Se connecter / S'enregistrer
Votre question

[Résolu] infecté par virus pup sos

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Novembre 2007 23:33:56

boujour mon pc est infecté par virus je croi que c'est un virus pup
esque quel un pourrait m'aider SVP

Autres pages sur : resolu infecte virus pup sos

20 Novembre 2007 23:40:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:15, on 20/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\limewire\limewire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchhereonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetService] C:\Documents and Settings\smain\Application Data\tmp22A.tmp.exe /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?bd4bfec031b74e73b655d6d65b081433
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?bd4bfec031b74e73b655d6d65b081433
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142086d1793372031815/netzip...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9474 bytes
20 Novembre 2007 23:50:45

Bonjour

Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.

Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le ainsi qu'un nouveau scan HijackThis fait en mode normal.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
Contenus similaires
21 Novembre 2007 10:53:47

je ne trouve pas le fichier c:windows\msnchk.exe que faire ?
21 Novembre 2007 10:59:10

Re


C'est un fichier légitime de MSNFix.

Supprime MSNFix.
Désactive temporairement ton antivirus.

Recommence la manip.
21 Novembre 2007 13:08:15

voissi les rapports






MSNFix 1.588

C:\Documents and Settings\smain\Bureau\MSNFix
Fix exécuté le 21/11/2007 - 21:01:40,45 By smain
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... C:\PROGRA~1\WinAble\




************************ Suppression des fichiers



************************ Suppression des dossiers

.. OK ... C:\PROGRA~1\WinAble\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21112007_21022948.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
21 Novembre 2007 13:54:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:21, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\udwjkthx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchhereonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\cwykgzdw.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetService] C:\Documents and Settings\smain\Application Data\tmp22A.tmp.exe /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [d0bbe0e2] rundll32.exe "C:\WINDOWS\system32\rpcebfhk.dll",b
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?bd4bfec031b74e73b655d6d65b081433
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?bd4bfec031b74e73b655d6d65b081433
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142086d1793372031815/netzip...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\udwjkthx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8378 bytes
21 Novembre 2007 19:49:07

mon pc se degrade de plus en plus
aider svp
21 Novembre 2007 23:42:10

Re


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
22 Novembre 2007 00:18:36

ComboFix 07-11-19.3 - smain 2007-11-21 23:57:53.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.204 [GMT 1:00]
Running from: C:\Documents and Settings\smain\Bureau\ComboFix.exe
* Created a new restore point
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\smain\Bureau\Live Safety Center.lnk
C:\Documents and Settings\smain\Bureau\Online Security Guide.lnk
C:\Documents and Settings\smain\Favoris\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\cwykgzdw.dllbox
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\xfqawfjx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-21 to 2007-11-21 ))))))))))))))))))))))))))))))))))))
.

2007-11-22 00:08 0 C:\WINDOWS\system32\khfbecpr.tmp
2007-11-22 00:07 20,810 ---hs---- C:\WINDOWS\system32\cwykgzdw.dllbox
2007-11-21 22:49 <REP> d-------- C:\Program Files\Lavasoft
2007-11-21 22:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-21 12:28 37,376 --a------ C:\WINDOWS\system32\fccyaxw.dll
2007-11-21 10:52 80,960 --a------ C:\WINDOWS\system32\jyhjpnob.dll
2007-11-21 10:50 715,361 ---hs---- C:\WINDOWS\system32\khfbecpr.ini
2007-11-21 10:49 85,056 --a------ C:\WINDOWS\system32\rpcebfhk.dll
2007-11-21 10:46 71,232 --a------ C:\WINDOWS\system32\udwjkthx.exe
2007-11-21 10:44 145,984 --a------ C:\WINDOWS\system32\cwykgzdw.dll
2007-11-21 10:43 145,984 --a------ C:\WINDOWS\system32\ewqgfciq.dll
2007-11-20 23:35 <REP> d-------- C:\Program Files\Trend Micro
2007-11-20 22:52 37,376 --a------ C:\WINDOWS\system32\gebyvur.dll
2007-11-20 22:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-20 22:36 37,376 --a------ C:\WINDOWS\system32\mljhedc.dll
2007-11-20 22:36 37,376 --a------ C:\WINDOWS\system32\hggdbyy.dll
2007-11-20 22:34 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-17 13:47 <REP> d-------- C:\Documents and Settings\smain\Application Data\McAfee
2007-10-21 00:23 <REP> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 21:48 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-21 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-19 22:50 --------- d-----w C:\Program Files\eMule
2007-10-06 22:49 --------- d-----w C:\Program Files\HP
2007-10-06 22:49 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-10-06 22:49 --------- d-----w C:\Documents and Settings\smain\Application Data\Printer Info Cache
2007-10-06 00:31 --------- d-----w C:\Program Files\Dictionnaire
2007-10-03 14:47 --------- d-----w C:\Program Files\Java
2007-09-23 20:32 --------- d-----w C:\Program Files\DivX
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-28 16:21 22,400 ----a-w C:\Documents and Settings\smain\Application Data\GDIPFONTCACHEV1.DAT
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2006-06-17 14:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-01-14 18:17 266 --sh--w C:\Program Files\desktop.ini
2006-01-14 18:17 11,208 -c-ha-w C:\Program Files\folder.htt
2007-06-06 19:37 5 --sha-w C:\WINDOWS\system32\eaccea9_s.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45fa91cd-3f07-4858-a16e-4b1714b4d611}]
2007-11-21 10:52 80960 --a------ C:\WINDOWS\system32\jyhjpnob.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-21 10:44 145984 --a------ C:\WINDOWS\system32\cwykgzdw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
2007-11-20 22:36 37376 --a------ C:\WINDOWS\system32\mljhedc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\cwykgzdw.dll [2007-11-21 10:44 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\cwykgzdw.dll [2007-11-21 10:44 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 11:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 11:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"EoEngine"="" []
"EoWeather"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-06 13:49]
"NetService"="C:\Documents and Settings\smain\Application Data\tmp22A.tmp.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"SchedulingAgent"="mstinit.exe" [2004-08-20 00:09 C:\WINDOWS\system32\mstinit.exe]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-12-05 13:18]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-09-26 08:13]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 08:07]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"d0bbe0e2"="C:\WINDOWS\system32\rpcebfhk.dll" [2007-11-21 10:49]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 00:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="mstask.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFileUrl"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\mljhedc.dll [2007-11-20 22:36 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cwykgzdw]
cwykgzdw.dll 2007-11-21 10:44 145984 C:\WINDOWS\system32\cwykgzdw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhedc]
mljhedc.dll 2007-11-20 22:36 37376 C:\WINDOWS\system32\mljhedc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\awvtt.dll

S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-16 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-11-21 22:17:14 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 00:07:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-22 0:11:38 - machine was rebooted
.
--- E O F ---
22 Novembre 2007 00:19:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:19:00, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\CameraFixer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchhereonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\cwykgzdw.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetService] C:\Documents and Settings\smain\Application Data\tmp22A.tmp.exe /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [d0bbe0e2] rundll32.exe "C:\WINDOWS\system32\rpcebfhk.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?bd4bfec031b74e73b655d6d65b081433
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?bd4bfec031b74e73b655d6d65b081433
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142086d1793372031815/netzip...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8587 bytes
22 Novembre 2007 00:33:46

Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\khfbecpr.tmp
C:\WINDOWS\system32\cwykgzdw.dllbox
C:\WINDOWS\system32\fccyaxw.dll
C:\WINDOWS\system32\jyhjpnob.dll
C:\WINDOWS\system32\khfbecpr.ini
C:\WINDOWS\system32\rpcebfhk.dll
C:\WINDOWS\system32\udwjkthx.exe
C:\WINDOWS\system32\cwykgzdw.dll
C:\WINDOWS\system32\ewqgfciq.dll
C:\WINDOWS\system32\gebyvur.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\mljhedc.dll
C:\WINDOWS\system32\hggdbyy.dll
C:\WINDOWS\system32\eaccea9_s.dll
C:\WINDOWS\system32\jyhjpnob.dll
C:\Documents and Settings\smain\Application Data\tmp22A.tmp.exe
C:\WINDOWS\Fonts\svchost.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45fa91cd-3f07-4858-a16e-4b1714b4d611}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-
"EoWeather"=-
"NetService"=-
"Host Process"=-
"d0bbe0e2"=-
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cwykgzdw]
cwykgzdw.dll 2007-11-21 10:44 145984 C:\WINDOWS\system32\cwykgzdw.dll
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhedc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
22 Novembre 2007 01:02:15

ComboFix 07-11-19.3 - smain 2007-11-22 0:47:19.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.151 [GMT 1:00]
Running from: C:\Documents and Settings\smain\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\smain\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\smain\Application Data\tmp22A.tmp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\cwykgzdw.dll
C:\WINDOWS\system32\cwykgzdw.dllbox
C:\WINDOWS\system32\eaccea9_s.dll
C:\WINDOWS\system32\ewqgfciq.dll
C:\WINDOWS\system32\fccyaxw.dll
C:\WINDOWS\system32\gebyvur.dll
C:\WINDOWS\system32\hggdbyy.dll
C:\WINDOWS\system32\jyhjpnob.dll
C:\WINDOWS\system32\khfbecpr.ini
C:\WINDOWS\system32\khfbecpr.tmp
C:\WINDOWS\system32\mljhedc.dll
C:\WINDOWS\system32\rpcebfhk.dll
C:\WINDOWS\system32\udwjkthx.exe
C:\WINDOWS\system32\vbzip10.dll
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\smain\Bureau\Live Safety Center.lnk
C:\Documents and Settings\smain\Bureau\Online Security Guide.lnk
C:\Documents and Settings\smain\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\cwykgzdw.dll
C:\WINDOWS\system32\cwykgzdw.dllbox
C:\WINDOWS\system32\eaccea9_s.dll
C:\WINDOWS\system32\ewqgfciq.dll
C:\WINDOWS\system32\fccyaxw.dll
C:\WINDOWS\system32\gebyvur.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\hggdbyy.dll
C:\WINDOWS\system32\jyhjpnob.dll
C:\WINDOWS\system32\khfbecpr.ini
C:\WINDOWS\system32\mljhedc.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\rpcebfhk.dll
C:\WINDOWS\system32\udwjkthx.exe
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-21 to 2007-11-21 ))))))))))))))))))))))))))))))))))))
.

2007-11-21 22:49 <REP> d-------- C:\Program Files\Lavasoft
2007-11-21 22:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 23:35 <REP> d-------- C:\Program Files\Trend Micro
2007-11-20 22:34 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-17 13:47 <REP> d-------- C:\Documents and Settings\smain\Application Data\McAfee
2007-10-21 00:23 <REP> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 21:48 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-21 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-19 22:50 --------- d-----w C:\Program Files\eMule
2007-10-06 22:49 --------- d-----w C:\Program Files\HP
2007-10-06 22:49 --------- d-----w C:\Program Files\Fichiers communs\HP
2007-10-06 22:49 --------- d-----w C:\Documents and Settings\smain\Application Data\Printer Info Cache
2007-10-06 00:31 --------- d-----w C:\Program Files\Dictionnaire
2007-10-03 14:47 --------- d-----w C:\Program Files\Java
2007-09-23 20:32 --------- d-----w C:\Program Files\DivX
2007-08-28 16:21 22,400 ----a-w C:\Documents and Settings\smain\Application Data\GDIPFONTCACHEV1.DAT
2006-06-17 14:44 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-01-14 18:17 266 --sh--w C:\Program Files\desktop.ini
2006-01-14 18:17 11,208 -c-ha-w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 11:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 11:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-06 13:49]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"SchedulingAgent"="mstinit.exe" [2004-08-20 00:09 C:\WINDOWS\system32\mstinit.exe]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2006-12-05 13:18]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2006-09-26 08:13]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 08:07]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 00:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="mstask.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFileUrl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cwykgzdw]
cwykgzdw.dll

S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\System32\PavSRK.sys
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-16 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2007-11-21 23:17:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 00:56:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-22 0:59:12 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-22 00:11
.
--- E O F ---
22 Novembre 2007 01:23:31

Re


Poste aussi un nouveau Hijackthis.
22 Novembre 2007 01:31:29

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:01, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\temp1.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchhereonline.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?bd4bfec031b74e73b655d6d65b081433
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?bd4bfec031b74e73b655d6d65b081433
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142086d1793372031815/netzip...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O20 - Winlogon Notify: cwykgzdw - cwykgzdw.dll (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8921 bytes
23 Novembre 2007 00:12:07

Re

Tu suis toutes les instructions.
Cela permet de configurer Antivir de manière optimale.
23 Novembre 2007 00:17:47

Bonsoir les instruction qui son sur les explication ne son pas même que se lui que jai telechager j'ai sur main pas telecherger le bon j'ai du le désinstaller
Esque c’est bien selui la
Avira AntiVir PersonalEdition Classic c’est se lui la que j’ai telecherger
23 Novembre 2007 00:20:51

Ecrit mieux, c'est difficilement compréhensible.

C'est le bon que tu as téléchargé.
Son tutorial est pour la version payante, il est normal de ne pas trouver certaines options dans la version gratuite.
23 Novembre 2007 02:42:35



AntiVir PersonalEdition Classic
Report file date: vendredi 23 novembre 2007 00:53

Scanning for 940014 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: smain
Computer name: SMAIN-VA6SV0PIG

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 23:29:29
ANTIVIR3.VDF : 7.0.0.249 201216 Bytes 22/11/2007 23:29:29
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 22/11/2007 23:29:30
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 23 novembre 2007 00:53

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\svchost.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
[INFO] The file was deleted!
C:\WINDOWS\svchost.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl

The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\copy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was moved to '47b616e9.qua'!
C:\host.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
[INFO] The file was moved to '47b916ec.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47b916ec.qua
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
[INFO] The file was moved to '47a816ba.qua'!
C:\Documents and Settings\smain\Bureau\MSNFix\21112007_13063025.zip
[0] Archive type: ZIP
--> backup/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> backup/Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
--> backup/mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/svchost.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
--> backup/winable.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.NI
--> backup/wininstall.exe
[DETECTION] Is the Trojan horse TR/Agent.crf.1
[INFO] The file was moved to '4777190c.qua'!
C:\Documents and Settings\smain\Shared\Utorrent 1.7.1672 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b51b53.qua'!
C:\qoobox\Quarantine\catchme2007-11-22_ 00643.75.zip
[0] Archive type: ZIP
--> awvtt.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ba2184.qua'!
C:\qoobox\Quarantine\catchme2007-11-22_ 05625.79.zip
[0] Archive type: ZIP
--> cwykgzdw.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
--> mljhedc.dll
[DETECTION] Is the Trojan horse TR/Agent.37376
[INFO] The file was moved to '47ba2185.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\awvtt.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47bc219c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cwykgzdw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47bf219d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ewqgfciq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47b7219d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fccyaxw.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.37376
[INFO] The file was moved to '47a92189.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\gebyvur.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.37376
[INFO] The file was moved to '47a8218c.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hggdbyy.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.37376
[INFO] The file was moved to '47ad218e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jyhjpnob.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47ae21a1.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\mljhedc.dll.vir
[DETECTION] Is the Trojan horse TR/Agent.37376
[INFO] The file was moved to '47b02194.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\pmkhg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b12195.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rpcebfhk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47a92199.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\udwjkthx.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47bd218e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\xfqawfjx.exe.vir
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47b72190.qua'!
C:\WINDOWS\xcopy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was moved to '47b521a5.qua'!
C:\WINDOWS\Fonts\a.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47c0243d.qua'!
C:\WINDOWS\Fonts\'\001 File JoinerSplitter Pro 3.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4777244a.qua'!
C:\WINDOWS\Fonts\'\00jj99uuii66ddxxqqq.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b0244b.qua'!
C:\WINDOWS\Fonts\'\1 DVD Ripper 6.03 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478a243c.qua'!
C:\WINDOWS\Fonts\'\1 Lucky Fuck 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4792243c.qua'!
C:\WINDOWS\Fonts\'\100 Greatest Songs of RapHip Hop Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4776244d.qua'!
C:\WINDOWS\Fonts\'\101 Jukebox Classics Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4777244e.qua'!
C:\WINDOWS\Fonts\'\12 Volt Resource guide Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662451.qua'!
C:\WINDOWS\Fonts\'\123 DVD Ripper 1.00.060718 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47792452.qua'!
C:\WINDOWS\Fonts\'\15 Minutes (2001) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662455.qua'!
C:\WINDOWS\Fonts\'\18 Years Plus 1 Day Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662459.qua'!
C:\WINDOWS\Fonts\'\1st Security Agent V6.5 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2495.qua'!
C:\WINDOWS\Fonts\'\2 Days in Paris (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478a2443.qua'!
C:\WINDOWS\Fonts\'\20 Years Of Jethro Tull, Awesome Collection Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662453.qua'!
C:\WINDOWS\Fonts\'\28 Days Later (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766245c.qua'!
C:\WINDOWS\Fonts\'\28 Weeks Later Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766245d.qua'!
C:\WINDOWS\Fonts\'\3 Ways All Ways Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '479d2446.qua'!
C:\WINDOWS\Fonts\'\30 Days of Night (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662456.qua'!
C:\WINDOWS\Fonts\'\30 Days Of Night Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662457.qua'!
C:\WINDOWS\Fonts\'\30 Days Of Night Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662458.qua'!
C:\WINDOWS\Fonts\'\300 (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47762459.qua'!
C:\WINDOWS\Fonts\'\300 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4776245a.qua'!
C:\WINDOWS\Fonts\'\310 to Yuma (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4776245b.qua'!
C:\WINDOWS\Fonts\'\3D GameMaker Lite Special Edition Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766246f.qua'!
C:\WINDOWS\Fonts\'\3D MP3 Sound Recorder 3.8.7. Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662470.qua'!
C:\WINDOWS\Fonts\'\3D ProductBox 2007 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662471.qua'!
C:\WINDOWS\Fonts\'\3D SexVilla v30.001 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662472.qua'!
C:\WINDOWS\Fonts\'\3D-Shape 3DViewer 1.52 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47732473.qua'!
C:\WINDOWS\Fonts\'\7 Sins Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4799244f.qua'!
C:\WINDOWS\Fonts\'\88 Minutes (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662468.qua'!
C:\WINDOWS\Fonts\'\88 Minutes (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662469.qua'!
C:\WINDOWS\Fonts\'\A Bridge Too Far (1977) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47882452.qua'!
C:\WINDOWS\Fonts\'\A Dog's Breakfast (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478a2453.qua'!
C:\WINDOWS\Fonts\'\A Mighty Heart (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47932454.qua'!
C:\WINDOWS\Fonts\'\A New Wave (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47942455.qua'!
C:\WINDOWS\Fonts\'\A-Z Zune Video Converter 3.16 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a02462.qua'!
C:\WINDOWS\Fonts\'\A1 Website Analyzer v1.1.9 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47662467.qua'!
C:\WINDOWS\Fonts\'\Abby FineReader OCR v8.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a82499.qua'!
C:\WINDOWS\Fonts\'\ABBYY FineReader 8 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4788247a.qua'!
C:\WINDOWS\Fonts\'\ABBYY FineReader Professional 9.0.0.662 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4788247b.qua'!
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b2249c.qua'!
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46cdda25.qua'!
C:\WINDOWS\Fonts\'\Ableton Live v6.0.1.10 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b2249d.qua'!
C:\WINDOWS\Fonts\'\Ableton Live v6.0.9 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b2249e.qua'!
C:\WINDOWS\Fonts\'\Aboilsoft PowerPoint To DVD 1.8 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b5249e.qua'!
C:\WINDOWS\Fonts\'\Absolute DVD Copy v1.5.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b9249f.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b924a0.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b924a1.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter and Converter 2.8.4 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b924a2.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 Splitter v2.6.8 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c6da1b.qua'!
C:\WINDOWS\Fonts\'\Absolute MP3 SplitterConverter 2.6.7 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b924a3.qua'!
C:\WINDOWS\Fonts\'\Access Manager 7.4 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a924a5.qua'!
C:\WINDOWS\Fonts\'\ACDSee Pro 2.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478a2486.qua'!
C:\WINDOWS\Fonts\'\Acker DVD Ripper 2.0.65 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b124a7.qua'!
C:\WINDOWS\Fonts\'\Acronis True Image 11 Home Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b824a7.qua'!
C:\WINDOWS\Fonts\'\Acronis True Image Home v10.0.4942 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b824a8.qua'!
C:\WINDOWS\Fonts\'\Acronis True Image Home v11.0.0.8027 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b824a9.qua'!
C:\WINDOWS\Fonts\'\Across The Universe OST Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b824aa.qua'!
C:\WINDOWS\Fonts\'\Active Keyboard 3.1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24aa.qua'!
C:\WINDOWS\Fonts\'\Active Password Changer 3.5 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24ab.qua'!
C:\WINDOWS\Fonts\'\Active Webcam V7.4 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24ac.qua'!
C:\WINDOWS\Fonts\'\Active Webcam V7.4 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24ad.qua'!
C:\WINDOWS\Fonts\'\Actual Spy 2.8 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c5da16.qua'!
C:\WINDOWS\Fonts\'\AD Stream Recorder v1.72 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766248f.qua'!
C:\WINDOWS\Fonts\'\AdAware Pro v7.0.1.4 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478724b0.qua'!
C:\WINDOWS\Fonts\'\Adobe Acrobat 8 Full Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b1.qua'!
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional v8.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b2.qua'!
C:\WINDOWS\Fonts\'\Adobe Captivate 3.0.0.580 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46cada0b.qua'!
C:\WINDOWS\Fonts\'\Adobe Dreamweaver CS3 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b3.qua'!
C:\WINDOWS\Fonts\'\Adobe Flash Pro CS3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b4.qua'!
C:\WINDOWS\Fonts\'\Adobe Flash Professional CS3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b5.qua'!
C:\WINDOWS\Fonts\'\Adobe PhotoShop 7.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46cada0e.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop Cs2 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b6.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop CS2 v9 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b7.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop CS2 v9 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b8.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop CS3 Extended Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46cada01.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524b9.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 4.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524ba.qua'!
C:\WINDOWS\Fonts\'\Adobe Photoshop Elements 6 Full ISO Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524bb.qua'!
C:\WINDOWS\Fonts\'\Adobe Reader 8.1.1 for Windows XP SP2Vista Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524bc.qua'!
C:\WINDOWS\Fonts\'\Adobe Type Manager Deluxe v4.1 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524bd.qua'!
C:\WINDOWS\Fonts\'\AdsGone Popup Killer 2007 7.0.8 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b924bd.qua'!
C:\WINDOWS\Fonts\'\AduSoft DVDCreator 4.73 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bb24be.qua'!
C:\WINDOWS\Fonts\'\Adusoft Photo DVD Slideshow v3.76 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bb24bf.qua'!
C:\WINDOWS\Fonts\'\Advanced Biorhythms 2007.04 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bc24c0.qua'!
C:\WINDOWS\Fonts\'\Advanced Diary 2.1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bc24c1.qua'!
C:\WINDOWS\Fonts\'\Advanced File Organizer 3.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bc24c2.qua'!
C:\WINDOWS\Fonts\'\Advanced Font Viewer v3.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c3da7b.qua'!
C:\WINDOWS\Fonts\'\Advanced Image Resizer 2.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bc24c3.qua'!
C:\WINDOWS\Fonts\'\Advanced JPEG Compressor 5 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bc24c4.qua'!
C:\WINDOWS\Fonts\'\Advanced MP3 Converter 3.00 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bc24c5.qua'!
C:\WINDOWS\Fonts\'\Advanced MP3 Converter V3.00 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c3da7e.qua'!
C:\WINDOWS\Fonts\'\Advanced Task Manager v4.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bc24c6.qua'!
C:\WINDOWS\Fonts\'\Adware Spyware Removal 5.01 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bd24c7.qua'!
C:\WINDOWS\Fonts\'\Aeon Flux (2005) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524c9.qua'!
C:\WINDOWS\Fonts\'\Aerial Mahjong Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b824ca.qua'!
C:\WINDOWS\Fonts\'\Afghan Knights (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad24cc.qua'!
C:\WINDOWS\Fonts\'\Age of Empires 3 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24cd.qua'!
C:\WINDOWS\Fonts\'\Age Of Empires III The Warchiefs Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24ce.qua'!
C:\WINDOWS\Fonts\'\Age of Empires III The WarChiefs Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24cf.qua'!
C:\WINDOWS\Fonts\'\Ages Of Pirates Caribbean Tales Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24d0.qua'!
C:\WINDOWS\Fonts\'\Agnitum Outpost Firewall Pro 2008 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b424d0.qua'!
C:\WINDOWS\Fonts\'\Airline Tycoon Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b824d3.qua'!
C:\WINDOWS\Fonts\'\Akon - Best of Akon(2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524d6.qua'!
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a724d8.qua'!
C:\WINDOWS\Fonts\'\Alanis Morissette - The Collection Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46d8da61.qua'!
C:\WINDOWS\Fonts\'\Alarm Master Plus v4.23 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a724da.qua'!
C:\WINDOWS\Fonts\'\Albert Fish (2007 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a824da.qua'!
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.4719 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a924db.qua'!
C:\WINDOWS\Fonts\'\Alcohol 120% 1.9.6.4719 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a924dc.qua'!
C:\WINDOWS\Fonts\'\Alcohol 120% v1.9.6.5429 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a924dd.qua'!
C:\WINDOWS\Fonts\'\Alien Skin Exposure v2.0 for Adobe Photoshop Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af24dd.qua'!
C:\WINDOWS\Fonts\'\Alive YouTube Video Converter v1.0.8.6 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af24de.qua'!
C:\WINDOWS\Fonts\'\All Ditz And Jumbo Tits 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b224df.qua'!
C:\WINDOWS\Fonts\'\Alldata v9.30.1003 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b224e0.qua'!
C:\WINDOWS\Fonts\'\Alldj SuperDVD Player 5.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46cdda59.qua'!
C:\WINDOWS\Fonts\'\AllDJ Video Converter 2.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b224e1.qua'!
C:\WINDOWS\Fonts\'\Altdo Video Converter Diamond 4.2 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24e2.qua'!
C:\WINDOWS\Fonts\'\Amara Flash Intro and Banner Builder 1.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a724e4.qua'!
C:\WINDOWS\Fonts\'\Amara Flash Menu and Button Maker 2.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a724e5.qua'!
C:\WINDOWS\Fonts\'\Amazing Photo Editor Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a724e6.qua'!
C:\WINDOWS\Fonts\'\American Conquest Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24e6.qua'!
C:\WINDOWS\Fonts\'\American Gangster (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24e7.qua'!
C:\WINDOWS\Fonts\'\American History X (1998) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24e8.qua'!
C:\WINDOWS\Fonts\'\American Pie 5 The Naked Mile (2006) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24e9.qua'!
C:\WINDOWS\Fonts\'\Amy Winehouse - Back to Black Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bf24e9.qua'!
C:\WINDOWS\Fonts\'\An Unfinished Life ( 2006) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '476624eb.qua'!
C:\WINDOWS\Fonts\'\An Unfinished Life (2005) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '476624ec.qua'!
C:\WINDOWS\Fonts\'\Ancient Wars Sparta Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a924ed.qua'!
C:\WINDOWS\Fonts\'\andos 3 Destination Berlin Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47aa24ee.qua'!
C:\WINDOWS\Fonts\'\Angels Fall (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad24ee.qua'!
C:\WINDOWS\Fonts\'\Anger Management (2003) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad24ef.qua'!
C:\WINDOWS\Fonts\'\Anime Bowling Babes Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af24f0.qua'!
C:\WINDOWS\Fonts\'\Anime Studio Pro 5 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af24f1.qua'!
C:\WINDOWS\Fonts\'\Anno 1701 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b424f1.qua'!
C:\WINDOWS\Fonts\'\Anonymity Gateway 2.7 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524f2.qua'!
C:\WINDOWS\Fonts\'\Antares Auto Tune 4.3 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24f3.qua'!
C:\WINDOWS\Fonts\'\Anti Trojan Elite 3.8.4 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24f4.qua'!
C:\WINDOWS\Fonts\'\AntiCrash v.3.6.1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24f5.qua'!
C:\WINDOWS\Fonts\'\Antivirus Macafee 8.5i Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24f6.qua'!
C:\WINDOWS\Fonts\'\AntsSoft SWF Text 1.3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c5da4f.qua'!
C:\WINDOWS\Fonts\'\AntsSoft UltraMenu 1.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba24f7.qua'!
C:\WINDOWS\Fonts\'\Any Video Converter Professional 2.22 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bf24f8.qua'!
C:\WINDOWS\Fonts\'\AnyDVD And AnyDVD HD v6.1.3.0 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bf24f9.qua'!
C:\WINDOWS\Fonts\'\AnyDVD v28 Custom Installer v6.1.7.4 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c0da42.qua'!
C:\WINDOWS\Fonts\'\Apex Video Converter Super 5.93 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24fc.qua'!
C:\WINDOWS\Fonts\'\Apex Video Converter Super v5.93 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24fd.qua'!
C:\WINDOWS\Fonts\'\Apex Video Converter Super v5.93 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab24fe.qua'!
C:\WINDOWS\Fonts\'\Apocalypto (2006) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b524ff.qua'!
C:\WINDOWS\Fonts\'\Apocalypto DVDR Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b52500.qua'!
C:\WINDOWS\Fonts\'\Apple Logic Pro 8 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b62501.qua'!
C:\WINDOWS\Fonts\'\Applin Replay Media Splitter 1.4.0 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c9dbba.qua'!
C:\WINDOWS\Fonts\'\Aquamarine Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47bb2504.qua'!
C:\WINDOWS\Fonts\'\Arctic Monkeys - Whatever People Say I Am, That's Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a92505.qua'!
C:\WINDOWS\Fonts\'\Arctic Monkeys - Whatever People Say I Am, That's Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a92506.qua'!
C:\WINDOWS\Fonts\'\Arctic Quest 2 v1.1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a92507.qua'!
C:\WINDOWS\Fonts\'\Arial CD Ripper 1.7.5 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af2508.qua'!
C:\WINDOWS\Fonts\'\Ariana's Ass Eaters Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af2509.qua'!
C:\WINDOWS\Fonts\'\Armed Assault PROPER DVD-FLT Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b3250a.qua'!
C:\WINDOWS\Fonts\'\Ascension To The Throne Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a9250c.qua'!
C:\WINDOWS\Fonts\'\ASCII Generator v0.8.2b Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478924ed.qua'!
C:\WINDOWS\Fonts\'\ASCII Generator v0.8.2b Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478924ee.qua'!
C:\WINDOWS\Fonts\'\Asf Converter 2.68 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ac250e.qua'!
C:\WINDOWS\Fonts\'\Ashampoo Antivirus v 1.5 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae250f.qua'!
C:\WINDOWS\Fonts\'\Ashampoo Burning Studio 7.10 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae2510.qua'!
C:\WINDOWS\Fonts\'\Ashampoo Firewall Pro 1.14 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae2511.qua'!
C:\WINDOWS\Fonts\'\Ashampoo Firewall Pro v1.14 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae2512.qua'!
C:\WINDOWS\Fonts\'\Ashampoo Magical Defrag v2.20 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae2513.qua'!
C:\WINDOWS\Fonts\'\Ashampoo Photo Commander 5.40 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ae2514.qua'!
C:\WINDOWS\Fonts\'\Ask the Dust (2006) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b12515.qua'!
C:\WINDOWS\Fonts\'\Aspect Tools v5.3.0.76 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b62516.qua'!
C:\WINDOWS\Fonts\'\Aspect Tools v5.3.0.76 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b62517.qua'!
C:\WINDOWS\Fonts\'\Ass Eaters Unanimous 14 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92518.qua'!
C:\WINDOWS\Fonts\'\Ass Feast 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46c6dba1.qua'!
C:\WINDOWS\Fonts\'\Assparade 9 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92519.qua'!
C:\WINDOWS\Fonts\'\Aston Desktop v1.9.5 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba251a.qua'!
C:\WINDOWS\Fonts\'\Attack On Pearl Harbor Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba251c.qua'!
C:\WINDOWS\Fonts\'\Aurora Media Workshop 3.3.42 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b8251e.qua'!
C:\WINDOWS\Fonts\'\AusLogics BoostSpeed 3.6.9.660 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b9251f.qua'!
C:\WINDOWS\Fonts\'\AusLogics BoostSpeed v3.7.2.680 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92520.qua'!
C:\WINDOWS\Fonts\'\Auto Data 2006 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2521.qua'!
C:\WINDOWS\Fonts\'\Auto Mail Sender 3.00 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2522.qua'!
C:\WINDOWS\Fonts\'\Auto Mail Sender 3.00 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2523.qua'!
C:\WINDOWS\Fonts\'\AutoCAD 2008 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2524.qua'!
C:\WINDOWS\Fonts\'\AutoCAD Architecture 2008 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2525.qua'!
C:\WINDOWS\Fonts\'\Autodesk Autocad 2008 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2526.qua'!
C:\WINDOWS\Fonts\'\Autodesk Civil 3D 2007 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2527.qua'!
C:\WINDOWS\Fonts\'\AutoRun Design Specialty 7.0.6.1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2528.qua'!
C:\WINDOWS\Fonts\'\AutoRun Pro Enterprise 12 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2529.qua'!
C:\WINDOWS\Fonts\'\AutoYahoo! v2.2.1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba252a.qua'!
C:\WINDOWS\Fonts\'\AV Burning Studio v1.1.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766250c.qua'!
C:\WINDOWS\Fonts\'\AV Voice Changer 4.0 Diamond Edition Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766250d.qua'!
C:\WINDOWS\Fonts\'\AV Voice Changer v.4.0.54 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766250e.qua'!
C:\WINDOWS\Fonts\'\Avanquest Partition Commander Professional v10.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7252f.qua'!
C:\WINDOWS\Fonts\'\Avast Antivirus Pro 4.7.942 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72530.qua'!
C:\WINDOWS\Fonts\'\Avast! Antivirus Pro v4.7.981 with KeyGenSkins Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72531.qua'!
C:\WINDOWS\Fonts\'\Avast! Professional Edition 4.7.942 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72532.qua'!
C:\WINDOWS\Fonts\'\avast! Professional Edition v4.7.1043 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72533.qua'!
C:\WINDOWS\Fonts\'\AVD Video Processor 7.7 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478a2514.qua'!
C:\WINDOWS\Fonts\'\Avex DVD Ripper Platinum v4.5.02 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab2535.qua'!
C:\WINDOWS\Fonts\'\AVG Anti-Virus 7.5 Pro Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478d2516.qua'!
C:\WINDOWS\Fonts\'\AVG Anti-Virus Pro Firewall 7.5.472 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478d2517.qua'!
C:\WINDOWS\Fonts\'\AVG Internet Security 7.5.446a965 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478d2518.qua'!
C:\WINDOWS\Fonts\'\AVG Internet Security 7.5.446a965 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478d2519.qua'!
C:\WINDOWS\Fonts\'\AVG Internet Security 7.5.446a965 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '46f2dba2.qua'!
C:\WINDOWS\Fonts\'\AVG Internet Security Suite v7.5 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '478d251a.qua'!
C:\WINDOWS\Fonts\'\Avid Studio Toolkit v5.6.5 ISO Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af253b.qua'!
C:\WINDOWS\Fonts\'\Away From Her (2006) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7253d.qua'!
C:\WINDOWS\Fonts\'\Axis Camera Station v2.11.320 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af253f.qua'!
C:\WINDOWS\Fonts\'\Babylon 7.0.0 r13 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a82529.qua'!
C:\WINDOWS\Fonts\'\Backdrop Designer v1.1 for Adobe Photoshop Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a9252a.qua'!
C:\WINDOWS\Fonts\'\BackStreet Boys Unbreakable (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a9252b.qua'!
C:\WINDOWS\Fonts\'\BackStreet Boys Unbreakable (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a9252c.qua'!
C:\WINDOWS\Fonts\'\Balls Of Fury (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b2252d.qua'!
C:\WINDOWS\Fonts\'\Bandwidth Monitor 3.1.679 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b4252e.qua'!
C:\WINDOWS\Fonts\'\Bang My Mom (2007) XXX Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b4252f.qua'!
C:\WINDOWS\Fonts\'\Barbie Magic Fairy Tales Barbie as Rapunzel Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b82530.qua'!
C:\WINDOWS\Fonts\'\Barely Legal Spoiled Brats 2 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b82531.qua'!
C:\WINDOWS\Fonts\'\Barnyard DVDR Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b82532.qua'!
C:\WINDOWS\Fonts\'\Barry White - Soul Seduction Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b82533.qua'!
C:\WINDOWS\Fonts\'\Base Jumping ISO (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92534.qua'!
C:\WINDOWS\Fonts\'\Base Jumping(2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92535.qua'!
C:\WINDOWS\Fonts\'\Basketball Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92536.qua'!
C:\WINDOWS\Fonts\'\Basshunter-LOL Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92537.qua'!
C:\WINDOWS\Fonts\'\Battery Doubler v1.2.1 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2538.qua'!
C:\WINDOWS\Fonts\'\Battlefield 2142 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2539.qua'!
C:\WINDOWS\Fonts\'\Battlefield Vietnam Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba253a.qua'!
C:\WINDOWS\Fonts\'\Battlefield Vietnam Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba253b.qua'!
C:\WINDOWS\Fonts\'\BB FlashBack ver.1.5.4.228 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '4766251d.qua'!
C:\WINDOWS\Fonts\'\Beastie Boys - licensed to ill (1986) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72541.qua'!
C:\WINDOWS\Fonts\'\Beer Tycoon (2006) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab2542.qua'!
C:\WINDOWS\Fonts\'\Beerfest (2006) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab2543.qua'!
C:\WINDOWS\Fonts\'\Belltech InfoProtect 1.3 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b22544.qua'!
C:\WINDOWS\Fonts\'\Best Of Boob Bangers Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b92545.qua'!
C:\WINDOWS\Fonts\'\Bet on Soldier Black-out Saigon Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2546.qua'!
C:\WINDOWS\Fonts\'\Big Breasted Beautiful Babes 8 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad254b.qua'!
C:\WINDOWS\Fonts\'\Big Rack Attack Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad254c.qua'!
C:\WINDOWS\Fonts\'\Big Toys No Boys 5 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ad254d.qua'!
C:\WINDOWS\Fonts\'\Billiard Deluxe Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b2254e.qua'!
C:\WINDOWS\Fonts\'\BioShock (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b5254f.qua'!
C:\WINDOWS\Fonts\'\BitDefender Antivirus Plus v10 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2550.qua'!
C:\WINDOWS\Fonts\'\BitDefender Antivirus Plus v10.247 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2551.qua'!
C:\WINDOWS\Fonts\'\BitDefender Antivirus Plus v10.247 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2552.qua'!
C:\WINDOWS\Fonts\'\BitDefender Antivirus Plus v10.247 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2553.qua'!
C:\WINDOWS\Fonts\'\Bitdefender Internet Security Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2554.qua'!
C:\WINDOWS\Fonts\'\Bitdefender Internet Security Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2555.qua'!
C:\WINDOWS\Fonts\'\BitDefender Total Security 2008 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ba2556.qua'!
C:\WINDOWS\Fonts\'\Bix Photo Book v2.22 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47be2557.qua'!
C:\WINDOWS\Fonts\'\Black Christmas Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7255b.qua'!
C:\WINDOWS\Fonts\'\Black Eyed Peas - Monkey Business Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7255c.qua'!
C:\WINDOWS\Fonts\'\Black Hole Organizer v3 1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7255d.qua'!
C:\WINDOWS\Fonts\'\Black Water (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7255e.qua'!
C:\WINDOWS\Fonts\'\Black Xp Usa Final 2.28.0 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a7255f.qua'!
C:\WINDOWS\Fonts\'\Blaze DVD Player v6.52 Unattended Full Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72560.qua'!
C:\WINDOWS\Fonts\'\Blaze GIF Creator v5.76 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72561.qua'!
C:\WINDOWS\Fonts\'\Blaze Media Pro 7.1 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72562.qua'!
C:\WINDOWS\Fonts\'\Bleach The Memories of Nobody Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab2563.qua'!
C:\WINDOWS\Fonts\'\Blood and Chocolate (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b52564.qua'!
C:\WINDOWS\Fonts\'\Blood and Chocolate - 2007 Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b52565.qua'!
C:\WINDOWS\Fonts\'\Blood Brothers (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b52566.qua'!
C:\WINDOWS\Fonts\'\BloodRayne 2 Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b52567.qua'!
C:\WINDOWS\Fonts\'\Bloodrayne II Deliverance (2007) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b52568.qua'!
C:\WINDOWS\Fonts\'\Blow (2001) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b52569.qua'!
C:\WINDOWS\Fonts\'\Bob Marley - Kaya Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a8256d.qua'!
C:\WINDOWS\Fonts\'\Bob Marley - Kaya Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a8256e.qua'!
C:\WINDOWS\Fonts\'\BongWater (1997) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b4256f.qua'!
C:\WINDOWS\Fonts\'\Bra Boys (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72573.qua'!
C:\WINDOWS\Fonts\'\Brave Dwarves 2 Deluxe Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47a72574.qua'!
C:\WINDOWS\Fonts\'\Breach (2007) Cam Dvix Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab2575.qua'!
C:\WINDOWS\Fonts\'\Breaking and Entering (2006) Crack.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47ab2576.qua'!
C:\WINDOWS\Fonts\'\Brianna Love Is Buttwoman Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af2577.qua'!
C:\WINDOWS\Fonts\'\Bridge to Terabithia (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af2578.qua'!
C:\WINDOWS\Fonts\'\Britney Spears - Blackout 2007 Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47af2579.qua'!
C:\WINDOWS\Fonts\'\Brooklyn Rules (2007) Keygen.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47b5257a.qua'!
C:\WINDOWS\Fonts\'\Brutal (2007) Patch.zip
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Tr
23 Novembre 2007 02:43:51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:34, on 23/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/wdgt3/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?bd4bfec031b74e73b655d6d65b081433
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?bd4bfec031b74e73b655d6d65b081433
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142086d1793372031815/netzip...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O20 - Winlogon Notify: cwykgzdw - cwykgzdw.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9412 bytes
23 Novembre 2007 10:34:49

Bien.


Le rappot d'Antivir est incomplet car le rapport est trop long.
Il a fait un gros ménage.


Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/ga [...] dot8_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/ga [...] potg_x.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142086 [...] 601_fr.cab
O20 - Winlogon Notify: cwykgzdw - cwykgzdw.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Aide toi de ce lien.
http://www.infos-du-net.com/forum/267224-11-scan-ligne-...
23 Novembre 2007 20:13:27

KASPERSKY ON-LINE SCANNER REPORT
Friday, November 23, 2007 4:55:11 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 23/11/2007
Enregistrements dans la base antivirus Kaspersky : 435543
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
Statistiques de l'analyse
Total d'objets analysés 70697
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 02:21:18

Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\smain\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\smain\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\smain\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\smain\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db L'objet est verrouillé ignoré
C:\Documents and Settings\smain\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\smain\Local Settings\Historique\History.IE5\MSHist012007112320071124\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\smain\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\smain\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\smain\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{6FB2208C-DB2D-4CE9-8B17-0960C268F7F2}\RP365\A0104313.exe L'objet est verrouillé ignoré
C:\System Volume Information\_restore{6FB2208C-DB2D-4CE9-8B17-0960C268F7F2}\RP372\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
23 Novembre 2007 22:59:04

Pas de signe d'infection dans ce rapport.

As tu encore des dysfonctionnements ?
23 Novembre 2007 23:19:26

non sa va mon pc tourne mieux
je croi que c'est ok
23 Novembre 2007 23:22:54

Es que vous pouvez voir une dernier foi le rapport HijackThis pour être sur q’il ni y as plu rien SVP
23 Novembre 2007 23:39:37

Merci de pour votre aide
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS