vcclient exe et vcmain exe au demarage xp-probleme?

alexishk

20 Janvier 2006 15:32:56

bonjour, au demarage de windows deux fenetre s'ouvre consecutivement vcclient exe et vc main exe les applicatrion ne s'ouvre pas que dois je faire?
voici le rapport hijack et merci d'avance.

Logfile of HijackThis v1.99.1
Scan saved at 15:32:25, on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\winsysban.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Documents and Settings\Darty\Mes documents\sebolavi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator 7 Pro\CheckNewUser.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ppiqwp.exe reg_run
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\hr0805due.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
:-)

Autres pages sur : vcclient exe vcmain exe demarage probleme

| Etre averti des réponses
| Alerter

Répondre à alexishk

TheKing_Aragorn

20 Janvier 2006 15:55:27

En premier fait un scan online avec KasperSky et envoie nous le rapport. Fait un scan avec Ewido et envoie nous son rapport. Fait seulement un scan avec HIJackThis et coche les lignes suivantes pour ensuite cliquersur le bouton fix checked.

-----------------------------------------------------
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\winsysban.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ppiqwp.exe reg_run
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.edipole.fr/kits/WebInstall.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\hr0805due.dll
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
----------------------------------------------------------

Pendant que tu fait ton analyse KasperSky online, fait un scan avec SmitFraudFix avec l'option 1 puis après le scan utilise l'option 2 puis envoie nous son rapport de l'option 2. ;-) :bounce:

bonne chance

| Alerter

Répondre à TheKing_Aragorn

alexishk

22 Janvier 2006 17:30:44

Merci bcp du coup de main the king, voici le rapport de scan kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 22, 2006 18:22:05
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 22/01/2006
Kaspersky Anti-Virus database records: 161944
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 93068
Number of viruses found: 27
Number of infected objects: 255
Number of suspicious objects: 1
Duration of the scan process: 5552 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Darty\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\Documents and Settings\Darty\Local Settings\Temp\AGEU_SudokuInstaller.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Darty\Local Settings\Temp\AGEU_SudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Darty\Local Settings\Temp\Temporary Internet Files\Content.IE5\7ZC411M4\winsysupd[1].exe Infected: Trojan.Win32.StartPage.ahg
C:\Documents and Settings\Darty\Local Settings\Temp\Temporary Internet Files\Content.IE5\LM7P2WC4\winsysban[1].exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\2LFS1OF6\index_1_f_4[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\7ZLDW3M5\fillmemadv470[2].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\7ZLDW3M5\fillmemadv470[3].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\9CGFXTGX\index_1_f_5[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\C52B89QR\ysb_prompt[1].htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\I1K3V5XY\index_1_f_3[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\OVJBU4HT\index_2_f[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\SPCTUJ8D\index_1_f_2[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\SPCTUJ8D\send_car_int[1].htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\U8M9N50G\enewsletterpro[1].exe Infected: Trojan.Win32.StartPage.aha
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\W6JB0GKX\fillmemadv470[1].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\YVQ3UHQB\banmanpro[1].exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\YVQ3UHQB\index_1_f[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\drsmartloadb.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\install.exe/data0010 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\install.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\Program Files\Fichiers communs\iifi\iifil.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\Program Files\Fichiers communs\iifi\iifip.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\02FE3918.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\06A5255E.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\06A84F5A.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\0EC962EC.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\14D21E25.php/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\14D21E25.php Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\2EC970CB.dll Infected: Trojan-Downloader.Win32.Small.abe
C:\Program Files\Norton AntiVirus\Quarantine\2FF9317D.htm Suspicious: Exploit.HTML.CodeBaseExec
C:\Program Files\Norton AntiVirus\Quarantine\34F65200.exe/data0001 Infected: Trojan.Win32.Sisn
C:\Program Files\Norton AntiVirus\Quarantine\34F65200.exe Infected: Trojan.Win32.Sisn
C:\Program Files\Norton AntiVirus\Quarantine\3C4F49EA.dll Infected: Trojan-Downloader.Win32.Small.abe
C:\Program Files\Norton AntiVirus\Quarantine\445E38AE.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\48DC2C1A.js Infected: Trojan-Downloader.JS.IstBar.ad
C:\Program Files\Norton AntiVirus\Quarantine\48E05616.fr8 Infected: Trojan-Clicker.Win32.Delf.r
C:\Program Files\Norton AntiVirus\Quarantine\4CA57DD7.tmp/photo.jpg .scr Infected: Email-Worm.Win32.Mabutu.a
C:\Program Files\Norton AntiVirus\Quarantine\4CA57DD7.tmp Infected: Email-Worm.Win32.Mabutu.a
C:\Program Files\Norton AntiVirus\Quarantine\4DC26C6F.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6785779E.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\6788219B.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\6788219B.wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Program Files\Norton AntiVirus\Quarantine\678C4B97.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6B131AC4.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\73870EC8.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7EB04E20.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7EB04E20.wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Program Files\Norton AntiVirus\Quarantine\7EB3781D.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\stub_113_4_0_4_0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP214\A0081899.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP214\A0081902.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP214\A0081903.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP215\A0082052.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP215\A0082053.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP215\A0082054.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0082090.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0082091.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0082092.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0083089.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0083090.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0083091.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083128.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083129.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083132.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083210.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083212.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083214.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083362.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083364.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083366.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083387.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083390.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083391.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083444.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083445.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083446.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083481.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083482.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083483.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083501.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083502.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083503.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083528.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083529.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083530.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083693.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083694.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083697.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083712.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083713.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083714.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083744.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083746.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083748.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083764.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083765.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083767.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083785.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083786.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083788.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083810.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083811.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083812.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083832.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083834.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083836.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0083878.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0083885.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0083887.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084453.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084455.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084458.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084513.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084514.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084515.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084603.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084612.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084613.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084614.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP234\A0084853.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP234\A0084854.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP234\A0084857.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085114.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085115.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085116.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085132.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085133.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085134.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085146.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085147.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085149.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085165.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085166.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085167.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085179.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085182.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085183.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086075.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086076.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086077.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086160.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086161.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086162.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP239\A0086192.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP239\A0086193.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP239\A0086194.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0086945.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0086947.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0086948.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0087144.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0087145.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0087147.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087333.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087335.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087336.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087420.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087421.exe Infected: Trojan.Win32.StartPage.aha
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087510.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087512.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087514.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087572.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087573.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087575.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087633.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087634.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087635.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087653.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087654.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087655.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP244\A0087775.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP244\A0087776.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP244\A0087777.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP254\A0088716.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP254\A0088717.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP254\A0088718.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP256\A0088739.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP256\A0088740.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP256\A0088741.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP257\A0088817.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP257\A0088818.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP257\A0088820.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP258\A0088834.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP258\A0088835.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP258\A0088836.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089113.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089115.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089116.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089128.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089129.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089130.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP265\A0089575.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089719.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089720.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089721.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089734.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089735.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089736.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089750.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089751.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089753.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089786.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089787.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089788.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089800.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089801.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089802.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089813.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089814.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089815.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089833.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089834.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089835.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089853.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089854.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089855.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089870.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089871.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089872.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089882.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089883.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089884.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089894.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089895.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089896.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089907.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089908.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089909.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089922.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089923.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089924.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089939.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089940.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089941.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089953.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089954.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089955.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP275\A0089990.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP275\A0089993.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP275\A0089995.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP276\A0090051.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP276\A0090052.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP276\A0090053.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\WINDOWS\banmanpro.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\enewsletterpro.exe Infected: Trojan.Win32.StartPage.aha
C:\WINDOWS\system32\iioseis.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\WINDOWS\system32\jjsvfjv.exe Infected: Trojan.Win32.Pakes
C:\WINDOWS\system32\kkeqf.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\WINDOWS\system32\ppiqwp.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\vgactl.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\wuauclt.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\wwagp.dat Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\winsysban.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\winsysupd.exe Infected: Trojan.Win32.StartPage.ahg

Scan process completed.

Que dois je faire ensuite stp? merci
;-)

| Alerter

Répondre à alexishk

alexishk

22 Janvier 2006 17:31:04

Merci bcp du coup de main the king, voici le rapport de scan kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 22, 2006 18:22:05
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 22/01/2006
Kaspersky Anti-Virus database records: 161944
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 93068
Number of viruses found: 27
Number of infected objects: 255
Number of suspicious objects: 1
Duration of the scan process: 5552 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Darty\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\Documents and Settings\Darty\Local Settings\Temp\AGEU_SudokuInstaller.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Darty\Local Settings\Temp\AGEU_SudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Darty\Local Settings\Temp\Temporary Internet Files\Content.IE5\7ZC411M4\winsysupd[1].exe Infected: Trojan.Win32.StartPage.ahg
C:\Documents and Settings\Darty\Local Settings\Temp\Temporary Internet Files\Content.IE5\LM7P2WC4\winsysban[1].exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\2LFS1OF6\index_1_f_4[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\7ZLDW3M5\fillmemadv470[2].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\7ZLDW3M5\fillmemadv470[3].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\9CGFXTGX\index_1_f_5[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\C52B89QR\ysb_prompt[1].htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\I1K3V5XY\index_1_f_3[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\OVJBU4HT\index_2_f[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\SPCTUJ8D\index_1_f_2[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\SPCTUJ8D\send_car_int[1].htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\U8M9N50G\enewsletterpro[1].exe Infected: Trojan.Win32.StartPage.aha
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\W6JB0GKX\fillmemadv470[1].htm Infected: Exploit.JS.CVE-2005-1790.j
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\YVQ3UHQB\banmanpro[1].exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\Darty\Local Settings\Temporary Internet Files\Content.IE5\YVQ3UHQB\index_1_f[1].htm Infected: Trojan-Downloader.JS.IstBar.u
C:\drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\drsmartloadb.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\install.exe/data0010 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\install.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\Program Files\Fichiers communs\iifi\iifil.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\Program Files\Fichiers communs\iifi\iifip.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\Norton AntiVirus\Quarantine\02FE3918.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\06A5255E.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\06A84F5A.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\0EC962EC.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\14D21E25.php/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\14D21E25.php Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Norton AntiVirus\Quarantine\2EC970CB.dll Infected: Trojan-Downloader.Win32.Small.abe
C:\Program Files\Norton AntiVirus\Quarantine\2FF9317D.htm Suspicious: Exploit.HTML.CodeBaseExec
C:\Program Files\Norton AntiVirus\Quarantine\34F65200.exe/data0001 Infected: Trojan.Win32.Sisn
C:\Program Files\Norton AntiVirus\Quarantine\34F65200.exe Infected: Trojan.Win32.Sisn
C:\Program Files\Norton AntiVirus\Quarantine\3C4F49EA.dll Infected: Trojan-Downloader.Win32.Small.abe
C:\Program Files\Norton AntiVirus\Quarantine\445E38AE.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\48DC2C1A.js Infected: Trojan-Downloader.JS.IstBar.ad
C:\Program Files\Norton AntiVirus\Quarantine\48E05616.fr8 Infected: Trojan-Clicker.Win32.Delf.r
C:\Program Files\Norton AntiVirus\Quarantine\4CA57DD7.tmp/photo.jpg .scr Infected: Email-Worm.Win32.Mabutu.a
C:\Program Files\Norton AntiVirus\Quarantine\4CA57DD7.tmp Infected: Email-Worm.Win32.Mabutu.a
C:\Program Files\Norton AntiVirus\Quarantine\4DC26C6F.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6785779E.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\6788219B.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\6788219B.wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Program Files\Norton AntiVirus\Quarantine\678C4B97.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6B131AC4.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\73870EC8.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7EB04E20.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\7EB04E20.wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Program Files\Norton AntiVirus\Quarantine\7EB3781D.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\stub_113_4_0_4_0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP214\A0081899.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP214\A0081902.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP214\A0081903.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP215\A0082052.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP215\A0082053.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP215\A0082054.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0082090.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0082091.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0082092.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0083089.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0083090.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP217\A0083091.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083128.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083129.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083132.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083210.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083212.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083214.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083362.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083364.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083366.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083387.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083390.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083391.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083444.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083445.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP220\A0083446.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083481.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083482.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083483.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083501.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083502.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP221\A0083503.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083528.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083529.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083530.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083693.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083694.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083697.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083712.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083713.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083714.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083744.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083746.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083748.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083764.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083765.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083767.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083785.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083786.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083788.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083810.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083811.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083812.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083832.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083834.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP223\A0083836.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0083878.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0083885.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0083887.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084453.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084455.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084458.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084513.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084514.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP224\A0084515.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084603.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084612.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084613.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP230\A0084614.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP234\A0084853.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP234\A0084854.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP234\A0084857.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085114.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085115.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085116.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085132.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085133.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085134.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085146.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085147.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085149.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085165.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085166.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085167.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085179.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085182.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0085183.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086075.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086076.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086077.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086160.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086161.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP238\A0086162.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP239\A0086192.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP239\A0086193.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP239\A0086194.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0086945.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0086947.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0086948.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0087144.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0087145.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP240\A0087147.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087333.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087335.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087336.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087420.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087421.exe Infected: Trojan.Win32.StartPage.aha
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087510.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087512.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087514.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087572.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087573.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087575.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087633.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087634.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087635.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087653.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087654.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP242\A0087655.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP244\A0087775.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP244\A0087776.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP244\A0087777.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP254\A0088716.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP254\A0088717.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP254\A0088718.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP256\A0088739.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP256\A0088740.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP256\A0088741.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP257\A0088817.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP257\A0088818.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP257\A0088820.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP258\A0088834.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP258\A0088835.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP258\A0088836.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089113.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089115.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089116.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089128.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089129.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP259\A0089130.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP265\A0089575.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089719.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089720.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089721.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089734.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089735.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089736.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089750.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089751.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP268\A0089753.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089786.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089787.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089788.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089800.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089801.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089802.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089813.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089814.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089815.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089833.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089834.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP273\A0089835.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089853.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089854.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089855.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089870.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089871.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089872.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089882.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089883.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089884.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089894.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089895.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089896.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089907.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089908.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089909.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089922.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089923.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089924.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089939.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089940.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089941.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089953.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089954.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP274\A0089955.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP275\A0089990.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP275\A0089993.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP275\A0089995.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP276\A0090051.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP276\A0090052.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{02522B84-2A50-4FCF-8244-16EBB5E8F7B2}\RP276\A0090053.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\WINDOWS\banmanpro.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\enewsletterpro.exe Infected: Trojan.Win32.StartPage.aha
C:\WINDOWS\system32\iioseis.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\WINDOWS\system32\jjsvfjv.exe Infected: Trojan.Win32.Pakes
C:\WINDOWS\system32\kkeqf.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\WINDOWS\system32\ppiqwp.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\vgactl.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\wuauclt.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\wwagp.dat Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\winsysban.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\winsysupd.exe Infected: Trojan.Win32.StartPage.ahg

Scan process completed.

Que dois je faire ensuite stp? merci
;-)

| Alerter

Répondre à alexishk

OmaR

22 Janvier 2006 22:51:39

Salut,

1) Vide ce dossier de tout son contenu :
C:\Documents and Settings\Darty\Local Settings\Temp\

2) Dans IE, fais ceci :
- outils / options internet
- "supprimer les fichiers", puis coche la case et valide autant de fois qu'il faut pour revenir sous IE

3) Supprime ces fichiers :
C:\drsmartload1.exe
C:\install.exe
C:\install.exe
C:\MTE3NDI6ODoxNg.exe
C:\stub_113_4_0_4_0.exe
C:\WINDOWS\banmanpro.exe
C:\WINDOWS\enewsletterpro.exe
C:\WINDOWS\system32\iioseis.dll
C:\WINDOWS\system32\jjsvfjv.exe
C:\WINDOWS\system32\kkeqf.dll
C:\WINDOWS\system32\ppiqwp.exe
C:\WINDOWS\system32\vgactl.cpl
C:\WINDOWS\system32\wuauclt.dll
C:\WINDOWS\system32\wwagp.dat
C:\WINDOWS\winsysban.exe
C:\WINDOWS\winsysupd.exe

4) Supprime ce dossier :
C:\Program Files\Fichiers communs\iifi\

5) Vide la quarantaine dans Norton

6) Désactive la restauration système, puis réactive la :
http://www.infos-du-net.com/modules/nsections/astuce-7....

As tu encore des soucis ? :-)

| Alerter

Répondre à OmaR

alexishk

23 Janvier 2006 10:01:09

merci de ton intervention omar sharif, mais ca ne colle pas. dés le debut je ne trouve pas le dossier que tu me demande d'effacer : 1) Vide ce dossier de tout son contenu :
C:\Documents and Settings\Darty\Local Settings\Temp\
tout va bien jusqu'a darty mais ensuite, pas de fichier local settings et donc pas de fichier temp, merci si tu veux suivre :-)

| Alerter

Répondre à alexishk

bob_

23 Janvier 2006 10:10:45

Salut,

Tu as une infection de type LookToMe
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\hr0805due.dll

1/Télécharge L2Mfix
http://www.atribune.org/downloads/l2mfix.exe ou
http://www.downloads.subratam.org/l2mfix.exe

Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install

2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.

3/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat

4/ Reposte un Log HijackThis.

| Alerter

Répondre à bob_

alexishk

23 Janvier 2006 14:10:07

merci de ton aide BOB, j'ai fait comme tu me la dit; voici le 1er rapport lmfix :
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en08l1du1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{53120FFA-1F72-E283-FE9A-DB021612E304}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{3B087219-B0D8-4326-BD51-77215839257D}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B087219-B0D8-4326-BD51-77215839257D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B087219-B0D8-4326-BD51-77215839257D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B087219-B0D8-4326-BD51-77215839257D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B087219-B0D8-4326-BD51-77215839257D}\InprocServer32]
@="C:\\WINDOWS\\system32\\lMngwrbk.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
dhnaddr.dll Wed 18 Jan 2006 16:53:58 ..S.R 234 184 228,70 K
dhsrslvr.dll Wed 18 Jan 2006 1:25:14 ..S.R 237 334 231,77 K
en08l1~1.dll Mon 23 Jan 2006 13:54:14 ..S.R 234 219 228,73 K
gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K
hnetwizd.dll Wed 11 Jan 2006 17:13:08 A.... 14 901 14,55 K
ii41_qcx.dll Wed 18 Jan 2006 15:08:56 ..S.R 236 598 231,05 K
iioseis.dll Mon 23 Jan 2006 14:34:20 A.... 67 072 65,50 K
kbdukx32.dll Sun 22 Jan 2006 18:02:24 A.... 23 802 23,24 K
kkeqf.dll Mon 23 Jan 2006 14:34:20 A.... 24 064 23,50 K
lmdis11n.dll Mon 23 Jan 2006 14:07:04 ..S.R 234 488 228,99 K
lmngwrbk.dll Mon 23 Jan 2006 14:34:12 ..S.R 234 219 228,73 K
monsspc.dll Thu 19 Jan 2006 16:02:24 ..S.R 237 042 231,48 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
ngdsapi.dll Wed 18 Jan 2006 9:36:34 ..S.R 235 793 230,27 K
ntmsdbad.dll Sat 14 Jan 2006 16:01:18 A.... 20 566 20,08 K
o6rolg~1.dll Mon 23 Jan 2006 14:34:10 ..S.R 235 615 230,09 K
qiap.dll Wed 18 Jan 2006 15:49:22 ..S.R 237 042 231,48 K
s32evnt1.dll Thu 1 Dec 2005 12:14:20 A.... 86 091 84,07 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
twembed.dll Fri 20 Jan 2006 15:13:18 ..S.R 233 450 227,98 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
w32n50.dll Sun 8 Jan 2006 21:15:48 A.... 81 920 80,00 K
wuauclt.dll Sat 24 Dec 2005 17:57:08 A.... 54 784 53,50 K

25 items found: 25 files (11 H/S), 0 directories.
Total of file sizes: 10 435 824 bytes 9,95 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle VAIO
Le num‚ro de s‚rie du volume est C8D0-FEC5

R‚pertoire de C:\WINDOWS\System32

23/01/2006 14:34 234ÿ219 lMngwrbk.dll
23/01/2006 14:34 235ÿ615 o6rolg9316.dll
23/01/2006 14:07 234ÿ488 LMDIS11n.dll
23/01/2006 13:54 234ÿ219 en08l1du1.dll
20/01/2006 15:13 233ÿ450 tWembed.dll
19/01/2006 16:02 237ÿ042 monsspc.dll
18/01/2006 16:53 234ÿ184 dhnaddr.dll
18/01/2006 15:49 237ÿ042 qiap.dll
18/01/2006 15:08 236ÿ598 ii41_qcx.dll
18/01/2006 09:36 235ÿ793 ngdsapi.dll
18/01/2006 01:25 237ÿ334 dhsrslvr.dll
11/01/2006 16:48 <REP> dllcache
20/07/2004 17:29 32 {378C3079-4EAA-4DB2-9A55-39E445580D7A}.dat
20/07/2004 17:29 32 {2169EB12-2E1C-48BF-B130-C8AA43B3B310}.dat
20/07/2004 17:28 32 {40CBF5ED-F5C5-4415-8087-5D0DDFE04B2D}.dat
20/07/2004 17:26 32 {4BD785BB-1A10-40A1-AADB-9DAF869479C1}.dat
20/07/2004 17:26 32 {73E1CC33-C5C4-4EBC-809A-AF4348364E28}.dat
20/07/2004 17:26 32 {4407EDB9-E51A-4515-B5B5-9CBD18B1BDE5}.dat
10/04/2004 19:38 5ÿ120 Thumbs.db
05/08/2003 12:18 <REP> Microsoft
18 fichier(s) 2ÿ595ÿ296 octets
2 R‚p(s) 13ÿ550ÿ051ÿ328 octets libres
:-o ;-)

et voici le rapport hijack fait juste apres le redemarrage du pc :

Logfile of HijackThis v1.99.1
Scan saved at 14:57:06, on 23/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\winsysban.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Darty\Mes documents\sebolavi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator 7 Pro\CheckNewUser.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ppiqwp.exe reg_run
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en08l1du1.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

:-) :-o :-?je comprend rien, merci de ton aide!

| Alerter

Répondre à alexishk

bob_

23 Janvier 2006 14:43:11

Salut,

As-tu fixé fait se qu' Omar ta dit ?
Si non fait se qu'il ta dit :-D

| Alerter

Répondre à bob_

alexishk

26 Janvier 2006 14:21:31

Merci a tout les deux, j'ai bien en parti ce qu'omar m'a dit , mais il y a certaine chose que je n'ai pas trouver comme
C:\WINDOWS\system32\iioseis.dll
C:\WINDOWS\system32\jjsvfjv.exe
C:\WINDOWS\system32\kkeqf.dll

mais les fenetre vcclient et vcmain ne me laisse pas tranquille , ne m'abandonner pas svt, puis-je vous adresser un new hijack report, or autre choses, merci de vos conseils a resoudre mon probleme. :-)

| Alerter

Répondre à alexishk

alexishk

31 Janvier 2006 14:47:07

bonjour, j'ai tjrs le probleme des deux fenetre je me permet de vous adresser un nouveau hijack rapport en esperant de l'aide, merci a vous deux.
Logfile of HijackThis v1.99.1
Scan saved at 15:44:55, on 31/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\RGFydHk\command.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\windows\winsysban4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Darty\Mes documents\sebolavi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O3 - Toolbar: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CheckMedi8or] C:\Program Files\Mediator 7 Pro\CheckNewUser.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ppiqwp.exe reg_run
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd4.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: Interface Chat Wanadoo - http://chat7.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unico...
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload...
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\en08l1du1.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFydHk\command.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe

;-)

| Alerter

Répondre à alexishk

Tom's guide dans le monde