Se connecter / S'enregistrer
Votre question

internet lent + scan PC [Résolu]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Octobre 2007 19:59:21

Bonjour,
Mon ordinateur semble bien "tourner", mais internet et beaucoup plus lent depuis quelques jours.
J'ai regardé sur plusieurs forums, et je suis tombé sur celui qui explique comment procéder avec Hijackthis.
Si quelqu'un peut m'aider.... voici le rapport de Hijackthis (pour info, je n'ais pas d'antivirus) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:27, on 25/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\bdir\sdflkj6.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\GuildFTPd\GuildFTPd.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj6.exe
O4 - HKCU\..\Run: [tlz] C:\WINDOWS\47681728.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GuildFTPd - FTP server deamon.lnk = C:\Program Files\GuildFTPd\GuildFTPd.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e15bb36e1d11eee5.spaces.live.com/PhotoUpload...
O17 - HKLM\System\CCS\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6065 bytes

Autres pages sur : internet lent scan resolu

25 Octobre 2007 21:18:13

Bonjour


$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...


$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt".


Ensuite.


Télécharge Antivir
http://www.free-av.com
et son tutorial d'installation
http://speedweb1.free.fr/frames2.php?page=tuto5
Tu l'installes, tu scan ton PC et tu postes le rapport.


Poste aussi un nouveau Hijackthis.
26 Octobre 2007 00:34:44

Alors..... dans l'ordre :
rapport de SDFIX :

SDFix: Version 1.112

Run by NYCKEES on 25/10/2007 at 21:48

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFIX\SDFix

Safe Mode:
Checking Services:

Name:
new_drv

ImagePath:
\??\C:\WINDOWS\new_drv.sys

new_drv - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\bdir\ffmiu\.Incl.Keymaker-CORE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Charm.Real.Converter.Pro.6.3 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE-2b73d0b90.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Chat.Watch.v4.2.6.WinALL-BRD-27b150cba.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Chat.Watch.v4.2.6.WinALL-BRD.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Chat.Watch.v4.2.6.WinALL-BRD.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Chat.Watch.v4.4.4.WinALL.Cracked-CzW.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Chat.Watch.v4.4.7.WinALL.Cracked-CzW.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CheapShareware.PhotoMagic.v2.0-Lz0.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CheckMail v3.1-DIGERATI.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CheckMail.3.0.2.WinAll.Cracked-EiTheL.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CheckMail.v3.1.1.WinALL-CHiCNCREAM.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CheckMail.v3.1.2.WinALL-CHiCNCREAM.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CheckPoint.Integrity.Advanced.Server.v6.0.467.0.Retail.Incl.keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah CD Burner v3.45 - TOaO.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah CD Burner v3.47.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah CD Burner v3.48.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah CD Burner v3.54.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah DVD Burner v1.64.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah DVD Burner v1.66.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah DVD Burner v1.7.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah DVD Burner v1.71.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheetah DVD Burner v1.75.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cheques.Editor.v4.22 SERIAL-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\chess-auto.buddy.2.32.-.yahoo.cracked-tsrh.zip - Deleted
C:\WINDOWS\bdir\ffmiu\chm2pdf.pilot.2.10.cracked-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\christv.lite.4.95.keygen icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ChrisTWEAK.v1.60-TE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Ciel.Business.Plan.2007.v7.0.2.1 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Ciel.Multi.Devis.du.Batiment.v2007.french CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Ciel.Paye.2007.v13.00.french CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Ciel.Point.de.Vente.2007.v6.00.french CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Ciel.Tableaux.de.Bord.pour.Windows.2007.v6.7.1067.french CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cim-Admire.Soft-ALL.Multimedia.Software-KeyGen.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cim-Ahead.Nero.Burning.Rom.6.x.With.Plugins-KeyGen.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cim-avast!.Antivirus.Professional.Edition.4.6-KeyGen.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cim-AXE.3.0-Patch.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cim-Code.Route.Maroc-Patch.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cim-GoldWave.4.26-Patch.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CineCap.Standard.v1.40 KEYGEN-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cinema.Craft.Encoder.SP2.v1.00.00.01-Lz0.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cinema.Craft.Encoder.SP2.v1.00.00.10-EDGE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Circulate v1.07.5 - CRUDE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Circulate v1.73 - MiNT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Circulate.v1.07.2.WinALL.Incl.Keygen-ECLiPSE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Circulate.v1.7.3.Cracked.REPACK-MiNT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\clash.n.slash.worlds.away.v.1.02.cracked-tsrh.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clean.Disk.Security.v7.51.WinALL.Regged-CHiCNCREAM.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clean.Disk.Security.v7.62.WinALL.Regged-CHiCNCREAM-2bceeaa6f.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clean.Disk.Security.v7.62.WinALL.Regged-CHiCNCREAM.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cleanerzoomer v3.51c - CHiC.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cleanerzoomer.Professional.v3.5-TE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CleanerZoomer.Professional.v3.5.1.Cracked-F4CG.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CleanerZoomer.Professional.v3.5.1a.Cracked-F4CG.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CleanerZoomer.Professional.v3.5.1b.Cracked-F4CG.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cleanerzoomer.v3.51c.WinALL-CHiCNCREAM.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clever.Boxman.v2.x KEYGEN-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clipboard.Box.v2.9.WinAll.Incl.Keygen-PH.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clipboard.Box.v3.3.WinALL.Keygen.Only-ViRiLiTY.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clipstream Live v2.5.60621 - EMBRACE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clock Tray Skins 3.4 Patch newborn tPORt.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Clock.Tray.Skins.v3.x.GENERIC CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ClockWatch.ServerMP.v3.1.2-TBE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CloneCD 5 2 9 1 Patch by Bokiv.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CloneCD.5.2.6.1-Patch CiM.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CloneDVD 2.8.2.1 (Multilanguage).rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CloneDVD.Mobile.1.1.0.5 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CloneDVD2 v2 9 0 1 Patch by Bokiv.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Close.Call.1.01 KEYGEN-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\clrav.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CoCSoft.Stream.Down.v5.9-CROSSFiRE-2ae9e39df.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CoCSoft.Stream.Down.v5.9-CROSSFiRE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CodeLobster.v3.0.Incl.Keygen-Lz0.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\codememo.1.2.9.[palmos].cracked.prc-rev.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Coding.Workshop.Polyphonic.Wizard.v4.0.4-DVT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CoinManage.2007 CRKEXE-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\colecciones.msd.1.40.serial-tsrh.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Collectorz.com.Book.Collector.Pro.v4.6.2-TE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Collectorz.com.Book.Collector.Pro.v4.6.3-TE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Collectorz.com.Book.Collector.Pro.v4.6.4-TE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Collectorz.com.Book.Collector.Pro.v4.7.1-TE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Color7 Music Fans Factory v8.4 Regged.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Color7.DVD.Creator.v7.0.Regged-ARN.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ColorImpact.v2.8.7.403.WinALL.Keymaker.Only-CORE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ColorImpact.v2.8.7.403.WinALL.Keymaker.Only-CORE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ColorMaster v2.06.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\COM Port Toolkit.v.3.xx.Loader TrialKiller.WoLFeR.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Comic Collector Pro v3.0.1 - TE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Comic.Book.Manager.1.12 KEYGEN-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Command & Conquer Generals.NOCD.M!H@N.tPORt.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CompanionLink.Professional.v2.0.2639.Multilingual.Incl.Keymaker-ACME.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Compare.Suite.v3.0.0.26.cracked.exe.TeaM.iNFLUENCE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CompeGPS.AIR.6.31 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CompeGPS.LAND.6.31 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\complex evolution 3 2 2 Cracked exe by Bokiv.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ComponentOne.Studio.for.ActiveX.2005.v3.Incl.Keygen-ORiON.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ComponentOne.Studio.for.ASP.NET.2006.v1.for.DotNET.Framework.v2.0.Incl.Keygen-ORiON.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ComponentOne.Studio.for.DotNET.2005.v3.Incl.Keygen-ORiON.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Comptabilite.pour.Associations.v1.00 SERIAL-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Comptabilite.pour.Micro.Entreprises.v1.00 SERIAL-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ComputentSystems getStarted!XP v4.5.6 Patch by GEAR-2fc8ebcfb.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ComputentSystems getStarted!XP v4.5.6 Patch by GEAR.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConceptDraw.Netdiagrammer.5.5.0.1 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConceptDraw.Project.v2.1.4.0.Incl.Keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConceptDraw.Reporter.1.0.5 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConceptDraw.WebWave.5.5.0.1 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Contact.Wolf.v2.292 - LZ0.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Converio.v2.2.4.READNFO CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Converio.v2.2.x.READNFO CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConvertXtoDVD v2.0.17 - F4CG.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConvertXtoDVD.2.0.12.126c CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConvertXtoDVD.v2.1.4.162.Multilanguage.WinALL.Cracked-BLiZZARD.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ConvertXtoDVD.v2.1.5.173.WinALL.READNFO-CHiCNCREAM.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Conveyor Design Mine Conveyor v3.5.15 - DiG.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cookie Jar v2.2 - ENGiNE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cool Capture v1.25 - CRUDE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\coolmasoft changeip v1.2 serial-GEAR.zip - Deleted
C:\WINDOWS\bdir\ffmiu\coolmasoft multisync v2.4.2.0 serial-GEAR.zip - Deleted
C:\WINDOWS\bdir\ffmiu\coolmasoft websharp v1.x serial-GEAR.zip - Deleted
C:\WINDOWS\bdir\ffmiu\copypod.photo.1.60.serial-rev.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Corporate.SMTP.Server.1.6.TeaM.iNFLUENCE-Patch.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cosmic.Blobs.Deluxe.v1.3.6360 CRKEXE-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CounterSpy v1.5.82.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Crack Kaspersky Anti-Virus Personal Pro v5.0.14 (Eng & TW).zip - Deleted
C:\WINDOWS\bdir\ffmiu\CrackDown22.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cracksearcher.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CREATiVE DiMENSiON 3DSOM PRO v2.0.4.5-iNFERNO.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cricket.07.GENERIC KEYGEN-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\crksrchr.zip - Deleted
C:\WINDOWS\bdir\ffmiu\crocodile.chemistry.605.keygen-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\crocodile.ict.605.keygen-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\crocodile.physics.605.keygen-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\crocodile.technology.3d.606.keygen-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cross-Database.Comparator.Pro.v5.0.27962 CRK-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CrossFont.4.1 CRKEXE-FFF.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Crossword v3.3.1.Patch.M!H@N.tPORt.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\ctaddress.extractor.1.0.cracked.exe-rev.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cube-iq.3.0.17.2.patch-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cucusoft.DVD.to.iPod.Converter.v2.09.Retail.Incl.Keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cucusoft.DVD.to.iPod.Converter.v5.16.Retail.Incl.Keymaker-ZWT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT-254b126b4.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CUEcards.2005.v4.15.WinAll.Incl.Keygenerator-TMG.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cute.CD.DVD.Burner.v3.0.Cracked-EXPLOSiON.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\CuteFTP.Pro.v8.0.1.08.17.2006.3.WinALL-CHiCNCREAM.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cvverifier.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\cyberlink.powerdvd.7.xx.patch-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Cyberlink.PowerDVD.Deluxe.v7.0.1813.Multilingual.Incl.Keymaker-CORE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DaanCalendar v1.9 Cracked.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DaisyWords[1].v1.0.8.WinALL.CRACKED-iNDUCT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dameware.NT.Utilities.v5.0.1.1.Incl.Keymaker-EMBRACE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dameware.NT.Utilities.v5.0.1.1.Incl.Keymaker-EMBRACE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Danware.NetOp.Remote.Control.v9.00.2006157.Incl.Keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dark.Basic.Professional.v1.062.Cracked-ARN.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DaRO Registry Fixer 2006 2.0 Cracked - iNDUCT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DaRO Uninstaller 2006 2.0 Cracked - iNDUCT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Data Security Guard v1.2 Cracked - ARN.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\data.guardian.1.0.1.serial-rev.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Database Workbench v2.8.6.0 Cracked - CROSS.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DataDirect.Stylus.Studio.2006.XML.Enterprise.Edition.v7.3.653c.Incl.Keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DataDirect.Stylus.Studio.2007.XML.Enterprise.Suite.v8.1.735d.Incl.Keymaker-ZWT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dawningsoft.DOC2CHM.v1.2.1110.Incl.Patch.and.Keygen-PKT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DaySmart.v6.0.1.WinALL.Incl.Keygen-BRD.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dekart.Private.Disk.v2.17.WinALL.Incl.Keygen-ViRiLiTY.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DeltaGIS.Project.Edition.v5.6.0.0.Bilingual.Incl.Keymaker-ACME.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DeskCalc.Business.Pro.v4.0.18.Multilingual.Incl.Keymaker-ACME.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DeskShare.Video.Edit.Magic.v4.1.8-DVT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DeskShare.Video.Edit.Magic.v4.21-DVT.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DeskSoft[1].EarthTime.v1.5.4-HERiTAGE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Desktop.Authority.v7.5.0.366.Incl.Keymaker-EMBRACE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\desktop.icon.toy.1.3.keygen-rev.zip - Deleted
C:\WINDOWS\bdir\ffmiu\desktop.magnifier.3.28.keyfile-rev.zip - Deleted
C:\WINDOWS\bdir\ffmiu\dev-cods.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dev.Hound.v2.21.Incl.Keymaker-EMBRACE-2a0985d79.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dev.Hound.v2.21.Incl.Keymaker-EMBRACE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Dev.Hound.v2.21.Incl.Keymaker-EMBRACE.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Developer.Express.CodeRush.for.Visual.Studio.Dot.NET.v2.0.4.Incl.Keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Developer.Express.Refactor.Pro.for.Visual.Studio.Dot.NET.v2.0.4.Incl.Keymaker-ZWT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DFX.for.MusicMatch.JukeBox.v8.17.Incl.Keymaker-CORE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DFX.for.Winamp.v8.0.Incl.Keymaker-CORE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DFX.for.Windows.Media.Player.v8.17.Incl.Keymaker-CORE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DialogBlocks.2006.v3.10.Team.iNFLUENCE - Keygen.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DialogBlocks.v2.04.Incl.Keymaker-AGAiN.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DialogBlocks.v3.12.UNICODE.WinALL.Incl.Keygen-ViRiLiTY.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Diffraction.Limited.MaxDSLR.v4.0.6-EDGE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Diffraction.Limited.MaxIm.DL.v4.5.6-EDGE.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\DiffUnlock.v1.1.Multilingual-DVT.zip - Deleted
C:\WINDOWS\bdir\ffmiu\digibyte.mpeg.joiner.2.0.097.keygen-icu-25068a792.zip - Deleted
C:\WINDOWS\bdir\ffmiu\digibyte.mpeg.joiner.2.0.097.keygen-icu.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digimoto[1].v4.03.Cracked-HERETiC.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital Audio Editor v6.6 Cracked - CzW.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital Audio Editor v6.8 Regged.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital MediaRescue Pro v4.0.148 Cracked - HERETiC.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital ObjectRescue Pro v4.0.150 Cracked - HERETiC.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital PhotoRescue Pro v4.0.165 Cracked - HERETiC.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital.Audio.Editor.v6.6.WinALL.Cracked-CzW.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital.Audio.Editor.v6.7.WinALL.Cracked-CzW.zip - Deleted
C:\WINDOWS\bdir\ffmiu\digital.image.to.icon.converter.1.3.cracked-tsrh.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital.MediaRescue.Professional.v4.2.Build.154.MULTILINGUAL.Cracked-F4CG.rar.zip - Deleted
C:\WINDOWS\bdir\ffmiu\Digital.MediaRescue.Professional.v4.3.Build155.Cracked-F4CG.rar.zip - Deleted
C:\WINDOWS\new_drv.sys - Deleted


Folder C:\WINDOWS\bdir - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"="C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe:*:Enabled:SketchUp Application"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\GuildFTPd\\GuildFTPd.exe"="C:\\Program Files\\GuildFTPd\\GuildFTPd.exe:*:Enabled:GuildFTPd FTP Server Deamon"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFIX\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sat 15 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2e7a189200995a8815b37a5d2ef6c8c6\BIT9.tmp"
Sat 15 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\BITF.tmp"
Sat 15 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT1F.tmp"
Tue 18 Sep 2007 39,301,304 A..H. --- "C:\Documents and Settings\NYCKEES\Local Settings\Temp\VSSETUP50727.42.28\1036\BIT22.tmp"

Finished!





ensuite rapport de antivir :


AntiVir PersonalEdition Classic
Report file date: jeudi 25 octobre 2007 22:19

Scanning for 903047 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: NYCKEES
Computer name: PORTABLE

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.91 687104 Bytes 16/10/2007 20:04:47
ANTIVIR3.VDF : 7.0.0.135 265216 Bytes 25/10/2007 20:04:47
AVEWIN32.DLL : 7.6.0.27 3019264 Bytes 25/10/2007 20:04:47
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: jeudi 25 octobre 2007 22:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\NYCKEES\Local Settings\Temporary Internet Files\Content.IE5\0BKRP1ED\keyframe[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Silly.Gen
[INFO] The file was moved to '4799fbce.qua'!
C:\Documents and Settings\NYCKEES\Local Settings\Temporary Internet Files\Content.IE5\JV120OND\1[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.1609
[INFO] The file was deleted!
C:\Documents and Settings\NYCKEES\Local Settings\Temporary Internet Files\Content.IE5\JV120OND\java[1]
[0] Archive type: ZIP
--> Dex.class
[DETECTION] Contains detection pattern of the Java virus JAVA/ClassLoader.GC
--> Dvnny.class
[DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.Bytverify.4
[INFO] The file was moved to '4796fc41.qua'!
C:\SDFIX\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/.Incl.Keymaker-CORE.zip
[1] Archive type: ZIP
--> .Incl.Keymaker-CORE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Charm.Real.Converter.Pro.6.3 CRK-FFF.zip
[1] Archive type: ZIP
--> Charm.Real.Converter.Pro.6.3 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE-2b73d0b90.zip
[1] Archive type: ZIP
--> Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE-2b73d0b90.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE.rar.zip
[1] Archive type: ZIP
--> Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE.zip
[1] Archive type: ZIP
--> Charm.Real.Converter.Pro.v5.6.WinALL.Incl.Keymaker-CORE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Chat.Watch.v4.2.6.WinALL-BRD-27b150cba.zip
[1] Archive type: ZIP
--> Chat.Watch.v4.2.6.WinALL-BRD-27b150cba.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Chat.Watch.v4.2.6.WinALL-BRD.rar.zip
[1] Archive type: ZIP
--> Chat.Watch.v4.2.6.WinALL-BRD.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Chat.Watch.v4.2.6.WinALL-BRD.zip
[1] Archive type: ZIP
--> Chat.Watch.v4.2.6.WinALL-BRD.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Chat.Watch.v4.4.4.WinALL.Cracked-CzW.zip
[1] Archive type: ZIP
--> Chat.Watch.v4.4.4.WinALL.Cracked-CzW.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Chat.Watch.v4.4.7.WinALL.Cracked-CzW.rar.zip
[1] Archive type: ZIP
--> Chat.Watch.v4.4.7.WinALL.Cracked-CzW.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CheapShareware.PhotoMagic.v2.0-Lz0.zip
[1] Archive type: ZIP
--> CheapShareware.PhotoMagic.v2.0-Lz0.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CheckMail v3.1-DIGERATI.zip
[1] Archive type: ZIP
--> CheckMail v3.1-DIGERATI.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CheckMail.3.0.2.WinAll.Cracked-EiTheL.zip
[1] Archive type: ZIP
--> CheckMail.3.0.2.WinAll.Cracked-EiTheL.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CheckMail.v3.1.1.WinALL-CHiCNCREAM.rar.zip
[1] Archive type: ZIP
--> CheckMail.v3.1.1.WinALL-CHiCNCREAM.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CheckMail.v3.1.2.WinALL-CHiCNCREAM.rar.zip
[1] Archive type: ZIP
--> CheckMail.v3.1.2.WinALL-CHiCNCREAM.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CheckPoint.Integrity.Advanced.Server.v6.0.467.0.Retail.Incl.keymaker-ZWT.zip
[1] Archive type: ZIP
--> CheckPoint.Integrity.Advanced.Server.v6.0.467.0.Retail.Incl.keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah CD Burner v3.45 - TOaO.rar.zip
[1] Archive type: ZIP
--> Cheetah CD Burner v3.45 - TOaO.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah CD Burner v3.47.rar.zip
[1] Archive type: ZIP
--> Cheetah CD Burner v3.47.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah CD Burner v3.48.rar.zip
[1] Archive type: ZIP
--> Cheetah CD Burner v3.48.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah CD Burner v3.54.rar.zip
[1] Archive type: ZIP
--> Cheetah CD Burner v3.54.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah DVD Burner v1.64.rar.zip
[1] Archive type: ZIP
--> Cheetah DVD Burner v1.64.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah DVD Burner v1.66.rar.zip
[1] Archive type: ZIP
--> Cheetah DVD Burner v1.66.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah DVD Burner v1.7.rar.zip
[1] Archive type: ZIP
--> Cheetah DVD Burner v1.7.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah DVD Burner v1.71.rar.zip
[1] Archive type: ZIP
--> Cheetah DVD Burner v1.71.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheetah DVD Burner v1.75.rar.zip
[1] Archive type: ZIP
--> Cheetah DVD Burner v1.75.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cheques.Editor.v4.22 SERIAL-FFF.zip
[1] Archive type: ZIP
--> Cheques.Editor.v4.22 SERIAL-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/chess-auto.buddy.2.32.-.yahoo.cracked-tsrh.zip
[1] Archive type: ZIP
--> chess-auto.buddy.2.32.-.yahoo.cracked-tsrh.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/chm2pdf.pilot.2.10.cracked-icu.zip
[1] Archive type: ZIP
--> chm2pdf.pilot.2.10.cracked-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/christv.lite.4.95.keygen icu.zip
[1] Archive type: ZIP
--> christv.lite.4.95.keygen icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ChrisTWEAK.v1.60-TE.rar.zip
[1] Archive type: ZIP
--> ChrisTWEAK.v1.60-TE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Ciel.Business.Plan.2007.v7.0.2.1 CRK-FFF.zip
[1] Archive type: ZIP
--> Ciel.Business.Plan.2007.v7.0.2.1 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Ciel.Multi.Devis.du.Batiment.v2007.french CRK-FFF.zip
[1] Archive type: ZIP
--> Ciel.Multi.Devis.du.Batiment.v2007.french CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Ciel.Paye.2007.v13.00.french CRK-FFF.zip
[1] Archive type: ZIP
--> Ciel.Paye.2007.v13.00.french CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Ciel.Point.de.Vente.2007.v6.00.french CRK-FFF.zip
[1] Archive type: ZIP
--> Ciel.Point.de.Vente.2007.v6.00.french CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Ciel.Tableaux.de.Bord.pour.Windows.2007.v6.7.1067.french CRK-FFF.zip
[1] Archive type: ZIP
--> Ciel.Tableaux.de.Bord.pour.Windows.2007.v6.7.1067.french CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cim-Admire.Soft-ALL.Multimedia.Software-KeyGen.zip
[1] Archive type: ZIP
--> cim-Admire.Soft-ALL.Multimedia.Software-KeyGen.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cim-Ahead.Nero.Burning.Rom.6.x.With.Plugins-KeyGen.zip
[1] Archive type: ZIP
--> cim-Ahead.Nero.Burning.Rom.6.x.With.Plugins-KeyGen.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cim-avast!.Antivirus.Professional.Edition.4.6-KeyGen.zip
[1] Archive type: ZIP
--> cim-avast!.Antivirus.Professional.Edition.4.6-KeyGen.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cim-AXE.3.0-Patch.zip
[1] Archive type: ZIP
--> cim-AXE.3.0-Patch.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cim-Code.Route.Maroc-Patch.zip
[1] Archive type: ZIP
--> cim-Code.Route.Maroc-Patch.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cim-GoldWave.4.26-Patch.zip
[1] Archive type: ZIP
--> cim-GoldWave.4.26-Patch.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CineCap.Standard.v1.40 KEYGEN-FFF.zip
[1] Archive type: ZIP
--> CineCap.Standard.v1.40 KEYGEN-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cinema.Craft.Encoder.SP2.v1.00.00.01-Lz0.zip
[1] Archive type: ZIP
--> Cinema.Craft.Encoder.SP2.v1.00.00.01-Lz0.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cinema.Craft.Encoder.SP2.v1.00.00.10-EDGE.rar.zip
[1] Archive type: ZIP
--> Cinema.Craft.Encoder.SP2.v1.00.00.10-EDGE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Circulate v1.07.5 - CRUDE.rar.zip
[1] Archive type: ZIP
--> Circulate v1.07.5 - CRUDE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Circulate v1.73 - MiNT.rar.zip
[1] Archive type: ZIP
--> Circulate v1.73 - MiNT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Circulate.v1.07.2.WinALL.Incl.Keygen-ECLiPSE.zip
[1] Archive type: ZIP
--> Circulate.v1.07.2.WinALL.Incl.Keygen-ECLiPSE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Circulate.v1.7.3.Cracked.REPACK-MiNT.zip
[1] Archive type: ZIP
--> Circulate.v1.7.3.Cracked.REPACK-MiNT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/clash.n.slash.worlds.away.v.1.02.cracked-tsrh.zip
[1] Archive type: ZIP
--> clash.n.slash.worlds.away.v.1.02.cracked-tsrh.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clean.Disk.Security.v7.51.WinALL.Regged-CHiCNCREAM.zip
[1] Archive type: ZIP
--> Clean.Disk.Security.v7.51.WinALL.Regged-CHiCNCREAM.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clean.Disk.Security.v7.62.WinALL.Regged-CHiCNCREAM-2bceeaa6f.rar.zip
[1] Archive type: ZIP
--> Clean.Disk.Security.v7.62.WinALL.Regged-CHiCNCREAM-2bceeaa6f.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clean.Disk.Security.v7.62.WinALL.Regged-CHiCNCREAM.rar.zip
[1] Archive type: ZIP
--> Clean.Disk.Security.v7.62.WinALL.Regged-CHiCNCREAM.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cleanerzoomer v3.51c - CHiC.rar.zip
[1] Archive type: ZIP
--> Cleanerzoomer v3.51c - CHiC.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cleanerzoomer.Professional.v3.5-TE.zip
[1] Archive type: ZIP
--> Cleanerzoomer.Professional.v3.5-TE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CleanerZoomer.Professional.v3.5.1.Cracked-F4CG.zip
[1] Archive type: ZIP
--> CleanerZoomer.Professional.v3.5.1.Cracked-F4CG.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CleanerZoomer.Professional.v3.5.1a.Cracked-F4CG.zip
[1] Archive type: ZIP
--> CleanerZoomer.Professional.v3.5.1a.Cracked-F4CG.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CleanerZoomer.Professional.v3.5.1b.Cracked-F4CG.zip
[1] Archive type: ZIP
--> CleanerZoomer.Professional.v3.5.1b.Cracked-F4CG.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cleanerzoomer.v3.51c.WinALL-CHiCNCREAM.rar.zip
[1] Archive type: ZIP
--> Cleanerzoomer.v3.51c.WinALL-CHiCNCREAM.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clever.Boxman.v2.x KEYGEN-FFF.zip
[1] Archive type: ZIP
--> Clever.Boxman.v2.x KEYGEN-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clipboard.Box.v2.9.WinAll.Incl.Keygen-PH.zip
[1] Archive type: ZIP
--> Clipboard.Box.v2.9.WinAll.Incl.Keygen-PH.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clipboard.Box.v3.3.WinALL.Keygen.Only-ViRiLiTY.rar.zip
[1] Archive type: ZIP
--> Clipboard.Box.v3.3.WinALL.Keygen.Only-ViRiLiTY.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clipstream Live v2.5.60621 - EMBRACE.rar.zip
[1] Archive type: ZIP
--> Clipstream Live v2.5.60621 - EMBRACE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clock Tray Skins 3.4 Patch newborn tPORt.rar.zip
[1] Archive type: ZIP
--> Clock Tray Skins 3.4 Patch newborn tPORt.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Clock.Tray.Skins.v3.x.GENERIC CRK-FFF.zip
[1] Archive type: ZIP
--> Clock.Tray.Skins.v3.x.GENERIC CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ClockWatch.ServerMP.v3.1.2-TBE.rar.zip
[1] Archive type: ZIP
--> ClockWatch.ServerMP.v3.1.2-TBE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CloneCD 5 2 9 1 Patch by Bokiv.zip
[1] Archive type: ZIP
--> CloneCD 5 2 9 1 Patch by Bokiv.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CloneCD.5.2.6.1-Patch CiM.zip
[1] Archive type: ZIP
--> CloneCD.5.2.6.1-Patch CiM.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CloneDVD 2.8.2.1 (Multilanguage).rar.zip
[1] Archive type: ZIP
--> CloneDVD 2.8.2.1 (Multilanguage).rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CloneDVD.Mobile.1.1.0.5 CRK-FFF.zip
[1] Archive type: ZIP
--> CloneDVD.Mobile.1.1.0.5 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CloneDVD2 v2 9 0 1 Patch by Bokiv.zip
[1] Archive type: ZIP
--> CloneDVD2 v2 9 0 1 Patch by Bokiv.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Close.Call.1.01 KEYGEN-FFF.zip
[1] Archive type: ZIP
--> Close.Call.1.01 KEYGEN-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/clrav.zip
[1] Archive type: ZIP
--> clrav.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CoCSoft.Stream.Down.v5.9-CROSSFiRE-2ae9e39df.rar.zip
[1] Archive type: ZIP
--> CoCSoft.Stream.Down.v5.9-CROSSFiRE-2ae9e39df.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CoCSoft.Stream.Down.v5.9-CROSSFiRE.rar.zip
[1] Archive type: ZIP
--> CoCSoft.Stream.Down.v5.9-CROSSFiRE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CodeLobster.v3.0.Incl.Keygen-Lz0.rar.zip
[1] Archive type: ZIP
--> CodeLobster.v3.0.Incl.Keygen-Lz0.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/codememo.1.2.9.[palmos].cracked.prc-rev.zip
[1] Archive type: ZIP
--> codememo.1.2.9.[palmos].cracked.prc-rev.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Coding.Workshop.Polyphonic.Wizard.v4.0.4-DVT.rar.zip
[1] Archive type: ZIP
--> Coding.Workshop.Polyphonic.Wizard.v4.0.4-DVT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CoinManage.2007 CRKEXE-FFF.zip
[1] Archive type: ZIP
--> CoinManage.2007 CRKEXE-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/colecciones.msd.1.40.serial-tsrh.zip
[1] Archive type: ZIP
--> colecciones.msd.1.40.serial-tsrh.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Collectorz.com.Book.Collector.Pro.v4.6.2-TE.zip
[1] Archive type: ZIP
--> Collectorz.com.Book.Collector.Pro.v4.6.2-TE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Collectorz.com.Book.Collector.Pro.v4.6.3-TE.zip
[1] Archive type: ZIP
--> Collectorz.com.Book.Collector.Pro.v4.6.3-TE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Collectorz.com.Book.Collector.Pro.v4.6.4-TE.zip
[1] Archive type: ZIP
--> Collectorz.com.Book.Collector.Pro.v4.6.4-TE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Collectorz.com.Book.Collector.Pro.v4.7.1-TE.rar.zip
[1] Archive type: ZIP
--> Collectorz.com.Book.Collector.Pro.v4.7.1-TE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Color7 Music Fans Factory v8.4 Regged.rar.zip
[1] Archive type: ZIP
--> Color7 Music Fans Factory v8.4 Regged.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Color7.DVD.Creator.v7.0.Regged-ARN.rar.zip
[1] Archive type: ZIP
--> Color7.DVD.Creator.v7.0.Regged-ARN.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ColorImpact.v2.8.7.403.WinALL.Keymaker.Only-CORE.rar.zip
[1] Archive type: ZIP
--> ColorImpact.v2.8.7.403.WinALL.Keymaker.Only-CORE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ColorImpact.v2.8.7.403.WinALL.Keymaker.Only-CORE.zip
[1] Archive type: ZIP
--> ColorImpact.v2.8.7.403.WinALL.Keymaker.Only-CORE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ColorMaster v2.06.rar.zip
[1] Archive type: ZIP
--> ColorMaster v2.06.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/COM Port Toolkit.v.3.xx.Loader TrialKiller.WoLFeR.rar.zip
[1] Archive type: ZIP
--> COM Port Toolkit.v.3.xx.Loader TrialKiller.WoLFeR.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Comic Collector Pro v3.0.1 - TE.rar.zip
[1] Archive type: ZIP
--> Comic Collector Pro v3.0.1 - TE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Comic.Book.Manager.1.12 KEYGEN-FFF.zip
[1] Archive type: ZIP
--> Comic.Book.Manager.1.12 KEYGEN-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Command & Conquer Generals.NOCD.M!H@N.tPORt.rar.zip
[1] Archive type: ZIP
--> Command & Conquer Generals.NOCD.M!H@N.tPORt.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CompanionLink.Professional.v2.0.2639.Multilingual.Incl.Keymaker-ACME.rar.zip
[1] Archive type: ZIP
--> CompanionLink.Professional.v2.0.2639.Multilingual.Incl.Keymaker-ACME.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Compare.Suite.v3.0.0.26.cracked.exe.TeaM.iNFLUENCE.zip
[1] Archive type: ZIP
--> Compare.Suite.v3.0.0.26.cracked.exe.TeaM.iNFLUENCE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CompeGPS.AIR.6.31 CRK-FFF.zip
[1] Archive type: ZIP
--> CompeGPS.AIR.6.31 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CompeGPS.LAND.6.31 CRK-FFF.zip
[1] Archive type: ZIP
--> CompeGPS.LAND.6.31 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/complex evolution 3 2 2 Cracked exe by Bokiv.zip
[1] Archive type: ZIP
--> complex evolution 3 2 2 Cracked exe by Bokiv.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ComponentOne.Studio.for.ActiveX.2005.v3.Incl.Keygen-ORiON.zip
[1] Archive type: ZIP
--> ComponentOne.Studio.for.ActiveX.2005.v3.Incl.Keygen-ORiON.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ComponentOne.Studio.for.ASP.NET.2006.v1.for.DotNET.Framework.v2.0.Incl.Keygen-ORiON.zip
[1] Archive type: ZIP
--> ComponentOne.Studio.for.ASP.NET.2006.v1.for.DotNET.Framework.v2.0.Incl.Keygen-ORiON.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ComponentOne.Studio.for.DotNET.2005.v3.Incl.Keygen-ORiON.zip
[1] Archive type: ZIP
--> ComponentOne.Studio.for.DotNET.2005.v3.Incl.Keygen-ORiON.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Comptabilite.pour.Associations.v1.00 SERIAL-FFF.zip
[1] Archive type: ZIP
--> Comptabilite.pour.Associations.v1.00 SERIAL-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Comptabilite.pour.Micro.Entreprises.v1.00 SERIAL-FFF.zip
[1] Archive type: ZIP
--> Comptabilite.pour.Micro.Entreprises.v1.00 SERIAL-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ComputentSystems getStarted!XP v4.5.6 Patch by GEAR-2fc8ebcfb.zip
[1] Archive type: ZIP
--> ComputentSystems getStarted!XP v4.5.6 Patch by GEAR-2fc8ebcfb.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ComputentSystems getStarted!XP v4.5.6 Patch by GEAR.zip
[1] Archive type: ZIP
--> ComputentSystems getStarted!XP v4.5.6 Patch by GEAR.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConceptDraw.Netdiagrammer.5.5.0.1 CRK-FFF.zip
[1] Archive type: ZIP
--> ConceptDraw.Netdiagrammer.5.5.0.1 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConceptDraw.Project.v2.1.4.0.Incl.Keymaker-ZWT.zip
[1] Archive type: ZIP
--> ConceptDraw.Project.v2.1.4.0.Incl.Keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConceptDraw.Reporter.1.0.5 CRK-FFF.zip
[1] Archive type: ZIP
--> ConceptDraw.Reporter.1.0.5 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConceptDraw.WebWave.5.5.0.1 CRK-FFF.zip
[1] Archive type: ZIP
--> ConceptDraw.WebWave.5.5.0.1 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Contact.Wolf.v2.292 - LZ0.rar.zip
[1] Archive type: ZIP
--> Contact.Wolf.v2.292 - LZ0.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Converio.v2.2.4.READNFO CRK-FFF.zip
[1] Archive type: ZIP
--> Converio.v2.2.4.READNFO CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Converio.v2.2.x.READNFO CRK-FFF.zip
[1] Archive type: ZIP
--> Converio.v2.2.x.READNFO CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConvertXtoDVD v2.0.17 - F4CG.rar.zip
[1] Archive type: ZIP
--> ConvertXtoDVD v2.0.17 - F4CG.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConvertXtoDVD.2.0.12.126c CRK-FFF.zip
[1] Archive type: ZIP
--> ConvertXtoDVD.2.0.12.126c CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConvertXtoDVD.v2.1.4.162.Multilanguage.WinALL.Cracked-BLiZZARD.rar.zip
[1] Archive type: ZIP
--> ConvertXtoDVD.v2.1.4.162.Multilanguage.WinALL.Cracked-BLiZZARD.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ConvertXtoDVD.v2.1.5.173.WinALL.READNFO-CHiCNCREAM.rar.zip
[1] Archive type: ZIP
--> ConvertXtoDVD.v2.1.5.173.WinALL.READNFO-CHiCNCREAM.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Conveyor Design Mine Conveyor v3.5.15 - DiG.rar.zip
[1] Archive type: ZIP
--> Conveyor Design Mine Conveyor v3.5.15 - DiG.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cookie Jar v2.2 - ENGiNE.rar.zip
[1] Archive type: ZIP
--> Cookie Jar v2.2 - ENGiNE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cool Capture v1.25 - CRUDE.rar.zip
[1] Archive type: ZIP
--> Cool Capture v1.25 - CRUDE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/coolmasoft changeip v1.2 serial-GEAR.zip
[1] Archive type: ZIP
--> coolmasoft changeip v1.2 serial-GEAR.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/coolmasoft multisync v2.4.2.0 serial-GEAR.zip
[1] Archive type: ZIP
--> coolmasoft multisync v2.4.2.0 serial-GEAR.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/coolmasoft websharp v1.x serial-GEAR.zip
[1] Archive type: ZIP
--> coolmasoft websharp v1.x serial-GEAR.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/copypod.photo.1.60.serial-rev.zip
[1] Archive type: ZIP
--> copypod.photo.1.60.serial-rev.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Corporate.SMTP.Server.1.6.TeaM.iNFLUENCE-Patch.zip
[1] Archive type: ZIP
--> Corporate.SMTP.Server.1.6.TeaM.iNFLUENCE-Patch.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cosmic.Blobs.Deluxe.v1.3.6360 CRKEXE-FFF.zip
[1] Archive type: ZIP
--> Cosmic.Blobs.Deluxe.v1.3.6360 CRKEXE-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CounterSpy v1.5.82.rar.zip
[1] Archive type: ZIP
--> CounterSpy v1.5.82.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Crack Kaspersky Anti-Virus Personal Pro v5.0.14 (Eng & TW).zip
[1] Archive type: ZIP
--> Crack Kaspersky Anti-Virus Personal Pro v5.0.14 (Eng & TW).exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CrackDown22.zip
[1] Archive type: ZIP
--> CrackDown22.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cracksearcher.zip
[1] Archive type: ZIP
--> cracksearcher.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CREATiVE DiMENSiON 3DSOM PRO v2.0.4.5-iNFERNO.rar.zip
[1] Archive type: ZIP
--> CREATiVE DiMENSiON 3DSOM PRO v2.0.4.5-iNFERNO.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cricket.07.GENERIC KEYGEN-FFF.zip
[1] Archive type: ZIP
--> Cricket.07.GENERIC KEYGEN-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/crksrchr.zip
[1] Archive type: ZIP
--> crksrchr.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/crocodile.chemistry.605.keygen-icu.zip
[1] Archive type: ZIP
--> crocodile.chemistry.605.keygen-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/crocodile.ict.605.keygen-icu.zip
[1] Archive type: ZIP
--> crocodile.ict.605.keygen-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/crocodile.physics.605.keygen-icu.zip
[1] Archive type: ZIP
--> crocodile.physics.605.keygen-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/crocodile.technology.3d.606.keygen-icu.zip
[1] Archive type: ZIP
--> crocodile.technology.3d.606.keygen-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cross-Database.Comparator.Pro.v5.0.27962 CRK-FFF.zip
[1] Archive type: ZIP
--> Cross-Database.Comparator.Pro.v5.0.27962 CRK-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CrossFont.4.1 CRKEXE-FFF.zip
[1] Archive type: ZIP
--> CrossFont.4.1 CRKEXE-FFF.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Crossword v3.3.1.Patch.M!H@N.tPORt.rar.zip
[1] Archive type: ZIP
--> Crossword v3.3.1.Patch.M!H@N.tPORt.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/ctaddress.extractor.1.0.cracked.exe-rev.zip
[1] Archive type: ZIP
--> ctaddress.extractor.1.0.cracked.exe-rev.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cube-iq.3.0.17.2.patch-icu.zip
[1] Archive type: ZIP
--> cube-iq.3.0.17.2.patch-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cucusoft.DVD.to.iPod.Converter.v2.09.Retail.Incl.Keymaker-ZWT.zip
[1] Archive type: ZIP
--> Cucusoft.DVD.to.iPod.Converter.v2.09.Retail.Incl.Keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cucusoft.DVD.to.iPod.Converter.v5.16.Retail.Incl.Keymaker-ZWT.rar.zip
[1] Archive type: ZIP
--> Cucusoft.DVD.to.iPod.Converter.v5.16.Retail.Incl.Keymaker-ZWT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT-254b126b4.zip
[1] Archive type: ZIP
--> Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT-254b126b4.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT.rar.zip
[1] Archive type: ZIP
--> Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT.zip
[1] Archive type: ZIP
--> Cucusoft.iPod.Movie-Video.Converter.v2.0.Retail.Incl.Keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CUEcards.2005.v4.15.WinAll.Incl.Keygenerator-TMG.zip
[1] Archive type: ZIP
--> CUEcards.2005.v4.15.WinAll.Incl.Keygenerator-TMG.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cute.CD.DVD.Burner.v3.0.Cracked-EXPLOSiON.rar.zip
[1] Archive type: ZIP
--> Cute.CD.DVD.Burner.v3.0.Cracked-EXPLOSiON.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/CuteFTP.Pro.v8.0.1.08.17.2006.3.WinALL-CHiCNCREAM.rar.zip
[1] Archive type: ZIP
--> CuteFTP.Pro.v8.0.1.08.17.2006.3.WinALL-CHiCNCREAM.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cvverifier.rar.zip
[1] Archive type: ZIP
--> cvverifier.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/cyberlink.powerdvd.7.xx.patch-icu.zip
[1] Archive type: ZIP
--> cyberlink.powerdvd.7.xx.patch-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Cyberlink.PowerDVD.Deluxe.v7.0.1813.Multilingual.Incl.Keymaker-CORE.zip
[1] Archive type: ZIP
--> Cyberlink.PowerDVD.Deluxe.v7.0.1813.Multilingual.Incl.Keymaker-CORE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DaanCalendar v1.9 Cracked.rar.zip
[1] Archive type: ZIP
--> DaanCalendar v1.9 Cracked.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DaisyWords[1].v1.0.8.WinALL.CRACKED-iNDUCT.rar.zip
[1] Archive type: ZIP
--> DaisyWords[1].v1.0.8.WinALL.CRACKED-iNDUCT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dameware.NT.Utilities.v5.0.1.1.Incl.Keymaker-EMBRACE.rar.zip
[1] Archive type: ZIP
--> Dameware.NT.Utilities.v5.0.1.1.Incl.Keymaker-EMBRACE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dameware.NT.Utilities.v5.0.1.1.Incl.Keymaker-EMBRACE.zip
[1] Archive type: ZIP
--> Dameware.NT.Utilities.v5.0.1.1.Incl.Keymaker-EMBRACE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Danware.NetOp.Remote.Control.v9.00.2006157.Incl.Keymaker-ZWT.zip
[1] Archive type: ZIP
--> Danware.NetOp.Remote.Control.v9.00.2006157.Incl.Keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dark.Basic.Professional.v1.062.Cracked-ARN.zip
[1] Archive type: ZIP
--> Dark.Basic.Professional.v1.062.Cracked-ARN.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DaRO Registry Fixer 2006 2.0 Cracked - iNDUCT.rar.zip
[1] Archive type: ZIP
--> DaRO Registry Fixer 2006 2.0 Cracked - iNDUCT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DaRO Uninstaller 2006 2.0 Cracked - iNDUCT.rar.zip
[1] Archive type: ZIP
--> DaRO Uninstaller 2006 2.0 Cracked - iNDUCT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Data Security Guard v1.2 Cracked - ARN.rar.zip
[1] Archive type: ZIP
--> Data Security Guard v1.2 Cracked - ARN.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/data.guardian.1.0.1.serial-rev.zip
[1] Archive type: ZIP
--> data.guardian.1.0.1.serial-rev.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Database Workbench v2.8.6.0 Cracked - CROSS.rar.zip
[1] Archive type: ZIP
--> Database Workbench v2.8.6.0 Cracked - CROSS.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DataDirect.Stylus.Studio.2006.XML.Enterprise.Edition.v7.3.653c.Incl.Keymaker-ZWT.zip
[1] Archive type: ZIP
--> DataDirect.Stylus.Studio.2006.XML.Enterprise.Edition.v7.3.653c.Incl.Keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DataDirect.Stylus.Studio.2007.XML.Enterprise.Suite.v8.1.735d.Incl.Keymaker-ZWT.rar.zip
[1] Archive type: ZIP
--> DataDirect.Stylus.Studio.2007.XML.Enterprise.Suite.v8.1.735d.Incl.Keymaker-ZWT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dawningsoft.DOC2CHM.v1.2.1110.Incl.Patch.and.Keygen-PKT.rar.zip
[1] Archive type: ZIP
--> Dawningsoft.DOC2CHM.v1.2.1110.Incl.Patch.and.Keygen-PKT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DaySmart.v6.0.1.WinALL.Incl.Keygen-BRD.zip
[1] Archive type: ZIP
--> DaySmart.v6.0.1.WinALL.Incl.Keygen-BRD.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dekart.Private.Disk.v2.17.WinALL.Incl.Keygen-ViRiLiTY.zip
[1] Archive type: ZIP
--> Dekart.Private.Disk.v2.17.WinALL.Incl.Keygen-ViRiLiTY.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DeltaGIS.Project.Edition.v5.6.0.0.Bilingual.Incl.Keymaker-ACME.rar.zip
[1] Archive type: ZIP
--> DeltaGIS.Project.Edition.v5.6.0.0.Bilingual.Incl.Keymaker-ACME.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DeskCalc.Business.Pro.v4.0.18.Multilingual.Incl.Keymaker-ACME.rar.zip
[1] Archive type: ZIP
--> DeskCalc.Business.Pro.v4.0.18.Multilingual.Incl.Keymaker-ACME.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DeskShare.Video.Edit.Magic.v4.1.8-DVT.zip
[1] Archive type: ZIP
--> DeskShare.Video.Edit.Magic.v4.1.8-DVT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DeskShare.Video.Edit.Magic.v4.21-DVT.rar.zip
[1] Archive type: ZIP
--> DeskShare.Video.Edit.Magic.v4.21-DVT.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DeskSoft[1].EarthTime.v1.5.4-HERiTAGE.rar.zip
[1] Archive type: ZIP
--> DeskSoft[1].EarthTime.v1.5.4-HERiTAGE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Desktop.Authority.v7.5.0.366.Incl.Keymaker-EMBRACE.rar.zip
[1] Archive type: ZIP
--> Desktop.Authority.v7.5.0.366.Incl.Keymaker-EMBRACE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/desktop.icon.toy.1.3.keygen-rev.zip
[1] Archive type: ZIP
--> desktop.icon.toy.1.3.keygen-rev.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/desktop.magnifier.3.28.keyfile-rev.zip
[1] Archive type: ZIP
--> desktop.magnifier.3.28.keyfile-rev.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/dev-cods.rar.zip
[1] Archive type: ZIP
--> dev-cods.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dev.Hound.v2.21.Incl.Keymaker-EMBRACE-2a0985d79.rar.zip
[1] Archive type: ZIP
--> Dev.Hound.v2.21.Incl.Keymaker-EMBRACE-2a0985d79.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dev.Hound.v2.21.Incl.Keymaker-EMBRACE.rar.zip
[1] Archive type: ZIP
--> Dev.Hound.v2.21.Incl.Keymaker-EMBRACE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Dev.Hound.v2.21.Incl.Keymaker-EMBRACE.zip
[1] Archive type: ZIP
--> Dev.Hound.v2.21.Incl.Keymaker-EMBRACE.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Developer.Express.CodeRush.for.Visual.Studio.Dot.NET.v2.0.4.Incl.Keymaker-ZWT.zip
[1] Archive type: ZIP
--> Developer.Express.CodeRush.for.Visual.Studio.Dot.NET.v2.0.4.Incl.Keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Developer.Express.Refactor.Pro.for.Visual.Studio.Dot.NET.v2.0.4.Incl.Keymaker-ZWT.zip
[1] Archive type: ZIP
--> Developer.Express.Refactor.Pro.for.Visual.Studio.Dot.NET.v2.0.4.Incl.Keymaker-ZWT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DFX.for.MusicMatch.JukeBox.v8.17.Incl.Keymaker-CORE.rar.zip
[1] Archive type: ZIP
--> DFX.for.MusicMatch.JukeBox.v8.17.Incl.Keymaker-CORE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DFX.for.Winamp.v8.0.Incl.Keymaker-CORE.rar.zip
[1] Archive type: ZIP
--> DFX.for.Winamp.v8.0.Incl.Keymaker-CORE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DFX.for.Windows.Media.Player.v8.17.Incl.Keymaker-CORE.rar.zip
[1] Archive type: ZIP
--> DFX.for.Windows.Media.Player.v8.17.Incl.Keymaker-CORE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DialogBlocks.2006.v3.10.Team.iNFLUENCE - Keygen.rar.zip
[1] Archive type: ZIP
--> DialogBlocks.2006.v3.10.Team.iNFLUENCE - Keygen.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DialogBlocks.v2.04.Incl.Keymaker-AGAiN.zip
[1] Archive type: ZIP
--> DialogBlocks.v2.04.Incl.Keymaker-AGAiN.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DialogBlocks.v3.12.UNICODE.WinALL.Incl.Keygen-ViRiLiTY.rar.zip
[1] Archive type: ZIP
--> DialogBlocks.v3.12.UNICODE.WinALL.Incl.Keygen-ViRiLiTY.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Diffraction.Limited.MaxDSLR.v4.0.6-EDGE.rar.zip
[1] Archive type: ZIP
--> Diffraction.Limited.MaxDSLR.v4.0.6-EDGE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Diffraction.Limited.MaxIm.DL.v4.5.6-EDGE.rar.zip
[1] Archive type: ZIP
--> Diffraction.Limited.MaxIm.DL.v4.5.6-EDGE.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/DiffUnlock.v1.1.Multilingual-DVT.zip
[1] Archive type: ZIP
--> DiffUnlock.v1.1.Multilingual-DVT.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/digibyte.mpeg.joiner.2.0.097.keygen-icu-25068a792.zip
[1] Archive type: ZIP
--> digibyte.mpeg.joiner.2.0.097.keygen-icu-25068a792.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/digibyte.mpeg.joiner.2.0.097.keygen-icu.zip
[1] Archive type: ZIP
--> digibyte.mpeg.joiner.2.0.097.keygen-icu.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digimoto[1].v4.03.Cracked-HERETiC.rar.zip
[1] Archive type: ZIP
--> Digimoto[1].v4.03.Cracked-HERETiC.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital Audio Editor v6.6 Cracked - CzW.rar.zip
[1] Archive type: ZIP
--> Digital Audio Editor v6.6 Cracked - CzW.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital Audio Editor v6.8 Regged.rar.zip
[1] Archive type: ZIP
--> Digital Audio Editor v6.8 Regged.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital MediaRescue Pro v4.0.148 Cracked - HERETiC.rar.zip
[1] Archive type: Z
Contenus similaires
26 Octobre 2007 00:39:26

Le ménage est tellement important, que les rapports ne tiennent ^pas dans un message.

Poste la suite du rapport d'Antivir avec le nouveau Hijackthis.
26 Octobre 2007 08:49:15

désolé j'avais pas vu.
voici la fin du rapport antivir :
--> Digital Audio Editor v6.8 Regged.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital MediaRescue Pro v4.0.148 Cracked - HERETiC.rar.zip
[1] Archive type: ZIP
--> Digital MediaRescue Pro v4.0.148 Cracked - HERETiC.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital ObjectRescue Pro v4.0.150 Cracked - HERETiC.rar.zip
[1] Archive type: ZIP
--> Digital ObjectRescue Pro v4.0.150 Cracked - HERETiC.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital PhotoRescue Pro v4.0.165 Cracked - HERETiC.rar.zip
[1] Archive type: ZIP
--> Digital PhotoRescue Pro v4.0.165 Cracked - HERETiC.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital.Audio.Editor.v6.6.WinALL.Cracked-CzW.zip
[1] Archive type: ZIP
--> Digital.Audio.Editor.v6.6.WinALL.Cracked-CzW.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital.Audio.Editor.v6.7.WinALL.Cracked-CzW.zip
[1] Archive type: ZIP
--> Digital.Audio.Editor.v6.7.WinALL.Cracked-CzW.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/digital.image.to.icon.converter.1.3.cracked-tsrh.zip
[1] Archive type: ZIP
--> digital.image.to.icon.converter.1.3.cracked-tsrh.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital.MediaRescue.Professional.v4.2.Build.154.MULTILINGUAL.Cracked-F4CG.rar.zip
[1] Archive type: ZIP
--> Digital.MediaRescue.Professional.v4.2.Build.154.MULTILINGUAL.Cracked-F4CG.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/Digital.MediaRescue.Professional.v4.3.Build155.Cracked-F4CG.rar.zip
[1] Archive type: ZIP
--> Digital.MediaRescue.Professional.v4.3.Build155.Cracked-F4CG.rar.exe
[DETECTION] Is the Trojan horse TR/PSW.Papras.CC
--> backups/new_drv.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '4784060a.qua'!
Begin scan in 'D:\' <Données>


End of the scan: vendredi 26 octobre 2007 00:24
Used time: 2:05:05 min

The scan has been done completely.

13939 Scanning directories
465300 Files were scanned
207 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
1 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
465093 Files not concerned
3507 Archives were scanned
1 Warnings
24 Notes





Et voici le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:14, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\GuildFTPd\GuildFTPd.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\GrabIt\external\par2\par2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GuildFTPd - FTP server deamon.lnk = C:\Program Files\GuildFTPd\GuildFTPd.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e15bb36e1d11eee5.spaces.live.com/PhotoUpload...
O17 - HKLM\System\CCS\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6663 bytes


voila,
26 Octobre 2007 11:50:56

Bonjour


On continue le ménage.


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
27 Octobre 2007 11:37:54

Bonjour,

voici le rapport de Combofix :

ComboFix 07-10-26.4 - NYCKEES 2007-10-27 11:28:51.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.226 [GMT 2:00]
Running from: D:\Temp\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))))))))
.

2007-10-27 11:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 22:03 <REP> d-------- C:\Program Files\Avira
2007-10-25 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-25 21:47 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-23 08:49 <REP> d-------- C:\Program Files\Trend Micro
2007-10-22 00:09 <REP> d-------- C:\divx
2007-10-21 23:57 <REP> d-------- C:\Program Files\DVD Shrink
2007-10-21 23:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-21 23:23 <REP> d-------- C:\Program Files\AC3Filter
2007-10-21 13:40 <REP> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2007-10-21 13:39 <REP> d-------- C:\WINDOWS\system32\Cache
2007-10-21 13:35 <REP> d-------- C:\WINDOWS\system32\Logfiles
2007-10-21 13:35 <REP> d-------- C:\Inetpub
2007-10-21 13:34 <REP> d-------- C:\Program Files\Developer Express .NET v7.1
2007-10-20 15:17 <REP> d-------- C:\Program Files\MSDN
2007-10-20 15:09 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-10-20 15:08 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2007-10-20 15:08 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2007-10-20 14:55 <REP> d-------- C:\WINDOWS\Symbols
2007-10-20 14:55 <REP> d-------- C:\Program Files\Microsoft.NET
2007-10-20 14:55 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2007-10-20 14:55 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
2007-10-20 14:55 <REP> d-------- C:\Program Files\CE Remote Tools
2007-10-20 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2007-10-20 14:52 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-17 23:40 <REP> d-------- C:\Program Files\WinPcap
2007-10-17 23:40 155,648 --a------ C:\ndasscan.exe
2007-10-17 23:32 <REP> d-------- C:\Program Files\NDAS
2007-10-17 23:32 140,416 --a------ C:\WINDOWS\system32\drivers\lfsfilt.sys
2007-10-10 20:23 <REP> d-------- C:\WINDOWS\AU_Temp
2007-10-10 03:04 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-04 21:46 <REP> d-------- C:\Documents and Settings\NYCKEES\Application Data\dvdcss
2007-09-30 22:51 <REP> d-------- C:\Program Files\QuickPar
2007-09-30 14:19 1,277 --a------ C:\WINDOWS\mozver.dat
2007-09-30 14:17 <REP> d-------- C:\Documents and Settings\NYCKEES\Application Data\GrabIt
2007-09-30 14:15 <REP> d-------- C:\Program Files\GrabIt
2007-09-29 10:30 <REP> d-------- C:\Documents and Settings\NYCKEES\Application Data\Talkback
2007-09-29 10:19 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-27 23:12 <REP> d-------- C:\Program Files\AutoCAD 2008
2007-09-27 23:11 <REP> d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-09-27 23:11 <REP> d-------- C:\Program Files\Autodesk
2007-09-27 22:35 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 09:21 --------- d-----w C:\Program Files\GuildFTPd
2007-10-26 22:00 --------- d-----w C:\Program Files\DynDNS Updater
2007-10-21 21:46 --------- d-----w C:\Program Files\eMule
2007-10-21 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-21 08:47 --------- d-----w C:\Program Files\MSBuild
2007-10-10 18:25 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-10 18:25 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-10 18:25 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-10 18:25 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-09-27 21:18 --------- d-----w C:\Documents and Settings\NYCKEES\Application Data\Autodesk
2007-09-27 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2007-09-24 20:41 --------- d-----w C:\Program Files\MSN Messenger
2007-09-24 17:44 --------- d-----w C:\Program Files\Gena PhotoStamper
2007-09-23 08:55 --------- d-----w C:\Program Files\bea photo station 2007
2007-09-23 08:24 --------- d-----w C:\Program Files\Inno Setup 5
2007-09-23 07:40 --------- d-----w C:\Program Files\Common Files
2007-09-23 07:30 --------- d-----w C:\Program Files\Publication Web
2007-09-20 21:35 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-09-20 21:35 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-09-20 21:35 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-09-18 20:40 --------- d-----w C:\Documents and Settings\NYCKEES\Application Data\Kana Solution
2007-09-17 21:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-17 20:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-17 20:34 --------- d-----w C:\Documents and Settings\NYCKEES\Application Data\vlc
2007-09-16 22:31 --------- d-----w C:\Documents and Settings\NYCKEES\Application Data\DivX
2007-09-16 22:02 --------- d-----w C:\Program Files\Stardock
2007-09-16 22:02 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2007-09-16 21:34 --------- d-----w C:\Program Files\DivX
2007-09-16 20:36 --------- d-----w C:\Program Files\CONEXANT
2007-09-16 20:24 --------- d-----w C:\Program Files\ATI Technologies
2007-09-16 18:24 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-15 20:11 --------- d-----w C:\Documents and Settings\NYCKEES\Application Data\Logitech
2007-09-15 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-09-15 20:07 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-09-15 19:17 --------- d-----w C:\Program Files\@Last Software
2007-09-15 19:14 --------- d-----w C:\Documents and Settings\NYCKEES\Application Data\DVD Profiler
2007-09-15 19:09 --------- d-----w C:\Program Files\DVD Profiler
2007-09-15 19:06 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-09-15 19:05 --------- d-----w C:\Program Files\Logitech
2007-09-15 19:00 --------- d-----w C:\Program Files\VideoLAN
2007-09-15 18:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-09-15 18:30 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-09-15 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-09-15 18:25 --------- d-----w C:\Documents and Settings\NYCKEES\Application Data\Ahead
2007-09-15 14:42 --------- d-----w C:\Program Files\D-Link
2007-09-15 10:03 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-15 10:02 --------- d-----w C:\Program Files\Nero
2007-09-15 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-15 08:17 --------- d-----w C:\Program Files\Microsoft Works
2007-09-14 09:06 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-09-14 09:06 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-09-14 08:18 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-14 08:17 --------- d-----w C:\Program Files\Services en ligne
2007-09-14 08:15 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-01 11:53 C:\WINDOWS\system32\Ati2mdxx.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-25 22:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 10:32]

C:\Documents and Settings\NYCKEES\Menu Démarrer\Programmes\Démarrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
GuildFTPd - FTP server deamon.lnk - C:\Program Files\GuildFTPd\GuildFTPd.exe [2007-09-18 23:07:59]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-09-17 00:02:15]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-15 21:06:35]
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe [2006-06-15 00:07:50]

R0 lfsfilt;Lean File Sharing;C:\WINDOWS\system32\DRIVERS\lfsfilt.sys
R0 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 ndasbus;NDAS Bus Driver;C:\WINDOWS\system32\DRIVERS\ndasbus.sys
S3 ndasscsi;NDAS SCSI Miniport Driver;C:\WINDOWS\system32\DRIVERS\ndasscsi.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92bd03e0-7e2a-11dc-9688-00195bcbcbb1}]
AutoRun\command - F:\puenoxpu.exe
explore\Command - F:\puenoxpu.exe
open\Command - F:\puenoxpu.exe

.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 11:31:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-27 11:32:35
C:\ComboFix2.txt ... 2007-10-27 11:16
C:\ComboFix3.txt ... 2007-10-27 11:09
.
--- E O F ---


et voici HijackThis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:32, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GuildFTPd - FTP server deamon.lnk = C:\Program Files\GuildFTPd\GuildFTPd.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e15bb36e1d11eee5.spaces.live.com/PhotoUpload...
O17 - HKLM\System\CCS\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6220 bytes


Voila ....
27 Octobre 2007 19:04:14

Pas de nouvelles pour moi ?

many
27 Octobre 2007 23:28:23

Bonjour


Un peu de patience, j'étais au travail.


Il y a un fichiers douteux.
Va sur ce site
http://www.virustotal.com/
Clique sur Parcourir et cherche ce fichier.

F:\puenoxpu.exe

Ensuite clique sur Send .
Si tu as le message "STATUS: QUEUED", patiente.

Colle le rapport ici.
28 Octobre 2007 00:31:18

Je ne trouve pas cet exe. J'ai même lancé une recherche windows dans tous les disques, mais rien .... pas de trace de "puenoxpu.exe"

28 Octobre 2007 01:05:24

Re


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

F:\puenoxpu.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
28 Octobre 2007 10:45:30

Voici le résultat de OTMoveIt :

File/Folder F:\puenoxpu.exe not found.

Created on 10/28/2007 10:42:07

voici au passage un petit rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:14, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GuildFTPd - FTP server deamon.lnk = C:\Program Files\GuildFTPd\GuildFTPd.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-e15bb36e1d11eee5.spaces.live.com/PhotoUpload...
O17 - HKLM\System\CCS\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{57467CCD-36F5-48D5-A805-7A35CA4F3DC2}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6277 bytes


Ca semble mieux .....non ?
28 Octobre 2007 22:20:27

apres presque 6 heures 30 d'analyse, voici le rapport de kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, October 28, 2007 10:17:42 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 28/10/2007
Enregistrements dans la base antivirus Kaspersky : 419874
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
P:\

Statistiques de l'analyse:
Total d'objets analysés: 127724
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 06:26:34

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Application Data\Ahead\Nero Home\bl.db L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Application Data\Ahead\Nero Home\is2.db L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Historique\History.IE5\MSHist012007102820071029\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NYCKEES\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\GuildFTPd\syslog.txt L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG L'objet est verrouillé ignoré
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_26.trc L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{3B610608-E824-4328-9C7B-C97E64EBB4E6}\RP72\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_314.dat L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
P:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

Analyse terminée.


28 Octobre 2007 22:43:02

C'est long, mais c'et bon.

Plus de signe d'infection dans ce rapport.


As tu encore des dysfonctionnements ?
28 Octobre 2007 22:52:18

Non... tout va bien !
Y a t il un post à lire pour me conseiller sur la maniere de proteger mon pc, ou sur les vérifications à faire ???
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS