Pc infecté et n'arrive en aucun cas a les supprimer
Dernière réponse : dans Sécurité
Bonsoir tout le monde! ![:)]( ":)")
[Resolu]
Alors j'ai besoin de votre aide s'il vous plait![:??:]( ":??:")
Depuis moins d'une semaine, mon pc est infecté avec :
- Smitfraud-C.Toolbar888
- MediaPlex
- Tradedoubler
- WinSoftware
- YazzleSudoku
- DoubleClick
- Avenue A, INC.
Je fais plusieurs scan avec divers logiciel comme :
- Spybot - Search & Destroy
- Ad-Aware
- A Squared Free
- Ewido
... mais je n'arrive pas a les supprimer!!!![:(]( ":(")
Mon anti-virus est Avast
Et j'ai aussi un probleme avec le mode sans echec. Mon bureau ne s'affiche plus!
Voila, j'espere avoir votre aide. Je vous en remerci d'avance![:jap:]( ":jap:")
[Resolu]Alors j'ai besoin de votre aide s'il vous plait
Depuis moins d'une semaine, mon pc est infecté avec :
- Smitfraud-C.Toolbar888
- MediaPlex
- Tradedoubler
- WinSoftware
- YazzleSudoku
- DoubleClick
- Avenue A, INC.
Je fais plusieurs scan avec divers logiciel comme :
- Spybot - Search & Destroy
- Ad-Aware
- A Squared Free
- Ewido
... mais je n'arrive pas a les supprimer!!!
Mon anti-virus est Avast
Et j'ai aussi un probleme avec le mode sans echec. Mon bureau ne s'affiche plus!
Voila, j'espere avoir votre aide. Je vous en remerci d'avance
Autres pages sur : infecte arrive cas supprimer
Lassé par la pub ? Créez un compte
Bonjour,
Fais bien TOUT ce qui suit.
- Télécharge Hijackthis de Merjin.
- Mets le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Fais bien TOUT ce qui suit.
- Télécharge Hijackthis de Merjin.
- Mets le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Merci d'avoir lu mon sujet et d'avoir repondu ![;)]( ";)")
Alors voila le rapport
Logfile of HijackThis v1.99.1
Scan saved at 19:14:28, on 16/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau\Scanner.exe.exe
O2 - BHO: (no name) - {01C330A3-0A6B-160D-5619-0359B7822D64} - C:\WINDOWS\System32\idbkegl.dll
O2 - BHO: (no name) - {230FA72A-1338-7219-F5BC-0041D7C0F208} - C:\WINDOWS\System32\vzswffi.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3A3F6C4A-FE7E-3A84-94B5-027799590EFB} - C:\WINDOWS\System32\htzcdfi.dll
O2 - BHO: (no name) - {44CBDE30-834A-2C4A-479D-062C0C7A3625} - C:\WINDOWS\System32\pzmgivl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {74A7F5F8-9887-437E-B080-87650350F472} - C:\WINDOWS\System32\sstsr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\System32\khfecya.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [zsklfak.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\zsklfak.dll,osilowc
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O20 - Winlogon Notify: khfecya - C:\WINDOWS\SYSTEM32\khfecya.dll
O20 - Winlogon Notify: sstsr - C:\WINDOWS\System32\sstsr.dll
O20 - Winlogon Notify: winldh32 - winldh32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Alors voila le rapport
Logfile of HijackThis v1.99.1
Scan saved at 19:14:28, on 16/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\MessengerDiscovery\msgdiscoveryx.exe
C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau\Scanner.exe.exe
O2 - BHO: (no name) - {01C330A3-0A6B-160D-5619-0359B7822D64} - C:\WINDOWS\System32\idbkegl.dll
O2 - BHO: (no name) - {230FA72A-1338-7219-F5BC-0041D7C0F208} - C:\WINDOWS\System32\vzswffi.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3A3F6C4A-FE7E-3A84-94B5-027799590EFB} - C:\WINDOWS\System32\htzcdfi.dll
O2 - BHO: (no name) - {44CBDE30-834A-2C4A-479D-062C0C7A3625} - C:\WINDOWS\System32\pzmgivl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {74A7F5F8-9887-437E-B080-87650350F472} - C:\WINDOWS\System32\sstsr.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\System32\khfecya.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [zsklfak.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\zsklfak.dll,osilowc
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O20 - Winlogon Notify: khfecya - C:\WINDOWS\SYSTEM32\khfecya.dll
O20 - Winlogon Notify: sstsr - C:\WINDOWS\System32\sstsr.dll
O20 - Winlogon Notify: winldh32 - winldh32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Re,
Infection de type Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Infection de type Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Alors, voici le rapport VundoFix:
VundoFix V6.2.8
Checking Java version...
Java version is 1.5.0.3
Scan started at 19:27:48 16/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\tlsbkkm.dll
C:\WINDOWS\system32\vsidybf.dll
C:\WINDOWS\system32\vzswffi.dll
C:\WINDOWS\system32\zsklfak.dll
C:\WINDOWS\System32\sstsr.dll
C:\WINDOWS\System32\rstss.ini
C:\WINDOWS\System32\rstss.bak1
C:\WINDOWS\System32\rstss.bak2
C:\WINDOWS\System32\rstss.ini2
C:\WINDOWS\System32\rstss.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tlsbkkm.dll
C:\WINDOWS\system32\tlsbkkm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vsidybf.dll
C:\WINDOWS\system32\vsidybf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vzswffi.dll
C:\WINDOWS\system32\vzswffi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\zsklfak.dll
C:\WINDOWS\system32\zsklfak.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\sstsr.dll
C:\WINDOWS\System32\sstsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.ini
C:\WINDOWS\System32\rstss.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.bak1
C:\WINDOWS\System32\rstss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.bak2
C:\WINDOWS\System32\rstss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.ini2
C:\WINDOWS\System32\rstss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.tmp
C:\WINDOWS\System32\rstss.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Et le nouveau rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 19:38:29, on 16/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau\Scanner.exe.exe
O2 - BHO: (no name) - {01C330A3-0A6B-160D-5619-0359B7822D64} - C:\WINDOWS\System32\idbkegl.dll
O2 - BHO: (no name) - {230FA72A-1338-7219-F5BC-0041D7C0F208} - C:\WINDOWS\System32\vzswffi.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3A3F6C4A-FE7E-3A84-94B5-027799590EFB} - C:\WINDOWS\System32\htzcdfi.dll
O2 - BHO: (no name) - {44CBDE30-834A-2C4A-479D-062C0C7A3625} - C:\WINDOWS\System32\pzmgivl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\System32\khfecya.dll
O2 - BHO: (no name) - {DC8AC20B-F3F4-44B8-8729-F5B81C100DD3} - C:\WINDOWS\System32\sstsr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O20 - Winlogon Notify: khfecya - C:\WINDOWS\SYSTEM32\khfecya.dll
O20 - Winlogon Notify: winldh32 - winldh32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
VundoFix V6.2.8
Checking Java version...
Java version is 1.5.0.3
Scan started at 19:27:48 16/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\tlsbkkm.dll
C:\WINDOWS\system32\vsidybf.dll
C:\WINDOWS\system32\vzswffi.dll
C:\WINDOWS\system32\zsklfak.dll
C:\WINDOWS\System32\sstsr.dll
C:\WINDOWS\System32\rstss.ini
C:\WINDOWS\System32\rstss.bak1
C:\WINDOWS\System32\rstss.bak2
C:\WINDOWS\System32\rstss.ini2
C:\WINDOWS\System32\rstss.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tlsbkkm.dll
C:\WINDOWS\system32\tlsbkkm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vsidybf.dll
C:\WINDOWS\system32\vsidybf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vzswffi.dll
C:\WINDOWS\system32\vzswffi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\zsklfak.dll
C:\WINDOWS\system32\zsklfak.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\sstsr.dll
C:\WINDOWS\System32\sstsr.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.ini
C:\WINDOWS\System32\rstss.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.bak1
C:\WINDOWS\System32\rstss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.bak2
C:\WINDOWS\System32\rstss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.ini2
C:\WINDOWS\System32\rstss.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\rstss.tmp
C:\WINDOWS\System32\rstss.tmp Has been deleted!
Performing Repairs to the registry.
Done!
Et le nouveau rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 19:38:29, on 16/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau\Scanner.exe.exe
O2 - BHO: (no name) - {01C330A3-0A6B-160D-5619-0359B7822D64} - C:\WINDOWS\System32\idbkegl.dll
O2 - BHO: (no name) - {230FA72A-1338-7219-F5BC-0041D7C0F208} - C:\WINDOWS\System32\vzswffi.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\System32\ixt0.dll (file missing)
O2 - BHO: (no name) - {3A3F6C4A-FE7E-3A84-94B5-027799590EFB} - C:\WINDOWS\System32\htzcdfi.dll
O2 - BHO: (no name) - {44CBDE30-834A-2C4A-479D-062C0C7A3625} - C:\WINDOWS\System32\pzmgivl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\System32\khfecya.dll
O2 - BHO: (no name) - {DC8AC20B-F3F4-44B8-8729-F5B81C100DD3} - C:\WINDOWS\System32\sstsr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O20 - Winlogon Notify: khfecya - C:\WINDOWS\SYSTEM32\khfecya.dll
O20 - Winlogon Notify: winldh32 - winldh32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
rE?
Télécharge ce fichier Combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs !
Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v khfecya
puis clic sur OK.
Suis les invites.
Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Télécharge ce fichier Combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs !
Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v khfecya
puis clic sur OK.
Suis les invites.
Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Bonsoir,
• Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
• Double clique combofix.exe et suis les invites.
• Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
• Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
• Double clique combofix.exe et suis les invites.
• Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Rapport Combofix
KAO KEZIE BERNARDIN - 06-11-16 19:44:04.11 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau"
Command switches used :: /v khfecya
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\khfecya.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\wtssvcc.exe
C:\WINDOWS\system32\ixt1.dll
C:\WINDOWS\system32\ixt2.dll
C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{3CE9CC83-06FE-1036-0910-030512030021}
C:\Program Files\Fichiers communs\{3CE9CC83-06FF-1036-0910-030512030021}
C:\Program Files\Fichiers communs\{ACE9CC83-06FE-1036-0910-030512030021}
C:\Program Files\Fichiers communs\{ACE9CC83-06FF-1036-0910-030512030021}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1\??curity
((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))
2006-11-16 19:40 621,788 ---hs---- C:\WINDOWS\system32\kjllm.bak1
2006-11-16 19:40 60,436 --a------ C:\WINDOWS\system32\mvhtugqq.dll
2006-11-16 19:39 692,276 ---hs---- C:\WINDOWS\system32\mlljk.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\ukiljmcj.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\lluxoyxk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\uenyrurk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\inpeaelf.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\yaqboofa.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\nkkcytqj.dll
2006-11-16 14:41 71,680 --a------ C:\WINDOWS\system32\htzcdfi.dll
2006-11-16 14:40 40,973 ---hs---- C:\WINDOWS\system32\cbxxutq.dll
2006-11-16 14:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-16 13:58 93,696 --a------ C:\WINDOWS\system32\ogmdhsj.dll
2006-11-16 13:58 71,680 --a------ C:\WINDOWS\system32\idbkegl.dll
2006-11-16 13:34 126,996 --a------ C:\WINDOWS\system32\aqmhhegg.dll
2006-11-16 12:01 71,168 --a------ C:\WINDOWS\system32\pzmgivl.dll
2006-11-11 14:38 101,888 --a------ C:\WINDOWS\system32\drvmaz.dll
2006-11-11 12:51 1,256 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 12:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 12:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 12:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 11:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-11-11 11:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-11 11:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-11-11 11:41 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-11-11 11:41 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-11-11 11:41 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-11-11 11:41 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-11-11 10:49 106,496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-11 10:42 101,888 --a------ C:\WINDOWS\system32\drvjek.dll
2006-10-29 09:46 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2006-10-29 09:45 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-10-29 09:45 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-10-29 09:45 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-10-29 09:45 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-10-29 09:45 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-10-29 09:45 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-10-29 09:45 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-10-29 09:45 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-10-17 11:20 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-16 19:44 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-16 19:35 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 19:29 -------- d-------- C:\Program Files\MSN Messenger
2006-11-16 19:29 -------- d-------- C:\Program Files\MessengerDiscovery
2006-11-16 16:27 -------- d-------- C:\Program Files\Hitman Pro
2006-11-16 15:47 -------- d-------- C:\Program Files\amsn
2006-11-16 15:45 -------- d-------- C:\Program Files\a-squared Free
2006-11-16 14:18 -------- d-------- C:\Program Files\Grisoft
2006-11-16 12:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-11-12 12:55 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Skype
2006-11-12 12:51 -------- d-------- C:\Program Files\Common Files
2006-11-12 12:49 -------- d-------- C:\Program Files\eMule
2006-11-11 11:02 -------- d-------- C:\Program Files\VSAdd-in
2006-11-11 11:01 706 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\update.log
2006-11-03 21:08 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-11-01 00:18 -------- d-------- C:\Program Files\Google
2006-10-25 22:21 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-22 16:06 1202 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\wklnhst.dat
2006-10-22 15:00 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-22 14:58 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-22 14:48 -------- d-------- C:\Program Files\Alwil Software
2006-10-17 11:28 -------- d-------- C:\Program Files\WinRAR
2006-10-17 11:28 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-14 13:46 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-10-11 18:33 -------- d-------- C:\Program Files\MSNServersX
2006-10-11 18:29 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-30 10:12 -------- d-------- C:\Program Files\SM
2006-09-16 12:50 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla
2006-09-16 12:20 -------- d-------- C:\Program Files\Player Video TF1
2006-09-16 10:58 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Google
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvjek"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\System32\\drvjek.dll,startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IDMan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kwmrhb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="?hkntfs"
"hkey"="HKCU"
"command"="C:\\Program Files\\?racle\\?hkntfs.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Sniffer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogmdhsj.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ogmdhsj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\ogmdhsj.dll,oujwxs"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD110"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ridc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\KAOKEZ~1\\APPLIC~1\\CURITY~1\\svchost.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tf1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tf1"
"hkey"="HKLM"
"command"="C:\\Program Files\\Player Video TF1\\tf1.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsbkkm.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlsbkkm"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\tlsbkkm.dll,bmgpprf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwa6pcw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uwa6pcw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBursters]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virusbursters"
"hkey"="HKLM"
"command"="C:\\Program Files\\VirusBursters\\virusbursters.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTPreset"
"hkey"="HKLM"
"command"="VTPreset.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAV"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsklfak.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zsklfak"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\zsklfak.dll,osilowc"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winldh32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-16 19:46:48.27
C:\ComboFix.txt ... 06-11-16 19:46
C:\ComboFix2.txt ... 06-11-16 19:43
KAO KEZIE BERNARDIN - 06-11-16 19:44:04.11 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau"
Command switches used :: /v khfecya
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\khfecya.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\wtssvcc.exe
C:\WINDOWS\system32\ixt1.dll
C:\WINDOWS\system32\ixt2.dll
C:\WINDOWS\system32\components
C:\Program Files\Fichiers communs\{3CE9CC83-06FE-1036-0910-030512030021}
C:\Program Files\Fichiers communs\{3CE9CC83-06FF-1036-0910-030512030021}
C:\Program Files\Fichiers communs\{ACE9CC83-06FE-1036-0910-030512030021}
C:\Program Files\Fichiers communs\{ACE9CC83-06FF-1036-0910-030512030021}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1\??curity
((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))
2006-11-16 19:40 621,788 ---hs---- C:\WINDOWS\system32\kjllm.bak1
2006-11-16 19:40 60,436 --a------ C:\WINDOWS\system32\mvhtugqq.dll
2006-11-16 19:39 692,276 ---hs---- C:\WINDOWS\system32\mlljk.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\ukiljmcj.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\lluxoyxk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\uenyrurk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\inpeaelf.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\yaqboofa.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\nkkcytqj.dll
2006-11-16 14:41 71,680 --a------ C:\WINDOWS\system32\htzcdfi.dll
2006-11-16 14:40 40,973 ---hs---- C:\WINDOWS\system32\cbxxutq.dll
2006-11-16 14:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-16 13:58 93,696 --a------ C:\WINDOWS\system32\ogmdhsj.dll
2006-11-16 13:58 71,680 --a------ C:\WINDOWS\system32\idbkegl.dll
2006-11-16 13:34 126,996 --a------ C:\WINDOWS\system32\aqmhhegg.dll
2006-11-16 12:01 71,168 --a------ C:\WINDOWS\system32\pzmgivl.dll
2006-11-11 14:38 101,888 --a------ C:\WINDOWS\system32\drvmaz.dll
2006-11-11 12:51 1,256 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 12:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 12:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 12:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 11:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-11-11 11:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-11 11:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-11-11 11:41 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-11-11 11:41 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-11-11 11:41 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-11-11 11:41 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-11-11 10:49 106,496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-11 10:42 101,888 --a------ C:\WINDOWS\system32\drvjek.dll
2006-10-29 09:46 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2006-10-29 09:45 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-10-29 09:45 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-10-29 09:45 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-10-29 09:45 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-10-29 09:45 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-10-29 09:45 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-10-29 09:45 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-10-29 09:45 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-10-17 11:20 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-16 19:44 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-16 19:35 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 19:29 -------- d-------- C:\Program Files\MSN Messenger
2006-11-16 19:29 -------- d-------- C:\Program Files\MessengerDiscovery
2006-11-16 16:27 -------- d-------- C:\Program Files\Hitman Pro
2006-11-16 15:47 -------- d-------- C:\Program Files\amsn
2006-11-16 15:45 -------- d-------- C:\Program Files\a-squared Free
2006-11-16 14:18 -------- d-------- C:\Program Files\Grisoft
2006-11-16 12:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-11-12 12:55 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Skype
2006-11-12 12:51 -------- d-------- C:\Program Files\Common Files
2006-11-12 12:49 -------- d-------- C:\Program Files\eMule
2006-11-11 11:02 -------- d-------- C:\Program Files\VSAdd-in
2006-11-11 11:01 706 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\update.log
2006-11-03 21:08 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-11-01 00:18 -------- d-------- C:\Program Files\Google
2006-10-25 22:21 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-22 16:06 1202 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\wklnhst.dat
2006-10-22 15:00 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-22 14:58 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-22 14:48 -------- d-------- C:\Program Files\Alwil Software
2006-10-17 11:28 -------- d-------- C:\Program Files\WinRAR
2006-10-17 11:28 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-14 13:46 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-10-11 18:33 -------- d-------- C:\Program Files\MSNServersX
2006-10-11 18:29 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-30 10:12 -------- d-------- C:\Program Files\SM
2006-09-16 12:50 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla
2006-09-16 12:20 -------- d-------- C:\Program Files\Player Video TF1
2006-09-16 10:58 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Google
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvjek"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\System32\\drvjek.dll,startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IDMan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kwmrhb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="?hkntfs"
"hkey"="HKCU"
"command"="C:\\Program Files\\?racle\\?hkntfs.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Sniffer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogmdhsj.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ogmdhsj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\ogmdhsj.dll,oujwxs"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD110"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ridc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\KAOKEZ~1\\APPLIC~1\\CURITY~1\\svchost.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tf1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tf1"
"hkey"="HKLM"
"command"="C:\\Program Files\\Player Video TF1\\tf1.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsbkkm.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlsbkkm"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\tlsbkkm.dll,bmgpprf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwa6pcw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uwa6pcw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBursters]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virusbursters"
"hkey"="HKLM"
"command"="C:\\Program Files\\VirusBursters\\virusbursters.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTPreset"
"hkey"="HKLM"
"command"="VTPreset.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAV"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsklfak.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zsklfak"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\zsklfak.dll,osilowc"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winldh32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-16 19:46:48.27
C:\ComboFix.txt ... 06-11-16 19:46
C:\ComboFix2.txt ... 06-11-16 19:43
Re ,
KAO KEZIE BERNARDIN - 06-11-16 20:19:39,11 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau"
Command switches used :: /v mlljk
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1\??curity
((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))
2006-11-16 19:40 60,436 --a------ C:\WINDOWS\system32\mvhtugqq.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\ukiljmcj.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\lluxoyxk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\uenyrurk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\inpeaelf.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\yaqboofa.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\nkkcytqj.dll
2006-11-16 14:41 71,680 --a------ C:\WINDOWS\system32\htzcdfi.dll
2006-11-16 14:40 40,973 ---hs---- C:\WINDOWS\system32\cbxxutq.dll
2006-11-16 14:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-16 13:58 93,696 --a------ C:\WINDOWS\system32\ogmdhsj.dll
2006-11-16 13:58 71,680 --a------ C:\WINDOWS\system32\idbkegl.dll
2006-11-16 13:34 126,996 --a------ C:\WINDOWS\system32\aqmhhegg.dll
2006-11-16 12:01 71,168 --a------ C:\WINDOWS\system32\pzmgivl.dll
2006-11-11 14:38 101,888 --a------ C:\WINDOWS\system32\drvmaz.dll
2006-11-11 12:51 1,256 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 12:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 12:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 12:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 11:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-11-11 11:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-11 11:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-11-11 11:41 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-11-11 11:41 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-11-11 11:41 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-11-11 11:41 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-11-11 10:49 106,496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-11 10:42 101,888 --a------ C:\WINDOWS\system32\drvjek.dll
2006-10-29 09:46 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2006-10-29 09:45 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-10-29 09:45 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-10-29 09:45 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-10-29 09:45 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-10-29 09:45 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-10-29 09:45 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-10-29 09:45 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-10-29 09:45 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-10-17 11:20 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-16 19:59 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 19:44 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-16 19:29 -------- d-------- C:\Program Files\MSN Messenger
2006-11-16 19:29 -------- d-------- C:\Program Files\MessengerDiscovery
2006-11-16 16:27 -------- d-------- C:\Program Files\Hitman Pro
2006-11-16 15:47 -------- d-------- C:\Program Files\amsn
2006-11-16 15:45 -------- d-------- C:\Program Files\a-squared Free
2006-11-16 14:18 -------- d-------- C:\Program Files\Grisoft
2006-11-16 12:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-11-12 12:55 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Skype
2006-11-12 12:51 -------- d-------- C:\Program Files\Common Files
2006-11-12 12:49 -------- d-------- C:\Program Files\eMule
2006-11-11 11:02 -------- d-------- C:\Program Files\VSAdd-in
2006-11-11 11:01 706 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\update.log
2006-11-03 21:08 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-11-01 00:18 -------- d-------- C:\Program Files\Google
2006-10-25 22:21 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-22 16:06 1202 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\wklnhst.dat
2006-10-22 15:00 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-22 14:58 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-22 14:48 -------- d-------- C:\Program Files\Alwil Software
2006-10-17 11:28 -------- d-------- C:\Program Files\WinRAR
2006-10-17 11:28 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-14 13:46 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-10-11 18:33 -------- d-------- C:\Program Files\MSNServersX
2006-10-11 18:29 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-30 10:12 -------- d-------- C:\Program Files\SM
2006-09-16 12:50 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla
2006-09-16 12:20 -------- d-------- C:\Program Files\Player Video TF1
2006-09-16 10:58 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Google
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvjek"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\System32\\drvjek.dll,startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IDMan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kwmrhb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="?hkntfs"
"hkey"="HKCU"
"command"="C:\\Program Files\\?racle\\?hkntfs.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Sniffer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogmdhsj.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ogmdhsj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\ogmdhsj.dll,oujwxs"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD110"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ridc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\KAOKEZ~1\\APPLIC~1\\CURITY~1\\svchost.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tf1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tf1"
"hkey"="HKLM"
"command"="C:\\Program Files\\Player Video TF1\\tf1.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsbkkm.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlsbkkm"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\tlsbkkm.dll,bmgpprf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwa6pcw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uwa6pcw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBursters]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virusbursters"
"hkey"="HKLM"
"command"="C:\\Program Files\\VirusBursters\\virusbursters.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTPreset"
"hkey"="HKLM"
"command"="VTPreset.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAV"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsklfak.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zsklfak"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\zsklfak.dll,osilowc"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winldh32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-16 20:22:14.80
C:\ComboFix.txt ... 06-11-16 20:22
C:\ComboFix2.txt ... 06-11-16 19:46
C:\ComboFix3.txt ... 06-11-16 19:43
KAO KEZIE BERNARDIN - 06-11-16 20:19:39,11 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau"
Command switches used :: /v mlljk
(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1\??curity
((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))
2006-11-16 19:40 60,436 --a------ C:\WINDOWS\system32\mvhtugqq.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\ukiljmcj.dll
2006-11-16 19:21 60,436 --a------ C:\WINDOWS\system32\lluxoyxk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\uenyrurk.dll
2006-11-16 19:04 60,436 --a------ C:\WINDOWS\system32\inpeaelf.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\yaqboofa.dll
2006-11-16 15:11 60,436 --a------ C:\WINDOWS\system32\nkkcytqj.dll
2006-11-16 14:41 71,680 --a------ C:\WINDOWS\system32\htzcdfi.dll
2006-11-16 14:40 40,973 ---hs---- C:\WINDOWS\system32\cbxxutq.dll
2006-11-16 14:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-16 13:58 93,696 --a------ C:\WINDOWS\system32\ogmdhsj.dll
2006-11-16 13:58 71,680 --a------ C:\WINDOWS\system32\idbkegl.dll
2006-11-16 13:34 126,996 --a------ C:\WINDOWS\system32\aqmhhegg.dll
2006-11-16 12:01 71,168 --a------ C:\WINDOWS\system32\pzmgivl.dll
2006-11-11 14:38 101,888 --a------ C:\WINDOWS\system32\drvmaz.dll
2006-11-11 12:51 1,256 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 12:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 12:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 12:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 11:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-11-11 11:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-11 11:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-11-11 11:41 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-11-11 11:41 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-11-11 11:41 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-11-11 11:41 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-11-11 10:49 106,496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-11 10:42 101,888 --a------ C:\WINDOWS\system32\drvjek.dll
2006-10-29 09:46 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2006-10-29 09:45 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-10-29 09:45 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-10-29 09:45 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-10-29 09:45 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-10-29 09:45 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-10-29 09:45 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-10-29 09:45 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-10-29 09:45 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-10-17 11:20 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-16 19:59 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-16 19:44 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-16 19:29 -------- d-------- C:\Program Files\MSN Messenger
2006-11-16 19:29 -------- d-------- C:\Program Files\MessengerDiscovery
2006-11-16 16:27 -------- d-------- C:\Program Files\Hitman Pro
2006-11-16 15:47 -------- d-------- C:\Program Files\amsn
2006-11-16 15:45 -------- d-------- C:\Program Files\a-squared Free
2006-11-16 14:18 -------- d-------- C:\Program Files\Grisoft
2006-11-16 12:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-11-12 12:55 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Skype
2006-11-12 12:51 -------- d-------- C:\Program Files\Common Files
2006-11-12 12:49 -------- d-------- C:\Program Files\eMule
2006-11-11 11:02 -------- d-------- C:\Program Files\VSAdd-in
2006-11-11 11:01 706 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\update.log
2006-11-03 21:08 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-11-01 00:18 -------- d-------- C:\Program Files\Google
2006-10-25 22:21 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-22 16:06 1202 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\wklnhst.dat
2006-10-22 15:00 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-22 14:58 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-22 14:48 -------- d-------- C:\Program Files\Alwil Software
2006-10-17 11:28 -------- d-------- C:\Program Files\WinRAR
2006-10-17 11:28 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-14 13:46 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-10-11 18:33 -------- d-------- C:\Program Files\MSNServersX
2006-10-11 18:29 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-30 10:12 -------- d-------- C:\Program Files\SM
2006-09-16 12:50 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla
2006-09-16 12:20 -------- d-------- C:\Program Files\Player Video TF1
2006-09-16 10:58 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Google
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvjek"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\System32\\drvjek.dll,startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IDMan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kwmrhb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="?hkntfs"
"hkey"="HKCU"
"command"="C:\\Program Files\\?racle\\?hkntfs.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Sniffer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogmdhsj.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ogmdhsj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\ogmdhsj.dll,oujwxs"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD110"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ridc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\KAOKEZ~1\\APPLIC~1\\CURITY~1\\svchost.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tf1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tf1"
"hkey"="HKLM"
"command"="C:\\Program Files\\Player Video TF1\\tf1.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsbkkm.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlsbkkm"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\tlsbkkm.dll,bmgpprf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwa6pcw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uwa6pcw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBursters]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virusbursters"
"hkey"="HKLM"
"command"="C:\\Program Files\\VirusBursters\\virusbursters.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTPreset"
"hkey"="HKLM"
"command"="VTPreset.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAV"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsklfak.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zsklfak"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\zsklfak.dll,osilowc"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winldh32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-16 20:22:14.80
C:\ComboFix.txt ... 06-11-16 20:22
C:\ComboFix2.txt ... 06-11-16 19:46
C:\ComboFix3.txt ... 06-11-16 19:43
Re,
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto de Malekal
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport ici.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto de Malekal
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport ici.
Le scan a été long dsl
En voici le rapport
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:08:33 16/11/2006
+ Résultat de l'analyse:
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Aucune action entreprise.
HKLM\SOFTWARE\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003039.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003040.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003041.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003042.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0005147.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003069.exe -> Adware.VB : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003053.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003054.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003055.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003056.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003057.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0005148.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\WINDOWS\system32\cbxxutq.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003058.dll -> Adware.WinAntiVirus : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0001017.exe -> Downloader.PurityScan.dc : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003070.exe -> Downloader.PurityScan.dc : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003052.exe -> Downloader.Zlob.awm : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003071.exe -> Not-A-Virus.HackTool.Win32.Homac : Aucune action entreprise.
:mozilla.153:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.154:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.155:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.214:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.159:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.160:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.112:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.113:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.114:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.146:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.76:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.175:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Com : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@enhance[2].txt -> TrackingCookie.Enhance : Aucune action entreprise.
:mozilla.77:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.70:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.6:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.139:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.110:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.136:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.137:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.138:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003038.dll -> Trojan.Agent.vg : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003045.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003046.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003047.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003048.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003049.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003050.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003051.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003074.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003075.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003076.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\inpeaelf.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\lluxoyxk.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\mvhtugqq.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\nkkcytqj.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\uenyrurk.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\ukiljmcj.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\yaqboofa.dll -> Trojan.BHO.g : Aucune action entreprise.
Fin du rapport
En voici le rapport
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:08:33 16/11/2006
+ Résultat de l'analyse:
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Aucune action entreprise.
HKLM\SOFTWARE\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003039.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003040.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003041.exe -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003042.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0005147.dll -> Adware.Softomate : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003069.exe -> Adware.VB : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003053.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003054.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003055.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003056.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003057.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0005148.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\WINDOWS\system32\cbxxutq.dll -> Adware.Virtumonde : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003058.dll -> Adware.WinAntiVirus : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0001017.exe -> Downloader.PurityScan.dc : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003070.exe -> Downloader.PurityScan.dc : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003052.exe -> Downloader.Zlob.awm : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003071.exe -> Not-A-Virus.HackTool.Win32.Homac : Aucune action entreprise.
:mozilla.153:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.154:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.155:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.214:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.159:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.160:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.112:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.113:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.114:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.146:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.76:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.175:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Com : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@enhance[2].txt -> TrackingCookie.Enhance : Aucune action entreprise.
:mozilla.77:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.70:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.6:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.139:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.107:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.108:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.109:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.110:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.136:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.137:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.138:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003038.dll -> Trojan.Agent.vg : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003045.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003046.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003047.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003048.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003049.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003050.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003051.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003074.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003075.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0003076.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\inpeaelf.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\lluxoyxk.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\mvhtugqq.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\nkkcytqj.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\uenyrurk.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\ukiljmcj.dll -> Trojan.BHO.g : Aucune action entreprise.
C:\WINDOWS\system32\yaqboofa.dll -> Trojan.BHO.g : Aucune action entreprise.
Fin du rapport
Nouveau rapport, Dsl encore...
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:15:24 16/11/2006
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006245.dll -> Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006246.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.6:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.18:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006238.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006239.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006240.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006241.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006242.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006243.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006244.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:15:24 16/11/2006
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006245.dll -> Adware.Agent : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006246.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.6:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.18:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.19:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.20:C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Mozilla\Firefox\Profiles\6ol73g6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KAO KEZIE BERNARDIN\Cookies\kao kezie bernardin@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006238.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006239.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006240.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006241.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006242.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006243.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C36B9BEE-6A27-4F19-B0EB-6A136DA9DA30}\RP0\A0006244.dll -> Trojan.BHO.g : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Scan Combofix :
KAO KEZIE BERNARDIN - 06-11-17 21:46:23,74 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1\??curity
((((((((((((((((((((((((((((((( Files Created from 2006-10-17 to 2006-11-17 ))))))))))))))))))))))))))))))))))
2006-11-16 14:41 71,680 --a------ C:\WINDOWS\system32\htzcdfi.dll
2006-11-16 14:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-16 13:58 93,696 --a------ C:\WINDOWS\system32\ogmdhsj.dll
2006-11-16 13:58 71,680 --a------ C:\WINDOWS\system32\idbkegl.dll
2006-11-16 13:34 126,996 --a------ C:\WINDOWS\system32\aqmhhegg.dll
2006-11-16 12:01 71,168 --a------ C:\WINDOWS\system32\pzmgivl.dll
2006-11-11 14:38 101,888 --a------ C:\WINDOWS\system32\drvmaz.dll
2006-11-11 12:51 1,256 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 12:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 12:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 12:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 11:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-11-11 11:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-11 11:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-11-11 11:41 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-11-11 11:41 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-11-11 11:41 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-11-11 11:41 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-11-11 10:49 106,496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-11 10:42 101,888 --a------ C:\WINDOWS\system32\drvjek.dll
2006-10-29 09:46 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2006-10-29 09:45 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-10-29 09:45 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-10-29 09:45 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-10-29 09:45 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-10-29 09:45 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-10-29 09:45 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-10-29 09:45 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-10-29 09:45 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-10-17 11:20 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-17 21:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-17 17:08 -------- d-------- C:\Program Files\MessengerDiscovery
2006-11-17 15:43 -------- d---s---- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Microsoft
2006-11-17 15:33 -------- d-------- C:\Program Files\MSN Messenger
2006-11-17 15:21 -------- d-------- C:\Program Files\eMule
2006-11-17 15:17 -------- d-------- C:\Program Files\Macrogaming
2006-11-17 11:42 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-16 16:27 -------- d-------- C:\Program Files\Hitman Pro
2006-11-16 15:47 -------- d-------- C:\Program Files\amsn
2006-11-16 15:45 -------- d-------- C:\Program Files\a-squared Free
2006-11-16 14:18 -------- d-------- C:\Program Files\Grisoft
2006-11-16 12:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-11-12 12:55 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Skype
2006-11-12 12:51 -------- d-------- C:\Program Files\Common Files
2006-11-11 11:02 -------- d-------- C:\Program Files\VSAdd-in
2006-11-11 11:01 706 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\update.log
2006-11-03 21:08 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-11-01 00:18 -------- d-------- C:\Program Files\Google
2006-10-25 22:21 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-22 16:06 1202 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\wklnhst.dat
2006-10-22 15:00 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-22 14:58 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-22 14:48 -------- d-------- C:\Program Files\Alwil Software
2006-10-17 11:28 -------- d-------- C:\Program Files\WinRAR
2006-10-14 13:46 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-10-11 18:33 -------- d-------- C:\Program Files\MSNServersX
2006-10-11 18:29 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-30 10:12 -------- d-------- C:\Program Files\SM
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvjek"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\System32\\drvjek.dll,startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IDMan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kwmrhb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="?hkntfs"
"hkey"="HKCU"
"command"="C:\\Program Files\\?racle\\?hkntfs.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Sniffer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogmdhsj.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ogmdhsj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\ogmdhsj.dll,oujwxs"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD110"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ridc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\KAOKEZ~1\\APPLIC~1\\CURITY~1\\svchost.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tf1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tf1"
"hkey"="HKLM"
"command"="C:\\Program Files\\Player Video TF1\\tf1.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsbkkm.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlsbkkm"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\tlsbkkm.dll,bmgpprf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwa6pcw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uwa6pcw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBursters]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virusbursters"
"hkey"="HKLM"
"command"="C:\\Program Files\\VirusBursters\\virusbursters.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTPreset"
"hkey"="HKLM"
"command"="VTPreset.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAV"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsklfak.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zsklfak"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\zsklfak.dll,osilowc"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winldh32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-17 21:47:15.07
C:\ComboFix.txt ... 06-11-17 21:47
C:\ComboFix2.txt ... 06-11-16 20:22
C:\ComboFix3.txt ... 06-11-16 19:46
KAO KEZIE BERNARDIN - 06-11-17 21:46:23,74 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\KAO KEZIE BERNARDIN\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1
C:\QooBox\Purity\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\CURITY~1\??curity
((((((((((((((((((((((((((((((( Files Created from 2006-10-17 to 2006-11-17 ))))))))))))))))))))))))))))))))))
2006-11-16 14:41 71,680 --a------ C:\WINDOWS\system32\htzcdfi.dll
2006-11-16 14:18 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-16 13:58 93,696 --a------ C:\WINDOWS\system32\ogmdhsj.dll
2006-11-16 13:58 71,680 --a------ C:\WINDOWS\system32\idbkegl.dll
2006-11-16 13:34 126,996 --a------ C:\WINDOWS\system32\aqmhhegg.dll
2006-11-16 12:01 71,168 --a------ C:\WINDOWS\system32\pzmgivl.dll
2006-11-11 14:38 101,888 --a------ C:\WINDOWS\system32\drvmaz.dll
2006-11-11 12:51 1,256 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 12:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 12:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 12:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-11 11:42 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-11-11 11:42 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-11-11 11:42 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-11-11 11:41 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-11-11 11:41 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-11-11 11:41 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-11-11 11:41 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-11-11 10:49 106,496 --a------ C:\WINDOWS\system32\impgsje.dll
2006-11-11 10:42 101,888 --a------ C:\WINDOWS\system32\drvjek.dll
2006-10-29 09:46 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2006-10-29 09:45 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2006-10-29 09:45 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2006-10-29 09:45 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2006-10-29 09:45 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2006-10-29 09:45 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2006-10-29 09:45 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2006-10-29 09:45 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2006-10-29 09:45 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2006-10-17 11:20 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-17 21:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-17 17:08 -------- d-------- C:\Program Files\MessengerDiscovery
2006-11-17 15:43 -------- d---s---- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Microsoft
2006-11-17 15:33 -------- d-------- C:\Program Files\MSN Messenger
2006-11-17 15:21 -------- d-------- C:\Program Files\eMule
2006-11-17 15:17 -------- d-------- C:\Program Files\Macrogaming
2006-11-17 11:42 -------- d-a------ C:\Program Files\Fichiers communs
2006-11-16 16:27 -------- d-------- C:\Program Files\Hitman Pro
2006-11-16 15:47 -------- d-------- C:\Program Files\amsn
2006-11-16 15:45 -------- d-------- C:\Program Files\a-squared Free
2006-11-16 14:18 -------- d-------- C:\Program Files\Grisoft
2006-11-16 12:07 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-11-12 12:55 -------- d-------- C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\Skype
2006-11-12 12:51 -------- d-------- C:\Program Files\Common Files
2006-11-11 11:02 -------- d-------- C:\Program Files\VSAdd-in
2006-11-11 11:01 706 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\update.log
2006-11-03 21:08 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-11-01 00:18 -------- d-------- C:\Program Files\Google
2006-10-25 22:21 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-22 16:06 1202 --a------ C:\Documents and Settings\KAO KEZIE BERNARDIN\Application Data\wklnhst.dat
2006-10-22 15:00 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-10-22 14:58 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-22 14:48 -------- d-------- C:\Program Files\Alwil Software
2006-10-17 11:28 -------- d-------- C:\Program Files\WinRAR
2006-10-14 13:46 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-10-11 18:33 -------- d-------- C:\Program Files\MSNServersX
2006-10-11 18:29 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-09-30 10:12 -------- d-------- C:\Program Files\SM
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvjek"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\System32\\drvjek.dll,startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IDMan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Internet Download Manager\\IDMan.exe /onboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kwmrhb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="?hkntfs"
"hkey"="HKCU"
"command"="C:\\Program Files\\?racle\\?hkntfs.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealOneMessageCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Sniffer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogmdhsj.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ogmdhsj"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\ogmdhsj.dll,oujwxs"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QFSCHD110"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ridc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchost"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\KAOKEZ~1\\APPLIC~1\\CURITY~1\\svchost.exe\" -vt yazb"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tf1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tf1"
"hkey"="HKLM"
"command"="C:\\Program Files\\Player Video TF1\\tf1.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsbkkm.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlsbkkm"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\tlsbkkm.dll,bmgpprf"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\Fichiers communs\\Ulead Systems\\AutoDetector\\monitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwa6pcw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uwa6pcw"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBursters]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virusbursters"
"hkey"="HKLM"
"command"="C:\\Program Files\\VirusBursters\\virusbursters.exe /h"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTPreset"
"hkey"="HKLM"
"command"="VTPreset.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirusPro2006]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAV"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\WinAV.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zsklfak.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zsklfak"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\zsklfak.dll,osilowc"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winldh32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-17 21:47:15.07
C:\ComboFix.txt ... 06-11-17 21:47
C:\ComboFix2.txt ... 06-11-16 20:22
C:\ComboFix3.txt ... 06-11-16 19:46
Une dernière vérif.
Télécharge SpySweeper (de Webroot, version d'essai de 14 jours) :
-Clique sur "Télécharger la version test".
-Installe le programme en choississant "installation standard".
-Accepte le redémarrage
-L'option de le mettre à jour s'affichera, acceptes la mise à jour
-Lorsque les mises à jour seront installées, dans colonne de gauche clique sur l'onglet Options puis analyse.
-Sous Eléments à analyser et Autres options coche toutes les cases.
-Ferme SpySweeper
La suite étant faite en mode sans échec, imprime ou copie/colle dans un fichier texte les instructions suivantes
Redémarre en mode sans échec : au redémarrage, tapotes immédiatement la touche F8, tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Démarre SpySweeper
-Clique Analyser sur la gauche puis sur Démarrer l'analyse.
-Quand le scan est terminé, clique sur Suivant.
-Assure-toi que tous les éléments trouvés sont tous cochés, puis clic sur Suivant.
-Tous les éléments cochés seront alors mis en quarantaine.
-Dans "Récapitulatif", sélectionne en bas Afficher le journal de session puis Enregistrer dans un fichier afin de sauvegarder le rapport.
Redémarre normalement
Désinstalle SpySweeper à partir de ajout/suppression de programme sauf si tu veux continuer l'évaluation pendant 15 jours.
Copie/colle le rapport de SpySweeper ici
-Clique sur "Télécharger la version test".
-Installe le programme en choississant "installation standard".
-Accepte le redémarrage
-L'option de le mettre à jour s'affichera, acceptes la mise à jour
-Lorsque les mises à jour seront installées, dans colonne de gauche clique sur l'onglet Options puis analyse.
-Sous Eléments à analyser et Autres options coche toutes les cases.
-Ferme SpySweeper
La suite étant faite en mode sans échec, imprime ou copie/colle dans un fichier texte les instructions suivantes
-Clique Analyser sur la gauche puis sur Démarrer l'analyse.
-Quand le scan est terminé, clique sur Suivant.
-Assure-toi que tous les éléments trouvés sont tous cochés, puis clic sur Suivant.
-Tous les éléments cochés seront alors mis en quarantaine.
-Dans "Récapitulatif", sélectionne en bas Afficher le journal de session puis Enregistrer dans un fichier afin de sauvegarder le rapport.
12:33: Removal process completed. Elapsed time 00:01:32
12:33: A reboot was required but declined.
12:33: Quarantining All Traces: mediaplex cookie
12:33: Quarantining All Traces: bluestreak cookie
12:33: Quarantining All Traces: atlas dmt cookie
12:33: Quarantining All Traces: hotbar
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\mdia5933@hotmail.com\dfsr\staging\cs{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}\01\10-{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v10-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lil.gomez@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{6fff49c6-9df4-0108-615c-e17dcd0ed126}\01\10-{6fff49c6-9df4-0108-615c-e17dcd0ed126}-v1-{5ae71116-dcee-40e7-9bad-5962bb436574}-v10-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\01\13-{328f2f6c-1fcd-b1ac-a256-795cb0da7402}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v13-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\14\17-{7116df02-71bb-4a95-9529-1038fd2940e6}-v14-{7116df02-71bb-4a95-9529-1038fd2940e6}-v17-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\16\18-{7116df02-71bb-4a95-9529-1038fd2940e6}-v16-{7116df02-71bb-4a95-9529-1038fd2940e6}-v18-downloaded.frx is in use. It will be removed on reboot.
12:33: potentially rootkit-masked files is in use. It will be removed on reboot.
12:32: Quarantining All Traces: potentially rootkit-masked files
12:32: Removal process initiated
02:54: Traces Found: 9
02:54: Full Sweep has completed. Elapsed time 00:27:36
02:53: File Sweep Complete, Elapsed Time: 00:26:09
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\mdia5933@hotmail.com\dfsr\staging\cs{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}\01\10-{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v10-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lil.gomez@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{6fff49c6-9df4-0108-615c-e17dcd0ed126}\01\10-{6fff49c6-9df4-0108-615c-e17dcd0ed126}-v1-{5ae71116-dcee-40e7-9bad-5962bb436574}-v10-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\01\13-{328f2f6c-1fcd-b1ac-a256-795cb0da7402}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v13-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\14\17-{7116df02-71bb-4a95-9529-1038fd2940e6}-v14-{7116df02-71bb-4a95-9529-1038fd2940e6}-v17-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\16\18-{7116df02-71bb-4a95-9529-1038fd2940e6}-v16-{7116df02-71bb-4a95-9529-1038fd2940e6}-v18-downloaded.frx (ID = 0)
02:43: Found System Monitor: potentially rootkit-masked files
02:43: Warning: Failed to access drive D:
02:27: Starting File Sweep
02:27: Cookie Sweep Complete, Elapsed Time: 00:00:00
02:27: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@mediaplex[1].txt (ID = 6442)
02:27: Found Spy Cookie: mediaplex cookie
02:27: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@bluestreak[2].txt (ID = 2314)
02:27: Found Spy Cookie: bluestreak cookie
02:27: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@atdmt[2].txt (ID = 2253)
02:27: Found Spy Cookie: atlas dmt cookie
02:27: Starting Cookie Sweep
02:27: Registry Sweep Complete, Elapsed Time:00:00:14
02:27: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hbinstie.dll\ (ID = 484423)
02:27: Found Adware: hotbar
02:27: Starting Registry Sweep
02:27: Memory Sweep Complete, Elapsed Time: 00:00:49
02:26: Starting Memory Sweep
02:26: Sweep initiated using definitions version 734
02:26: Spy Sweeper 5.0.7.1608 started
02:26: | Start of Session, samedi 18 novembre 2006 |
********
02:26: | End of Session, samedi 18 novembre 2006 |
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
02:25: Shield States
02:25: Spyware Definitions: 734
02:25: Spy Sweeper 5.0.7.1608 started
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
23:32: Shield States
23:32: Spyware Definitions: 734
23:31: Spy Sweeper 5.0.7.1608 started
22:38: | End of Session, vendredi 17 novembre 2006 |
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
22:38: Shield States
22:38: Spyware Definitions: 734
22:38: Spy Sweeper 5.0.7.1608 started
22:37: Program Version 5.0.7.1608 Using Spyware Definitions 734
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
22:32: Shield States
22:32: Spyware Definitions: 734
22:32: Spy Sweeper 5.0.7.1608 started
22:32: Spy Sweeper 5.0.7.1608 started
22:32: | Start of Session, vendredi 17 novembre 2006 |
********
23:29: Deletion from quarantine completed. Elapsed time 00:00:00
23:29: Processing: xiti cookie
23:29: Processing: bluestreak cookie
23:29: Processing: atlas dmt cookie
23:29: Processing: serving-sys cookie
23:29: Processing: 2o7.net cookie
23:29: Processing: 2o7.net cookie
23:29: Processing: 3 cookie
23:29: Processing: adultfriendfinder cookie
23:29: Processing: mediaplex cookie
23:29: Processing: hotbar
23:29: Deletion from quarantine initiated
23:27: Removal process completed. Elapsed time 00:00:10
23:27: Quarantining All Traces: xiti cookie
23:27: Quarantining All Traces: serving-sys cookie
23:27: Quarantining All Traces: mediaplex cookie
23:27: Quarantining All Traces: bluestreak cookie
23:27: Quarantining All Traces: atlas dmt cookie
23:27: Quarantining All Traces: adultfriendfinder cookie
23:27: Quarantining All Traces: 3 cookie
23:27: Quarantining All Traces: 2o7.net cookie
23:27: Quarantining All Traces: hotbar
23:27: Removal process initiated
23:12: Traces Found: 15
23:12: Full Sweep has completed. Elapsed time 00:34:11
23:12: File Sweep Complete, Elapsed Time: 00:32:48
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\mdia5933@hotmail.com\dfsr\staging\cs{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}\01\10-{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v10-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lil.gomez@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{6fff49c6-9df4-0108-615c-e17dcd0ed126}\01\10-{6fff49c6-9df4-0108-615c-e17dcd0ed126}-v1-{5ae71116-dcee-40e7-9bad-5962bb436574}-v10-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\01\13-{328f2f6c-1fcd-b1ac-a256-795cb0da7402}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v13-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\14\17-{7116df02-71bb-4a95-9529-1038fd2940e6}-v14-{7116df02-71bb-4a95-9529-1038fd2940e6}-v17-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\16\18-{7116df02-71bb-4a95-9529-1038fd2940e6}-v16-{7116df02-71bb-4a95-9529-1038fd2940e6}-v18-downloaded.frx (ID = 0)
22:55: Found System Monitor: potentially rootkit-masked files
22:55: Warning: Failed to access drive D:
22:39: Starting File Sweep
22:39: Cookie Sweep Complete, Elapsed Time: 00:00:02
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@xiti[1].txt (ID = 3717)
22:39: Found Spy Cookie: xiti cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@serving-sys[1].txt (ID = 3343)
22:39: Found Spy Cookie: serving-sys cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@msnportal.112.2o7[1].txt (ID = 1958)
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@mediaplex[1].txt (ID = 6442)
22:39: Found Spy Cookie: mediaplex cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@bluestreak[2].txt (ID = 2314)
22:39: Found Spy Cookie: bluestreak cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@atdmt[2].txt (ID = 2253)
22:39: Found Spy Cookie: atlas dmt cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@adultfriendfinder[2].txt (ID = 2165)
22:39: Found Spy Cookie: adultfriendfinder cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@85.17.3[1].txt (ID = 1960)
22:39: Found Spy Cookie: 3 cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@2o7[1].txt (ID = 1957)
22:39: Found Spy Cookie: 2o7.net cookie
22:39: Starting Cookie Sweep
22:39: Registry Sweep Complete, Elapsed Time:00:00:15
22:39: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hbinstie.dll\ (ID = 484423)
22:39: Found Adware: hotbar
22:39: Starting Registry Sweep
22:39: Memory Sweep Complete, Elapsed Time: 00:00:49
22:38: Starting Memory Sweep
22:38: Sweep initiated using definitions version 734
22:38: Spy Sweeper 5.0.7.1608 started
22:38: | Start of Session, vendredi 17 novembre 2006 |
********
12:33: A reboot was required but declined.
12:33: Quarantining All Traces: mediaplex cookie
12:33: Quarantining All Traces: bluestreak cookie
12:33: Quarantining All Traces: atlas dmt cookie
12:33: Quarantining All Traces: hotbar
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\mdia5933@hotmail.com\dfsr\staging\cs{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}\01\10-{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v10-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lil.gomez@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{6fff49c6-9df4-0108-615c-e17dcd0ed126}\01\10-{6fff49c6-9df4-0108-615c-e17dcd0ed126}-v1-{5ae71116-dcee-40e7-9bad-5962bb436574}-v10-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\01\13-{328f2f6c-1fcd-b1ac-a256-795cb0da7402}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v13-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\14\17-{7116df02-71bb-4a95-9529-1038fd2940e6}-v14-{7116df02-71bb-4a95-9529-1038fd2940e6}-v17-downloaded.frx is in use. It will be removed on reboot.
12:33: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\16\18-{7116df02-71bb-4a95-9529-1038fd2940e6}-v16-{7116df02-71bb-4a95-9529-1038fd2940e6}-v18-downloaded.frx is in use. It will be removed on reboot.
12:33: potentially rootkit-masked files is in use. It will be removed on reboot.
12:32: Quarantining All Traces: potentially rootkit-masked files
12:32: Removal process initiated
02:54: Traces Found: 9
02:54: Full Sweep has completed. Elapsed time 00:27:36
02:53: File Sweep Complete, Elapsed Time: 00:26:09
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\mdia5933@hotmail.com\dfsr\staging\cs{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}\01\10-{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v10-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lil.gomez@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{6fff49c6-9df4-0108-615c-e17dcd0ed126}\01\10-{6fff49c6-9df4-0108-615c-e17dcd0ed126}-v1-{5ae71116-dcee-40e7-9bad-5962bb436574}-v10-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\01\13-{328f2f6c-1fcd-b1ac-a256-795cb0da7402}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v13-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\14\17-{7116df02-71bb-4a95-9529-1038fd2940e6}-v14-{7116df02-71bb-4a95-9529-1038fd2940e6}-v17-downloaded.frx (ID = 0)
02:43: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\16\18-{7116df02-71bb-4a95-9529-1038fd2940e6}-v16-{7116df02-71bb-4a95-9529-1038fd2940e6}-v18-downloaded.frx (ID = 0)
02:43: Found System Monitor: potentially rootkit-masked files
02:43: Warning: Failed to access drive D:
02:27: Starting File Sweep
02:27: Cookie Sweep Complete, Elapsed Time: 00:00:00
02:27: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@mediaplex[1].txt (ID = 6442)
02:27: Found Spy Cookie: mediaplex cookie
02:27: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@bluestreak[2].txt (ID = 2314)
02:27: Found Spy Cookie: bluestreak cookie
02:27: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@atdmt[2].txt (ID = 2253)
02:27: Found Spy Cookie: atlas dmt cookie
02:27: Starting Cookie Sweep
02:27: Registry Sweep Complete, Elapsed Time:00:00:14
02:27: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hbinstie.dll\ (ID = 484423)
02:27: Found Adware: hotbar
02:27: Starting Registry Sweep
02:27: Memory Sweep Complete, Elapsed Time: 00:00:49
02:26: Starting Memory Sweep
02:26: Sweep initiated using definitions version 734
02:26: Spy Sweeper 5.0.7.1608 started
02:26: | Start of Session, samedi 18 novembre 2006 |
********
02:26: | End of Session, samedi 18 novembre 2006 |
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
02:25: Shield States
02:25: Spyware Definitions: 734
02:25: Spy Sweeper 5.0.7.1608 started
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
23:32: Shield States
23:32: Spyware Definitions: 734
23:31: Spy Sweeper 5.0.7.1608 started
22:38: | End of Session, vendredi 17 novembre 2006 |
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
22:38: Shield States
22:38: Spyware Definitions: 734
22:38: Spy Sweeper 5.0.7.1608 started
22:37: Program Version 5.0.7.1608 Using Spyware Definitions 734
Keylogger Shield: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: Off
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
22:32: Shield States
22:32: Spyware Definitions: 734
22:32: Spy Sweeper 5.0.7.1608 started
22:32: Spy Sweeper 5.0.7.1608 started
22:32: | Start of Session, vendredi 17 novembre 2006 |
********
23:29: Deletion from quarantine completed. Elapsed time 00:00:00
23:29: Processing: xiti cookie
23:29: Processing: bluestreak cookie
23:29: Processing: atlas dmt cookie
23:29: Processing: serving-sys cookie
23:29: Processing: 2o7.net cookie
23:29: Processing: 2o7.net cookie
23:29: Processing: 3 cookie
23:29: Processing: adultfriendfinder cookie
23:29: Processing: mediaplex cookie
23:29: Processing: hotbar
23:29: Deletion from quarantine initiated
23:27: Removal process completed. Elapsed time 00:00:10
23:27: Quarantining All Traces: xiti cookie
23:27: Quarantining All Traces: serving-sys cookie
23:27: Quarantining All Traces: mediaplex cookie
23:27: Quarantining All Traces: bluestreak cookie
23:27: Quarantining All Traces: atlas dmt cookie
23:27: Quarantining All Traces: adultfriendfinder cookie
23:27: Quarantining All Traces: 3 cookie
23:27: Quarantining All Traces: 2o7.net cookie
23:27: Quarantining All Traces: hotbar
23:27: Removal process initiated
23:12: Traces Found: 15
23:12: Full Sweep has completed. Elapsed time 00:34:11
23:12: File Sweep Complete, Elapsed Time: 00:32:48
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\mdia5933@hotmail.com\dfsr\staging\cs{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}\01\10-{b8b1d99a-9f24-cc8b-6649-da61f7dd9990}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v10-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lil.gomez@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{6fff49c6-9df4-0108-615c-e17dcd0ed126}\01\10-{6fff49c6-9df4-0108-615c-e17dcd0ed126}-v1-{5ae71116-dcee-40e7-9bad-5962bb436574}-v10-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\01\13-{328f2f6c-1fcd-b1ac-a256-795cb0da7402}-v1-{7116df02-71bb-4a95-9529-1038fd2940e6}-v13-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\14\17-{7116df02-71bb-4a95-9529-1038fd2940e6}-v14-{7116df02-71bb-4a95-9529-1038fd2940e6}-v17-downloaded.frx (ID = 0)
22:55: c:\documents and settings\kao kezie bernardin\local settings\application data\microsoft\messenger\lady-cassius@hotmail.fr\sharingmetadata\nivia@hotmail.fr\dfsr\staging\cs{328f2f6c-1fcd-b1ac-a256-795cb0da7402}\16\18-{7116df02-71bb-4a95-9529-1038fd2940e6}-v16-{7116df02-71bb-4a95-9529-1038fd2940e6}-v18-downloaded.frx (ID = 0)
22:55: Found System Monitor: potentially rootkit-masked files
22:55: Warning: Failed to access drive D:
22:39: Starting File Sweep
22:39: Cookie Sweep Complete, Elapsed Time: 00:00:02
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@xiti[1].txt (ID = 3717)
22:39: Found Spy Cookie: xiti cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@serving-sys[1].txt (ID = 3343)
22:39: Found Spy Cookie: serving-sys cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@msnportal.112.2o7[1].txt (ID = 1958)
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@mediaplex[1].txt (ID = 6442)
22:39: Found Spy Cookie: mediaplex cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@bluestreak[2].txt (ID = 2314)
22:39: Found Spy Cookie: bluestreak cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@atdmt[2].txt (ID = 2253)
22:39: Found Spy Cookie: atlas dmt cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@adultfriendfinder[2].txt (ID = 2165)
22:39: Found Spy Cookie: adultfriendfinder cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@85.17.3[1].txt (ID = 1960)
22:39: Found Spy Cookie: 3 cookie
22:39: c:\documents and settings\kao kezie bernardin\cookies\kao kezie bernardin@2o7[1].txt (ID = 1957)
22:39: Found Spy Cookie: 2o7.net cookie
22:39: Starting Cookie Sweep
22:39: Registry Sweep Complete, Elapsed Time:00:00:15
22:39: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hbinstie.dll\ (ID = 484423)
22:39: Found Adware: hotbar
22:39: Starting Registry Sweep
22:39: Memory Sweep Complete, Elapsed Time: 00:00:49
22:38: Starting Memory Sweep
22:38: Sweep initiated using definitions version 734
22:38: Spy Sweeper 5.0.7.1608 started
22:38: | Start of Session, vendredi 17 novembre 2006 |
********
Dénonce ton infection (Vundo) pour faire condamner les auteurs, ça serait sympa.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection.
AIDE : Comment rapporter son infection sur Malware-Complaints ?
Consulte cette page pour éviter que ces problèmes ne réapparaissent pas.
Lassé par la pub ? Créez un compte
- Contenus similaires :
