1784 - GoogleUpdaterSe
1828 - GoogleUpdater.e
1848 - MDM.EXE
1960 - svchost.exe
2288 - svchost.exe
3184 - alg.exe
3600 - cmd.exe
4584 - wscntfy.exe

Total number of processes = 48
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7B0B000 - \WINDOWS\system32\KDCOM.DLL
F7A1B000 - \WINDOWS\system32\BOOTVID.dll
F75C4000 - d347bus.sys
F7595000 - ACPI.sys
F7B0D000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F7584000 - pci.sys
F760B000 - isapnp.sys
F761B000 - ohci1394.sys
F762B000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F7A1F000 - compbatt.sys
F7A23000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F7BD3000 - pciide.sys
F788B000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7B0F000 - intelide.sys
F7566000 - pcmcia.sys
F763B000 - MountMgr.sys
F7547000 - ftdisk.sys
F7A27000 - ACPIEC.sys
F7BD4000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F7893000 - PartMgr.sys
F764B000 - VolSnap.sys
F752F000 -
F7B11000 - d347prt.sys
F7517000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F765B000 - disk.sys
F766B000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F74F7000 - fltMgr.sys
F74E5000 - sr.sys
F74CF000 - drvmcdb.sys
F789B000 - PxHelp20.sys
F74B8000 - KSecDD.sys
F742B000 - Ntfs.sys
F73FE000 - NDIS.sys
F73E3000 - Mup.sys
F77BB000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F7046000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
F7032000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F792B000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F700F000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F7933000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F6FFC000 - \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
F6CDA000 - \SystemRoot\system32\DRIVERS\w29n51.sys
F77EB000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6C6D000 - \SystemRoot\system32\drivers\tifm21.sys
F6C5C000 - \SystemRoot\system32\DRIVERS\sdbus.sys
F6A24000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F6A00000 - \SystemRoot\system32\drivers\portcls.sys
F77FB000 - \SystemRoot\system32\drivers\drmk.sys
F69DD000 - \SystemRoot\system32\drivers\ks.sys
F794B000 - \SystemRoot\system32\DRIVERS\Tvs.sys
F780B000 - \SystemRoot\system32\DRIVERS\wowxt_kern_i386.sys
F7953000 - \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
F68D8000 - \SystemRoot\system32\DRIVERS\AGRSM.sys
F795B000 - \SystemRoot\System32\Drivers\Modem.SYS
F7AD7000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F781B000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F7963000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F68BF000 - \SystemRoot\system32\DRIVERS\Apfiltr.sys
F796B000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F782B000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7973000 - \SystemRoot\system32\drivers\iviaspi.sys
F7ADF000 - \SystemRoot\system32\drivers\pfc.sys
F7B2F000 - \SystemRoot\system32\drivers\sscdbhk5.sys
F783B000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F784B000 - \SystemRoot\system32\DRIVERS\redbook.sys
F7D3D000 - \SystemRoot\system32\DRIVERS\audstub.sys
F785B000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7AE7000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F68A8000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F786B000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F787B000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F797B000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6897000 - \SystemRoot\system32\DRIVERS\psched.sys
F768B000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7983000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F798B000 - \SystemRoot\system32\DRIVERS\raspti.sys
F76AB000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7B31000 - \SystemRoot\system32\DRIVERS\swenum.sys
F5FFE000 - \SystemRoot\system32\DRIVERS\update.sys
F7AF7000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F76BB000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F76EB000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7B37000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7B69000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C5C000 - \SystemRoot\System32\Drivers\Null.SYS
F7B6B000 - \SystemRoot\System32\Drivers\Beep.SYS
F79B3000 - \SystemRoot\system32\drivers\ssrtln.sys
F79BB000 - \SystemRoot\System32\drivers\vga.sys
F7B6D000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7B6F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F79C3000 - \SystemRoot\System32\Drivers\Msfs.SYS
F79CB000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7167000 - \SystemRoot\system32\DRIVERS\rasacd.sys
AAF8D000 - \SystemRoot\system32\DRIVERS\ipsec.sys
AAF35000 - \SystemRoot\system32\DRIVERS\tcpip.sys
AAF0D000 - \SystemRoot\system32\DRIVERS\netbt.sys
AAEEB000 - \SystemRoot\System32\drivers\afd.sys
F777B000 - \SystemRoot\system32\DRIVERS\netbios.sys
F7163000 - \SystemRoot\System32\Drivers\TPwSav.sys
F79DB000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
AAEA2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F778B000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F7B71000 - \SystemRoot\System32\Drivers\SSIoMngr.sys
AAE77000 - \SystemRoot\system32\DRIVERS\rdbss.sys
AAE08000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F779B000 - \SystemRoot\System32\Drivers\Fips.SYS
F77AB000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F77CB000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F7B73000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F60E7000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F5FF2000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F60C7000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F79F3000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F5FE6000 - \SystemRoot\system32\DRIVERS\mouhid.sys
AAD28000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B8B000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F738A000 - \SystemRoot\System32\drivers\Dxapi.sys
F7A0B000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7CCD000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9E3000 - \SystemRoot\System32\ialmdnt5.dll
BF9D5000 - \SystemRoot\System32\ialmrnt5.dll
BFA04000 - \SystemRoot\System32\ialmdev5.DLL
BFA38000 - \SystemRoot\System32\ialmdd5.DLL
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
AADA8000 - \SystemRoot\system32\drivers\drvnddm.sys
F7D5C000 - \SystemRoot\system32\dla\tfsndres.sys
AABFA000 - \SystemRoot\system32\dla\tfsnifs.sys
AAD1C000 - \SystemRoot\system32\dla\tfsnopio.sys
F7BB1000 - \SystemRoot\system32\dla\tfsnpool.sys
F78F3000 - \SystemRoot\system32\dla\tfsnboio.sys
AAD98000 - \SystemRoot\system32\dla\tfsncofs.sys
F7D5F000 - \SystemRoot\system32\dla\tfsndrct.sys
AABB9000 - \SystemRoot\system32\dla\tfsnudf.sys
AABA0000 - \SystemRoot\system32\dla\tfsnudfa.sys
AAC1C000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
AAC18000 - \SystemRoot\system32\DRIVERS\netdevio.sys
AA944000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
AA907000 - \SystemRoot\system32\drivers\wdmaud.sys
AACB0000 - \SystemRoot\system32\drivers\sysaudio.sys
AA716000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
AA1C4000 - \SystemRoot\system32\DRIVERS\srv.sys
A9E8B000 - \SystemRoot\System32\Drivers\HTTP.sys
A9A28000 - \SystemRoot\system32\drivers\kmixer.sys
F7C12000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 148

Liste des programmes installes

AC3Filter (remove only)
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Photoshop Elements 4.0
Adobe Reader 7.0 - Français
ALPS Touch Pad Driver
Archiveur WinRAR
Assist TOSHIBA
Avira AntiVir PersonalEdition Classic
Bluetooth Stack for Windows by Toshiba
Canon iP4200
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CartoExploreur 3 3.04
CCleaner (remove only)
CD-LabelPrint
Commandes TOSHIBA
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB894871)
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB884018
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885855
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB889673
Correctif Windows XP - KB890047
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB890923
Correctif Windows XP - KB891781
Correctif Windows XP - KB893056
Correctif Windows XP - KB893086
Correctif Windows XP - KB895200
DAEMON Tools
Duo Light Sudoku Kakuro
Easy-WebPrint
eMule
ffdshow
Formatage de carte mémoire SD TOSHIBA
Gestion d'énergie TOSHIBA
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 3
Jeu de Tarot
Lecteur Windows Media 11
Les Sims 2
Les Sims™ 2 Animaux & Cie
Les Sims™ 2 Kit Glamour
livebox
Macromedia Flash Player
Manuels TOSHIBA
Micro Application - Belote et Coinche/Contrée
Microsoft (R) C Runtime Library
Microsoft (R) C++ Runtime Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows XP (KB883939)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893066)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB903235)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB916281)
Mise à jour de sécurité pour Windows XP (KB917159)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB918899)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937143)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB939653)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB942615)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB942840)
Mise à jour pour Windows XP (KB946627)
MSN
MSXML 3.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
OgcDrv 2.09
Outil de diagnostic PC TOSHIBA
Outil de mise à jour Google
Pdf995
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Réducteur de bruit lect. CD/DVD
Réseau Antilles Bayo 0003-Q0
Réseau Antilles BdAlti 2003-Q1
Réseau Antilles BdNyme 2003-Q1
Réseau France Bayo 0009-Q0
Réseau France BdAlti 2003-Q1
Réseau France BdNyme 2004-Q4
Réseau Guyane Bayo 0003-Q0
Réseau Guyane BdAlti 2003-Q1
Réseau Guyane BdNyme 2003-Q1
Réseau Reunion Bayo 0003-Q0
Réseau Reunion BdAlti 2003-Q1
Réseau Reunion BdNyme 2003-Q1
SD Secure Module
Son virtuel TOSHIBA
Sonic DLA
Sonic RecordNow!
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
TOSHIBA Accessibility
TOSHIBA Accessibility
TOSHIBA ConfigFree
TOSHIBA Controls Driver
TOSHIBA Hardware Setup
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Mot de passe responsable
TOSHIBA Power Saver Driver
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Zooming Hook
Touch and Launch
TouchPad On/Off Utility
Utilitaire de zoom TOSHIBA
Utilitaire Hotkey TOSHIBA
Utilitaire TouchPad ON/OFF
Utility Common Driver
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D055-1A84

Répertoire de C:\Program Files

15/02/2008 17:44 <REP> .
15/02/2008 17:44 <REP> ..
23/12/2006 18:01 <REP> AC3Filter
15/09/2006 22:44 <REP> Adobe
16/09/2005 09:22 <REP> Apoint2K
15/02/2008 17:44 <REP> Avira
29/12/2006 21:22 <REP> Bayo
18/07/2006 11:03 <REP> Canon
15/02/2008 17:37 <REP> CCleaner
16/09/2005 07:35 <REP> ComPlus Applications
23/12/2006 17:00 <REP> D-Tools
26/12/2007 13:44 <REP> EA GAMES
21/10/2007 13:04 <REP> eMule
23/12/2006 18:01 <REP> ffdshow
18/07/2006 08:58 <REP> Fichiers communs
13/02/2008 14:35 <REP> Google
29/06/2007 12:47 461 INSTALL.LOG
18/07/2006 08:28 <REP> Intel
13/02/2008 21:57 <REP> Internet Explorer
18/07/2006 08:30 <REP> InterVideo
16/09/2005 07:49 <REP> Java
16/09/2005 09:12 <REP> ltmoh
16/09/2005 07:52 <REP> Messenger
10/02/2007 15:23 <REP> Micro Application
16/09/2005 07:38 <REP> microsoft frontpage
18/07/2006 08:54 <REP> Microsoft Office
18/07/2006 08:54 <REP> Microsoft Visual Studio
19/09/2005 09:47 <REP> Microsoft Works
16/09/2005 10:09 <REP> Microsoft.NET
16/09/2005 07:35 <REP> Movie Maker
04/10/2006 20:36 <REP> MSN
16/09/2005 07:34 <REP> MSN Gaming Zone
14/07/2007 09:55 <REP> MSN Messenger
16/09/2005 10:16 <REP> MSN Toolbar Suite
30/06/2007 08:17 <REP> MSXML 4.0
16/09/2005 07:35 <REP> NetMeeting
19/09/2005 08:45 <REP> Offre Wanadoo
16/09/2005 07:34 <REP> Online Services
03/07/2007 09:42 <REP> Outlook Express
16/09/2005 09:17 <REP> Realtek AC97
29/06/2007 08:22 <REP> SAGEM
10/02/2007 11:57 <REP> SDLL
20/06/2007 19:58 <REP> Securitoo
16/09/2005 07:36 <REP> Services en ligne
18/07/2006 09:56 <REP> Softwin
16/09/2005 10:01 <REP> Sonic
18/07/2006 08:39 <REP> Symantec
19/09/2005 08:51 <REP> Toshiba
27/01/2008 18:01 <REP> Ubi Soft
09/08/2007 07:17 <REP> Windows Media Connect 2
09/08/2007 07:17 <REP> Windows Media Player
16/09/2005 07:34 <REP> Windows NT
15/10/2007 14:44 <REP> WinRAR
16/09/2005 07:38 <REP> xerox
1 fichier(s) 461 octets
53 Rép(s) 53 403 025 408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D055-1A84

Répertoire de C:\Program Files\fichiers communs

18/07/2006 08:58 <REP> .
18/07/2006 08:58 <REP> ..
15/09/2006 22:44 <REP> Adobe
18/07/2006 08:54 <REP> DESIGNER
16/09/2005 09:26 <REP> InstallShield
16/09/2005 07:49 <REP> Java
14/07/2007 09:55 <REP> Microsoft Shared
16/09/2005 07:35 <REP> MSSoap
16/09/2005 09:30 <REP> ODBC
16/09/2005 07:35 <REP> Services
18/07/2006 09:56 <REP> Softwin
16/09/2005 09:30 <REP> SpeechEngines
13/02/2008 20:36 <REP> Symantec Shared
03/07/2007 09:42 <REP> System
0 fichier(s) 0 octets
14 Rép(s) 53 403 025 408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D055-1A84

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

16/09/2005 10:09 <REP> .
16/09/2005 10:09 <REP> ..
16/09/2005 10:09 <REP> 1033
16/09/2005 10:09 <REP> 1036
11/07/2003 09:15 1 292 872 MSONSEXT.DLL
15/07/2003 05:52 35 896 MSOSV.DLL
03/06/1999 11:09 122 937 MSOWS409.DLL
07/03/2001 06:00 127 033 MSOWS40c.DLL
11/07/2003 01:25 80 448 PKMWS.DLL
5 fichier(s) 1 659 186 octets
4 Rép(s) 53 403 025 408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D055-1A84

Répertoire de C:\

13/02/2008 22:18 132 608 VundoFix.exe
1 fichier(s) 132 608 octets
0 Rép(s) 53 403 025 408 octets libres




c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85}\ARPPRODUCTICON.exe
c:\Documents and Settings\Admin\Application Data\MSNInstaller\msnauins.exe
c:\Documents and Settings\Admin\Bureau\antivir_workstation_win7u_en_h.exe
c:\Documents and Settings\Admin\Bureau\ccsetup204.exe
c:\Documents and Settings\Admin\Bureau\ComboFix.exe
c:\Documents and Settings\Admin\Bureau\installer_fr.exe
c:\Documents and Settings\Admin\Bureau\setupfre avast.exe
c:\Documents and Settings\Admin\Bureau\clean\gzip.exe
c:\Documents and Settings\Admin\Bureau\clean\LFiles.exe
c:\Documents and Settings\Admin\Bureau\clean\pskill.exe
c:\Documents and Settings\Admin\Bureau\clean\tar.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Admin\Mes documents\anti-espions\pllangs ad aware personal.exe
c:\Documents and Settings\Admin\Mes documents\anti-espions\Ad-Aware SE Personal\Ad-Aware.exe
c:\Documents and Settings\Admin\Mes documents\anti-espions\Ad-Aware SE Personal\unregaaw.exe
c:\Documents and Settings\Admin\Mes documents\anti-espions\Ad-Aware SE Personal\UNWISE.EXE
c:\Documents and Settings\Admin\Mes documents\anti-espions\Easy Cleaner 17\EASY CLEANER 1_7.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\Cnmvsa.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\helpkicker.exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85}\ARPPRODUCTICON.exe
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0404\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0405\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0406\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0407\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0408\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0409\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040b\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040c\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\040e\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0410\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0411\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0412\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0413\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0414\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0415\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0419\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041D\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041E\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\041F\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0804\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0816\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMlr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMsr78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200\LanguageModules\0c0a\CNMur78.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNM_0260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMBR260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDRV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMDUMP5.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMFUS.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMINST.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLMON2.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMLRTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMOP78.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMP_260.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPCOMM.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPP.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMPV.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMQUEUE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSMSD.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSRTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMSTMN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMUI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMUR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURCN.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURCZ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURDE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURDK.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURES.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURFI.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURFR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURGR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURHU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURIT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURJ.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURKR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURNL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURNO.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURPL.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURPT.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURRU.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURSE.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTH.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTR.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMURTW.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMVS.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Driver2\CNMW3.DLL
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmi040c.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnminst2.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis4.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis5.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\devid.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
Bonjour
rapport diag

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PMOCQUILLON.tar.gz a l'adresse http://upload.malekal.com
16 Février 2008 11:16:33

Re,

Télécharge OTMoveIt > Tuto <

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
C:\WINDOWS\System32\d05508a5
C:\WINDOWS\System32\dxfraopx.ini
C:\WINDOWS\System32\ueexydbo.ini

Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer, accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
16 Février 2008 11:43:29

et voilà la suite :
rapport otmovelt
C:\WINDOWS\System32\d05508a5 moved successfully.
C:\WINDOWS\System32\dxfraopx.ini moved successfully.
C:\WINDOWS\System32\ueexydbo.ini moved successfully.

OTMoveIt2 v1.0.20 log created on 02162008_114148
16 Février 2008 11:49:29

Reposte un Hijackthis ;) 
16 Février 2008 11:52:08

et voilà le travail
Logfile of HijackThis v1.99.1
Scan saved at 11:51:25, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Admin\Bureau\OTMoveIt2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6C8AEB8-1D2B-47FB-8E12-288682574BEE}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

16 Février 2008 12:00:29

Bien.

Relance HiJackThis, do a system scan only, coche ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

Puis Fix Checked !

*********

Désinstalle, supprime tous les logiciels utilisés pour la désinfection ainsi que les dossiers créés correspondants.. Garde ccleaner, avg et antivir si nous les avons installé..
Rapporte ton infection sur Malware Complaints >Tuto<
Ton(tes) infection(s) : Vundo, Egdaccess/Magic.control/Navipromo

Puis regarde ce dossier :

Sécurité/Prévention

Bon week-end ou peut-être début de vacances
16 Février 2008 14:27:49

j'ai le sentiment que ce n'est pas clean
rapport antivir

AntiVir PersonalEdition Classic
Report file date: samedi 16 février 2008 12:17

Scanning for 1110678 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PMOCQUILLON

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:46:46
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 16:46:46
ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 15/02/2008 11:16:31
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 16:46:47
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/02/2008 16:46:47
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 16 février 2008 12:17

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'CFSServ.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'PadExe.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'TCtrlIOHook.exe' - '1' Module(s) have been scanned
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'TPTray.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042333.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47e6cf3f.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042334.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e6cf47.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042335.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e6cf49.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042336.dll
[DETECTION] Is the Trojan horse TR/Vundo.AV
[INFO] The file was moved to '47e6cf4b.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042337.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e6cf4d.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042338.dll
[DETECTION] Is the Trojan horse TR/Vundo.AS
[INFO] The file was moved to '47e6cf51.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042339.dll
[DETECTION] Is the Trojan horse TR/Vundo.AV
[INFO] The file was moved to '47e6cf52.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042340.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '469be3e3.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042341.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e6cf54.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042342.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '469be3e5.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042343.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e6cf53.qua'!
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP244\A0042344.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '469be3e4.qua'!


End of the scan: samedi 16 février 2008 13:02
Used time: 44:13 min

The scan has been done completely.

4810 Scanning directories
312369 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
12 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
312357 Files not concerned
6715 Archives were scanned
2 Warnings
0 Notes
16 Février 2008 18:26:14

comment te dire ?
mille, dix milles, cent milles....merci
à vous tous qui êtes au service des autres

bise à toi XmichouX

AntiVir PersonalEdition Classic
Report file date: samedi 16 février 2008 17:50

Scanning for 1110678 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PMOCQUILLON

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:46:46
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 16:46:46
ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 15/02/2008 11:16:31
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 16:46:47
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/02/2008 16:46:47
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 16 février 2008 17:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'CFSServ.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'PadExe.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'TCtrlIOHook.exe' - '1' Module(s) have been scanned
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'TPTray.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
56 processes with 56 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
16 Février 2008 19:51:24

Bon week-end ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS