PDA

View Full Version : win32.agent.pz



vinngambini
2008-04-12, 20:22
hi
i have some problem to remove win32.agent.pz,
i try spybot in safe mode , hijacktjis ,ccleaner , avast and spyware terminator .

problem start when i stop internet acces to system32\wsnpoem\video.dll

natos.exe ...

i try to remove the corrupt file but ...dont work even in safe mode

for the rapport ...could try but its on my other computer and i disconcet from internet...
look to be hard to remove ?!

vinngambini
2008-04-12, 21:00
its the log
and real time protection stop wspoem.\video.dll

vinngambini
2008-04-12, 21:05
Logfile of Spyware Terminator v2.1.1.314 (db:1.0.166.922)
Scan Time: 2008-04-12 13:27:07 length: 271 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 10433 (Critical:3)
Filter: No System items, No Safe items, No Invalid items

Running Processes
:
:
vsmon.exe [Zone Labs, LLC] : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
vsmon.exe [Zone Labs, LLC] : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
vsmon.exe [Zone Labs, LLC] : C:\WINDOWS\system32\ZoneLabs\vsmon.exe
jusched.exe [Sun Microsystems, Inc.] : C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
TeaTimer.exe [Safer Networking Limited] : C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
SpybotSD.exe [Safer Networking Limited] : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.fr
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

Toolbars
03 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - :

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SpybotSD TeaTimer : [Safer Networking Limited] : C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Yahoo! Pager : [Yahoo! Inc.] : C:\Program Files\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateSched : [Sun Microsystems, Inc.] : C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

Shell Extensions
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll
avast - {472083B0-C522-11CF-8763-00608CC02F24} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll
Mes dossiers de partage - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
ZLAVShExt Class - {D9872D13-7651-4471-9EEE-F0A00218BEBB} - [Zone Labs, LLC] : C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
YMailShellExt Class - {5464D816-CF16-4784-B9F3-75C0DB52B499} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Common\ymmapi.dll

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

Services
23 - [3dfx Interactive, Inc.] : C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys
23 - [ ] : C:\WINDOWS\system32\DRIVERS\a347bus.sys
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [ALWIL Software] : C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\klif.sys
23 - [Zone Labs, LLC] : C:\WINDOWS\system32\ZoneLabs\srescan.sys
23 - [Promise Technology, Inc.] : C:\WINDOWS\system32\DRIVERS\ultra.sys
23 - [Zone Labs, LLC] : C:\WINDOWS\system32\vsdatant.sys

Threat Files
<Trojan.Spy.Bancos.aam.1> : C:\WINDOWS\system32\wsnpoem\audio.dll
<Trojan.Spy.Bancos.aam.1> : C:\WINDOWS\system32\wsnpoem\video.dll

Advanced Files Report
%SYSDIR%\EBPMON24.DLL [SEIKO EPSON CORPORATION] [EPSON Bi-directional Printer] MD5=5C74D14D60B903DDBD4FDF630EFF21ED SIZE=72825
%SYSDIR%\ZoneLabs\vsmon.exe [Zone Labs, LLC] [TrueVector Service] MD5=4BB7862806BEA6BF50D618C5D593ED54 SIZE=75304
%PROGRAMFILES%\Spybot - Search & Destroy\advcheck.dll [Safer Networking Limited] [Spybot - Search & Destroy] MD5=4DD0DB402AC1F3F340AF64433B21ED3B SIZE=915280
%PROGRAMFILES%\Spybot - Search & Destroy\SpybotSD.exe [Safer Networking Limited] [SpyBot-S&D] MD5=2ECA8CDEED7C82F879E766DA92A3561A SIZE=5146448
%PROGRAMFILES%\Spybot - Search & Destroy\Tools.dll [Safer Networking Limited] [Spybot - Search & Destroy] MD5=67CF4769A8B462A6D70D2A14029E0A24 SIZE=836432
%PROGRAMFILES%\Spybot - Search & Destroy\APORTS.DLL [SmartLine Inc.] [Active Ports] MD5=279A23F355D2473022F8117272F5E73E SIZE=34472
%PROGRAMFILES%\Spybot - Search & Destroy\Plugins\Chai.dll [] MD5=DDD2BFF569E29E44DABA708B72203A15 SIZE=790392
%PROGRAMFILES%\Spybot - Search & Destroy\Plugins\Fennel.dll [] MD5=4EBD1EC62AC4CF53DB91BDD25ACFDA51 SIZE=795520
%PROGRAMFILES%\Spybot - Search & Destroy\Plugins\Mate.dll [] MD5=578F846D048D278230222964294CC282 SIZE=717176
%PROGRAMFILES%\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll [] MD5=E5E95EDC3546821AE025D4A4726986C0 SIZE=121344
%SYSDIR%\Userinit.exe,%SYSDIR%\ntos.exe, []
deskpan.dll []
%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=3552CBED461D5309E86B640AD40C7F3E SIZE=120832
%PROGRAMFILES%\Alcohol Soft\Alcohol 120\AXShlEx.dll [Alcohol Soft Development Team] [Alcohol ShellEx] MD5=0C1D3CA7D2C8A48AB01DFA958E150169 SIZE=387584
%PROGRAMFILES%\Windows Live\Messenger\fsshext.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=8BDE1F61DFBAAE7A2916170E8B75FE0F SIZE=329240
%PROGRAMFILES%\Zone Labs\ZoneAlarm\zlavscan.dll [Zone Labs, LLC] [zlavscan shell extension] MD5=63BCAFE0C48D4E859E318653ACA6B555 SIZE=50664
%PROGRAMFILES%\Yahoo!\Common\ymmapi.dll [Yahoo! Inc.] [YMMAPI Module] MD5=A0C86DB296BBE76145377D56C5975175 SIZE=190496
%SYSDIR%\DRIVERS\3dfxvsm.sys [3dfx Interactive, Inc.] [3dfx Interactive VSA Series] MD5=B6BBE5503E6460BDFA2AECB972A07C1A SIZE=148352
%SYSDIR%\svchost.exe -k netsvcs []
%SYSDIR%\DRIVERS\a347bus.sys [ ] [ ] MD5=1F61CACACB521215F39061789147968C SIZE=160640
%SYSDIR%\DRIVERS\aswFsBlk.sys [ALWIL Software] [avast! Antivirus System] MD5=838255D6EF1CA0A4F6B076F6D3425850 SIZE=20560
%SYSDIR%\svchost -k DcomLaunch []
%SYSDIR%\svchost.exe -k NetworkService []
%SYSDIR%\DRIVERS\klif.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=2CF7C3DD0102A32A680EF97F3B1C861A SIZE=127768
%SYSDIR%\svchost.exe -k LocalService []
%SYSDIR%\svchost -k rpcss []
%SYSDIR%\ZoneLabs\srescan.sys [Zone Labs, LLC] [srescanner] MD5=EC4240C219452982A02391E2599AD043 SIZE=51176
%SYSDIR%\DRIVERS\ultra.sys [Promise Technology, Inc.] [Gestionnaire de miniport ULTRA66 de Promise pour Windows NT] MD5=1B698A51CD528D8DA4FFAED66DFC51B9 SIZE=36736
%SYSDIR%\vsdatant.sys [Zone Labs, LLC] [TrueVector Device Driver] MD5=F08178AF47F7A2ABFAB0A4F5FC5C885F SIZE=394952
%SYSDIR%\ZoneLabs\vsmon.exe -service []
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll [Microsoft Corporation] [Messenger] MD5=56319E6B4D190A2DEB4463A9CE4D4F74 SIZE=66072
%PROGRAMFILES%\flashget\Default.bk1 [] SIZE=11604
%PROGRAMFILES%\flashget\Default.bk2 [] SIZE=11451
%PROGRAMFILES%\flashget\Default.bk3 [] SIZE=11451
%PROGRAMFILES%\flashget\Default.jcd [] SIZE=11604
%PROGRAMFILES%\flashget\Default.jcd.bak [] SIZE=11604
%PROGRAMFILES%\flashget\default1.GIF [] SIZE=8119
%PROGRAMFILES%\flashget\flashget.chm [] SIZE=209239
%PROGRAMFILES%\flashget\flashget.exe.manifest [] SIZE=546
%PROGRAMFILES%\flashget\INSTALL.LOG [] MD5=C2660B0130C0C668D73F156EA72E9B87 SIZE=5093
%PROGRAMFILES%\flashget\jc_all.htm [] SIZE=575
%PROGRAMFILES%\flashget\jc_link.htm [] SIZE=1898
%PROGRAMFILES%\flashget\License.txt [] SIZE=4384
%PROGRAMFILES%\flashget\mirrors.lst [] MD5=56DE5B587A41D621C91DC8D5CB4C597E SIZE=38584
%PROGRAMFILES%\flashget\mymirror.lst [] SIZE=1211
%PROGRAMFILES%\flashget\Normal.jcs [] SIZE=465
%PROGRAMFILES%\flashget\Readme.txt [] SIZE=3569
%PROGRAMFILES%\flashget\Start.cdi [] SIZE=132
%PROGRAMFILES%\flashget\Table.jcs [] SIZE=599
%PROGRAMFILES%\flashget\unreg.inf [] SIZE=1269
%PROGRAMFILES%\flashget\whatsnew.txt [] SIZE=11718
%PROGRAMFILES%\flashget\language\jcbul.ini [] SIZE=32172
%PROGRAMFILES%\flashget\language\jccat.ini [] SIZE=33195
%PROGRAMFILES%\flashget\language\jcchs.ini [] SIZE=22849
%PROGRAMFILES%\flashget\language\jccht.ini [] SIZE=23757
%PROGRAMFILES%\flashget\language\jccze.ini [] SIZE=29947
%PROGRAMFILES%\flashget\language\jcdax.ini [] SIZE=27116
%PROGRAMFILES%\flashget\language\jcdeu.ini [] SIZE=33009
%PROGRAMFILES%\flashget\language\jcell.ini [] SIZE=33613
%PROGRAMFILES%\flashget\language\jceng.ini [] SIZE=29588
%PROGRAMFILES%\flashget\language\jcesp.ini [] SIZE=38056
%PROGRAMFILES%\flashget\language\jcfin.ini [] SIZE=30931
%PROGRAMFILES%\flashget\language\jcfra.ini [] MD5=3D8B45BDC6E2C057B8CDE854698AAA88 SIZE=32395
%PROGRAMFILES%\flashget\language\jcheb.ini [] SIZE=26336
%PROGRAMFILES%\flashget\language\jchun.ini [] SIZE=29879
%PROGRAMFILES%\flashget\language\jcita.ini [] SIZE=34151
%PROGRAMFILES%\flashget\language\jcjpn.ini [] SIZE=34808
%PROGRAMFILES%\flashget\language\jckor.ini [] SIZE=42899
%PROGRAMFILES%\flashget\language\jclat.ini [] MD5=D7BC57496EB4B711F1DCFAC6A83BDE91 SIZE=30765
%PROGRAMFILES%\flashget\language\jcltu.ini [] SIZE=30550
%PROGRAMFILES%\flashget\language\jcnld.ini [] SIZE=30865
%PROGRAMFILES%\flashget\language\jcnor.ini [] SIZE=29317
%PROGRAMFILES%\flashget\language\jcpls.ini [] SIZE=31896
%PROGRAMFILES%\flashget\language\jcpob.ini [] SIZE=33115
%PROGRAMFILES%\flashget\language\jcptp.ini [] SIZE=25563
%PROGRAMFILES%\flashget\language\jcrom.ini [] SIZE=31414
%PROGRAMFILES%\flashget\language\jcrus.ini [] SIZE=31508
%PROGRAMFILES%\flashget\language\jcslo.ini [] SIZE=29921
%PROGRAMFILES%\flashget\language\jcsrl.ini [] SIZE=30335
%PROGRAMFILES%\flashget\language\jcsvk.ini [] SIZE=31089
%PROGRAMFILES%\flashget\language\jcswe.ini [] SIZE=24351
%PROGRAMFILES%\flashget\language\jcthi.ini [] SIZE=29006
%PROGRAMFILES%\flashget\language\jctur.ini [] SIZE=30508
%PROGRAMFILES%\flashget\language\jcukr.ini [] SIZE=31201
%PROGRAMFILES%\flashget\Skin\ImageBk.ini [] MD5=6EF09A0AF06776915CE50E4FA62976C8 SIZE=393
%PROGRAMFILES%\flashget\Skin\Leftback.jpg [] MD5=73A301887CC14399C8C15944374F3AE4 SIZE=1310
%PROGRAMFILES%\flashget\Skin\logo_bg.gif [] SIZE=1743
%PROGRAMFILES%\flashget\Skin\Normal.ini [] MD5=99B86843398484AC3DF863E4DC478254 SIZE=535
%PROGRAMFILES%\flashget\Skin\Sky(Gradient).ini [] SIZE=449
%PROGRAMFILES%\flashget\Skin\TestBk.jpg [] SIZE=54663
%PROGRAMFILES%\flashget\Skin\XP_Luna(Gradient).ini [] SIZE=431
%PROGRAMFILES%\flashget\Skin\XP_Luna.ini [] SIZE=405
%PROGRAMFILES%\flashget\sounds\added.wav [] SIZE=25866
%PROGRAMFILES%\flashget\sounds\all_done.wav [] SIZE=20970
%PROGRAMFILES%\flashget\sounds\done.wav [] SIZE=25220
%PROGRAMFILES%\flashget\sounds\error.wav [] SIZE=15456
%PROGRAMFILES%\Alwil Software\Avast4\AavmGuih.dll [] MD5=B298CA699B6A1A5AE76D8E80B38E7366 SIZE=188416
%PROGRAMFILES%\Alwil Software\Avast4\ashAvast.exe [] SIZE=271736
%PROGRAMFILES%\Alwil Software\Avast4\ashBug.exe [] SIZE=128376
%PROGRAMFILES%\Alwil Software\Avast4\ashCfgP.dll [] MD5=4BAEB62A50BC5CE296593FC160EA4F8A SIZE=98304
%PROGRAMFILES%\Alwil Software\Avast4\ashCfgT.dll [] MD5=06BF4C8E359355357A4494E2E19D0FFE SIZE=135168
%PROGRAMFILES%\Alwil Software\Avast4\ashChest.dll [] MD5=1C751CA084E779110776A27541E35F53 SIZE=151552
%PROGRAMFILES%\Alwil Software\Avast4\ashChest.exe [] SIZE=66936
%PROGRAMFILES%\Alwil Software\Avast4\ashCnsnt.exe [] SIZE=52088
%PROGRAMFILES%\Alwil Software\Avast4\ashLogV.exe [] SIZE=49016
%PROGRAMFILES%\Alwil Software\Avast4\ashOutXt.dll [] SIZE=202104
%PROGRAMFILES%\Alwil Software\Avast4\ashPopWz.exe [] SIZE=206200
%PROGRAMFILES%\Alwil Software\Avast4\ashQuick.exe [] SIZE=279928
%PROGRAMFILES%\Alwil Software\Avast4\ashShA64.dll [] SIZE=78152
%PROGRAMFILES%\Alwil Software\Avast4\ashSimp2.exe [] SIZE=128376
%PROGRAMFILES%\Alwil Software\Avast4\ashSimpl.exe [] SIZE=157048
%PROGRAMFILES%\Alwil Software\Avast4\ashSkPcc.exe [] MD5=7972EF8E1A993E5ECCA6D34866A3EA28 SIZE=18432
%PROGRAMFILES%\Alwil Software\Avast4\ashSkPck.exe [] MD5=441EDEF2FCD3A4CC33106E42A3619DFD SIZE=61440
%PROGRAMFILES%\Alwil Software\Avast4\ashSODBC.dll [] MD5=B093CC21ACF2E6396AD4164D1C101191 SIZE=53248
%PROGRAMFILES%\Alwil Software\Avast4\ashSXML.dll [] MD5=6F2A72367BB775F29C5B4307D926AE63 SIZE=48128
%PROGRAMFILES%\Alwil Software\Avast4\ashUpd.exe [] SIZE=66936
%PROGRAMFILES%\Alwil Software\Avast4\aswMonDS.sys [] MD5=5D21DAB328BD38D368FF00B996619B0D SIZE=706
%PROGRAMFILES%\Alwil Software\Avast4\aswMonVD.dll [] SIZE=3452
%PROGRAMFILES%\Alwil Software\Avast4\aswRawFS.dll [] MD5=1D52061EBB53917D50141FC72FC6653D SIZE=294912
%PROGRAMFILES%\Alwil Software\Avast4\aswRegSvr.exe [] MD5=3E0589CE378E6146CCBF2E3B1AD0027A SIZE=22016
%PROGRAMFILES%\Alwil Software\Avast4\aswRunDll.exe [] SIZE=91512
%PROGRAMFILES%\Alwil Software\Avast4\AVASTSS.scr [] SIZE=95608
%PROGRAMFILES%\Alwil Software\Avast4\avCommEx.dll [] MD5=FC0367518D0E68C7AC3F54A31BEB1421 SIZE=106496
%PROGRAMFILES%\Alwil Software\Avast4\AVSSHOOK.dll [] SIZE=12152
%PROGRAMFILES%\Alwil Software\Avast4\copyx64.exe [] MD5=29FAF13A342E91288C01BB4EEFC4C023 SIZE=2560
%PROGRAMFILES%\Alwil Software\Avast4\DefTasks.xml [] SIZE=21119
%PROGRAMFILES%\Alwil Software\Avast4\sched.exe [] SIZE=66936
%PROGRAMFILES%\Alwil Software\Avast4\unacev2.dll [] MD5=A07CCC76AE1D3C6B9ED3D409C0536CF9 SIZE=75776
%PROGRAMFILES%\Alwil Software\Avast4\VisthAux.exe [] SIZE=66936
%PROGRAMFILES%\Alwil Software\Avast4\VisthLic.exe [] SIZE=51576
%PROGRAMFILES%\Alwil Software\Avast4\VisthUpd.exe [] SIZE=51576
%PROGRAMFILES%\Alwil Software\Avast4\wdp-ash-updscript.vbs [] MD5=F9FC886A1AD988706A5491CF5B17CF6C SIZE=1159
%PROGRAMFILES%\Alwil Software\Avast4\DATA\400.vps [] SIZE=13210894
%PROGRAMFILES%\Alwil Software\Avast4\DATA\aswar0.dll [] SIZE=169336
%PROGRAMFILES%\Alwil Software\Avast4\DATA\aswResp.dat []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\Avast4.db [] MD5=78E0223BC9146471733A6D421BF8B8FA SIZE=52224
%PROGRAMFILES%\Alwil Software\Avast4\DATA\avast4.ini [] MD5=73BE1F90A7E9A8691636D35ACC164F73 SIZE=10754
%PROGRAMFILES%\Alwil Software\Avast4\DATA\clnr0.dll [] SIZE=391216
%PROGRAMFILES%\Alwil Software\Avast4\DATA\dllcc0.dat [] SIZE=263672
%PROGRAMFILES%\Alwil Software\Avast4\DATA\exts0.dll [] SIZE=9080
%PROGRAMFILES%\Alwil Software\Avast4\DATA\iNews.htm [] SIZE=70766
%PROGRAMFILES%\Alwil Software\Avast4\DATA\iNewsEx.htm [] SIZE=62082
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000001 [] SIZE=1048584
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000002 [] SIZE=2872
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000003 [] SIZE=25096
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000006 [] SIZE=839698
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000007 [] SIZE=19464
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000008 [] SIZE=35848
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000009 [] SIZE=57352
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\0000000A [] MD5=E65AAF7B552D9F9BAC7A9597C02D1D6C SIZE=45064
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\0000000B [] SIZE=40968
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\0000000C [] SIZE=111867
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\0000000D [] SIZE=32776
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\0000000E [] SIZE=32776
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\0000000F [] SIZE=441
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000010 [] SIZE=443
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000011 [] SIZE=164401997
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000012 [] MD5=7FF0B2994C080D4180BEC2FD2628B14C SIZE=13320
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000013 [] SIZE=32776
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\00000014 [] SIZE=19976
%PROGRAMFILES%\Alwil Software\Avast4\DATA\chest\index.xml [] SIZE=7103
%PROGRAMFILES%\Alwil Software\Avast4\DATA\integ\avast.int [] SIZE=5712360
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\AshWebSv.ws []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\AshWebSv.ws.ori [] SIZE=2113
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\aswBoot.log [] SIZE=1842
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\aswMaiSv.log [] SIZE=1073
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\aswMaiSv.ori [] SIZE=1112
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\Error.log [] MD5=BF44EB9303FF2DCD6B8BF97302A1A762 SIZE=627
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\Notice.log [] SIZE=5782
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\nshield.log [] MD5=4BAFA4618AA320A97DF105F2BD7484D8 SIZE=994
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\Setup.log [] SIZE=4235276
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp130333027.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp154542178.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp174605150.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp176561473.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp207959168.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp230023023.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp37156158.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp51772263.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp57777590.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\unp77054290.tmp.mdmp []
%PROGRAMFILES%\Alwil Software\Avast4\DATA\log\Warning.log [] SIZE=27539
%PROGRAMFILES%\Alwil Software\Avast4\DATA\report\aswBoot.txt [] SIZE=1459
%PROGRAMFILES%\Alwil Software\Avast4\DATA\report\avast.xsl [] SIZE=9773
%PROGRAMFILES%\Alwil Software\Avast4\DATA\report\background.gif [] SIZE=94
%PROGRAMFILES%\Alwil Software\Avast4\DATA\report\logo.gif [] SIZE=5330
%PROGRAMFILES%\Alwil Software\Avast4\DATA\report\Protection résidente.txt [] SIZE=19189
%PROGRAMFILES%\Alwil Software\Avast4\DATA\Skin\low res.asws [] SIZE=660838
%PROGRAMFILES%\Alwil Software\Avast4\DATA\Skin\silver panel.asws [] SIZE=1199983
%PROGRAMFILES%\Alwil Software\Avast4\DATA\Skin\SZC-KDE.asws [] SIZE=2219511
%PROGRAMFILES%\Alwil Software\Avast4\DATA\Skin\__snake.aswf [] SIZE=8096
%PROGRAMFILES%\Alwil Software\Avast4\DATA\Skin\__strike.aswf [] MD5=59C627D632093022F1ABE6219F44734E SIZE=7680
%PROGRAMFILES%\Alwil Software\Avast4\DATA\Skin\__vizer.aswf [] SIZE=6816
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\aswClnTg.htm [] SIZE=406
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\aswClnTg.txt [] SIZE=224
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\aswInfTg.htm [] SIZE=638
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\aswInfTg.txt [] SIZE=456
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\Boot.dll [] MD5=29501BCA0471D364AFBD8C3FF1700518 SIZE=17920
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\ENHANCED.HTM [] SIZE=6717
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\hover.wav [] SIZE=1184
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\License.txt [] SIZE=6181
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\malfound.wav [] SIZE=84130
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\press.wav [] SIZE=2426
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\Readme.txt [] SIZE=1945
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\ready.wav [] SIZE=10970
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\suspic.wav [] SIZE=140020
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\virfound.gif [] MD5=C3EF1339C2F39B8B3FBC16DB8639BB5D SIZE=22302
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\virfound.wav [] SIZE=246944
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\vpsupd.wav [] SIZE=124948
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HELP\CheckListSimple.chm [] SIZE=13936
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HELP\help.chm [] SIZE=196615
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\11001.htm [] SIZE=1747
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\400.htm [] SIZE=1538
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\401.htm [] SIZE=1694
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\407.htm [] SIZE=1673
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\502.htm [] SIZE=1736
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\504.htm [] SIZE=1777
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\Blocked.htm [] SIZE=2112
%PROGRAMFILES%\Alwil Software\Avast4\FRENCH\HtmlData\image001.gif [] SIZE=2817
%PROGRAMFILES%\Alwil Software\Avast4\images\background.bmp [] SIZE=182
%PROGRAMFILES%\Alwil Software\Avast4\images\chest.gif [] SIZE=2882
%PROGRAMFILES%\Alwil Software\Avast4\images\lense.gif [] SIZE=2910
%PROGRAMFILES%\Alwil Software\Avast4\images\logo.gif [] MD5=4E40B14F68348A0F8E5E411819037401 SIZE=627
%PROGRAMFILES%\Alwil Software\Avast4\images\main_01.jpg [] SIZE=3254
%PROGRAMFILES%\Alwil Software\Avast4\images\main_02.jpg [] SIZE=377
%PROGRAMFILES%\Alwil Software\Avast4\images\oranz.gif [] MD5=B5181C903D37A6E04B625A13B67F5503 SIZE=59
%PROGRAMFILES%\Alwil Software\Avast4\images\resident.gif [] SIZE=2601
%PROGRAMFILES%\Alwil Software\Avast4\images\setting.gif [] SIZE=3020
%PROGRAMFILES%\Alwil Software\Avast4\images\slogan.gif [] SIZE=1413
%PROGRAMFILES%\Alwil Software\Avast4\images\spacer.gif [] SIZE=43
%PROGRAMFILES%\Alwil Software\Avast4\images\update.gif [] MD5=EE5C3B511CA0F5ABBDF4B07F8C687F7C SIZE=3110
%PROGRAMFILES%\Alwil Software\Avast4\images\virusdat.gif [] SIZE=3135
%PROGRAMFILES%\Alwil Software\Avast4\Setup\avast.setup [] SIZE=2514992
%PROGRAMFILES%\Alwil Software\Avast4\Setup\avscan-30d.vpu [] SIZE=844740
%PROGRAMFILES%\Alwil Software\Avast4\Setup\av_pro_core-439.vpu [] SIZE=4337508
%PROGRAMFILES%\Alwil Software\Avast4\Setup\av_pro_dll40c-8c.vpu [] SIZE=1318283
%PROGRAMFILES%\Alwil Software\Avast4\Setup\av_pro_hlp40c-214.vpu [] SIZE=192692
%PROGRAMFILES%\Alwil Software\Avast4\Setup\av_pro_skins-14.vpu [] SIZE=440614
%PROGRAMFILES%\Alwil Software\Avast4\Setup\jollyroger.vpu [] SIZE=22752
%PROGRAMFILES%\Alwil Software\Avast4\Setup\jrog-34.vpu [] SIZE=26985
%PROGRAMFILES%\Alwil Software\Avast4\Setup\news409-32.vpu [] SIZE=11490
%PROGRAMFILES%\Alwil Software\Avast4\Setup\part-jrog-34.vpu [] SIZE=311
%PROGRAMFILES%\Alwil Software\Avast4\Setup\part-news-4b.vpu [] SIZE=217
%PROGRAMFILES%\Alwil Software\Avast4\Setup\part-prg_av_pro-491.vpu [] SIZE=7275
%PROGRAMFILES%\Alwil Software\Avast4\Setup\part-setup_av_pro-491.vpu [] SIZE=278
%PROGRAMFILES%\Alwil Software\Avast4\Setup\part-vps-8040801.vpu [] SIZE=657
%PROGRAMFILES%\Alwil Software\Avast4\Setup\prod-av_pro.vpu [] MD5=5C8E3FB0D32CC6CAB503CDA8E80BCEA5 SIZE=640
%PROGRAMFILES%\Alwil Software\Avast4\Setup\servers.def [] SIZE=35943
%PROGRAMFILES%\Alwil Software\Avast4\Setup\servers.def.lkg [] SIZE=35943
%PROGRAMFILES%\Alwil Software\Avast4\Setup\servers.def.vpu [] SIZE=2294
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setiface.dll [] SIZE=127024
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setiface.ovr [] SIZE=127024
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setif_av_pro-491.vpu [] SIZE=65340
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setup.ini [] SIZE=1104
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setup.log [] SIZE=3173831
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setup.ovr [] SIZE=2514992
%PROGRAMFILES%\Alwil Software\Avast4\Setup\setup_av_pro-491.vpu [] SIZE=674275
%PROGRAMFILES%\Alwil Software\Avast4\Setup\summary.txt [] SIZE=176
%PROGRAMFILES%\Alwil Software\Avast4\Setup\vps-8040800.vpu [] SIZE=13210747
%PROGRAMFILES%\Alwil Software\Avast4\Setup\vpsm-8040801.vpu [] SIZE=337
%PROGRAMFILES%\Alwil Software\Avast4\Setup\winsys-2.vpu [] SIZE=313181
%PROGRAMFILES%\Alwil Software\Avast4\Setup\winsysgui-2.vpu [] SIZE=681352
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AavmKer4.inf [] SIZE=1683
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\Aavmker4.sys [] SIZE=26944
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\aswFsBlk.inf [] SIZE=2343
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\aswFsBlk.sys [] SIZE=20560
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\aswMon.sys [] SIZE=93264
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AswMon2.inf [] MD5=25755B2AAB6C934C4E9ED32228ED722B SIZE=1677
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\aswMon2.sys [] SIZE=94544
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AswMonFlt.inf [] SIZE=2349
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\aswMonFlt.sys [] SIZE=50768
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AswRdr.sys [] MD5=99B7F5ACAEFB944C5528B39B5ED16810 SIZE=23152
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\aswSP.sys [] SIZE=75856
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AswTdi.sys [] SIZE=42912
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AMD64\Aavmker4.sys [] SIZE=25168
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AMD64\aswFsBlk.sys [] MD5=F27280F3AC877D750888AA97312AD2E2 SIZE=22608
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AMD64\aswMon2.sys [] SIZE=75856
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AMD64\aswMonFlt.sys [] SIZE=63056
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AMD64\aswRdr.sys [] SIZE=27216
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys [] SIZE=86608
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\AMD64\aswTdi.sys [] SIZE=48720
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\IA64\aswFsBlk.sys [] SIZE=41552
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\IA64\aswMonFlt.sys [] SIZE=135248
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\IA64\aswRdr.sys [] SIZE=55376
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\IA64\aswSP.sys [] SIZE=161360
%PROGRAMFILES%\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys [] SIZE=103504
%PROGRAMFILES%\WINCLAMAVSHIELD\COPYING [] SIZE=17991
%PROGRAMFILES%\WINCLAMAVSHIELD\daily.cvd [] SIZE=403990
%PROGRAMFILES%\WINCLAMAVSHIELD\main.cvd [] SIZE=13050207
%PROGRAMFILES%\WINCLAMAVSHIELD\Microsoft.VC80.CRT.manifest [] SIZE=522
%PROGRAMFILES%\WINCLAMAVSHIELD\msvcm80.dll [] MD5=CDCC63E967D64ECE3729246720AF4FCC SIZE=479232
%PROGRAMFILES%\WINCLAMAVSHIELD\msvcp80.dll [] MD5=2BC650257FB0867ABD54FD460EC2BAFC SIZE=548864
%PROGRAMFILES%\WINCLAMAVSHIELD\msvcr80.dll [] MD5=16D7DDF3B659F7CF1CB9F4DCFF4219F0 SIZE=626688
%PROGRAMFILES%\WINCLAMAVSHIELD\xClamAVServerSources.zip [] SIZE=5848
%PROGRAMFILES%\WINCLAMAVSHIELD\_readme.txt [] SIZE=709

End of Report


Déplacement en quarantaine:

Préparation…
Quarantaine Trojan.Spy.Bancos.aam.1
Le déplacement du fichier a échoué. (Failed) : C:\WINDOWS\system32\wsnpoem\audio.dll
La suppression du fichier a échoué.: C:\WINDOWS\system32\wsnpoem\audio.dll
Les fichiers sélectionnés ont été déplacés.: C:\WINDOWS\system32\wsnpoem\video.dll
Supprimer le répertoire: C:\WINDOWS\system32\wsnpoem\
Suppression du dossier échouée: C:\WINDOWS\system32\wsnpoem\
Analyse(s) terminée(s)

vinngambini
2008-04-12, 21:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:33, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?6cb2042bada1471a9b10e41617129e4e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1201739244718
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201671693453
O17 - HKLM\System\CCS\Services\Tcpip\..\{456B4946-B561-4206-98F1-CCBBEDAF1231}: NameServer = 172.26.160.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3F8B5EE-F12C-4669-BCD8-1B682AE0F24A}: NameServer = 172.26.160.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC5C70BC-DE2B-4E12-A5A0-479CFE09B036}: NameServer = 206.47.244.89 206.47.244.61
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7060 bytes

vinngambini
2008-04-12, 22:50
--- Search result list ---
Win32.Agent.pz: [SBI $B40811A5] Réglages (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit=...C:\WINDOWS\system32\ntos.exe,...

Win32.Agent.pz: [SBI $3889C81D] Dossier Programme (Répertoire, nothing done)
C:\WINDOWS\system32\wsnpoem\

Win32.Agent.pz: [SBI $689A946A] Bibliothèque (Fichier, nothing done)
C:\WINDOWS\system32\wsnpoem\audio.dll

Win32.Agent.pz: [SBI $D372DFBA] Bibliothèque (Fichier, nothing done)
C:\WINDOWS\system32\wsnpoem\video.dll

Win32.Agent.pz: [SBI $ED4906DB] Réglages (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\{F710FA10-2031-3106-8872-93A2B5C5C620}

Win32.Agent.pz: [SBI $7EC6899E] Réglages (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $8980C6CD] Réglages (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Network\UID

Win32.Agent.pz: [SBI $0F1C75F7] Réglages (Valeur du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID

Common Dialogs: History (2 files) (Clé du registre, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (6 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1482476501-1035525444-1547161642-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (11 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1482476501-1035525444-1547161642-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1482476501-1035525444-1547161642-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1482476501-1035525444-1547161642-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: Cookie (7) (Cookie, nothing done)


Cache: Cache (181) (Cache, nothing done)


History: Historique (35) (Historique, nothing done)



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-02-13 unins000.exe (51.41.0.0)
2008-02-13 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-04-02 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-02 Includes\DialerC.sbi (*)
2008-04-02 Includes\HeavyDuty.sbi (*)
2008-03-19 Includes\Hijackers.sbi (*)
2008-04-02 Includes\HijackersC.sbi (*)
2008-02-27 Includes\Keyloggers.sbi (*)
2008-04-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-03-26 Includes\Malware.sbi (*)
2008-04-02 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-02 Includes\PUPSC.sbi (*)
2008-04-02 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-02 Includes\SecurityC.sbi (*)
2008-04-02 Includes\Spybots.sbi (*)
2008-04-02 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti (*)
2008-04-02 Includes\Trojans.sbi (*)
2008-04-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)


--- Startup entries list ---
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: E1E4780C87DACC69BE77DA4A1B3EC692

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, SpywareTerminator
command: "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
file: C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
size: 2957824
MD5: B9771925BFB1414ECB05C3E4CC32D65F

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 6B632BE30A0930421560A9A9C677ABD4

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1482476501-1035525444-1547161642-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, Yahoo! Pager
where: S-1-5-21-1482476501-1035525444-1547161642-500...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4670704
MD5: C7048E3DD4D9FA3AF7BC2747EF5C433F

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 2008-03-10 02:20:46
Date (last access): 2008-04-12 14:42:12
Date (last write): 2006-10-26 10:28:40
Filesize: 440384
Attributes: archive
MD5: 2785037CE05B63D5607C9D5DFB2FEEE4
CRC32: 9ED93A02
Version: 2006.10.26.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 2003-11-03 08:17:44
Date (last access): 2008-04-12 13:01:20
Date (last write): 2003-11-03 08:17:44
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\PROGRA~1\Crawler\
Long name: ctbr.dll
Short name:
Date (created): 2008-03-01 17:59:52
Date (last access): 2008-04-12 14:42:20
Date (last write): 2008-02-29 06:55:22
Filesize: 1152000
Attributes: archive
MD5: 95D8B2CDF110234C99E19A8EBBA87047
CRC32: 37A7A0D6
Version: 5.1.0.95

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 2008-02-13 20:50:04
Date (last access): 2008-04-12 14:45:32
Date (last write): 2008-01-28 11:43:28
Filesize: 1554256
Attributes: archive
MD5: 5248E02EFBCB64D328647CD00E384B85
CRC32: C1B426A9
Version: 1.5.0.11

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: ssv.dll
Short name:
Date (created): 2008-03-10 00:32:02
Date (last access): 2008-04-12 14:42:26
Date (last write): 2008-02-22 04:25:20
Filesize: 509328
Attributes: archive
MD5: 5B42CB6A121256465B251840FDB1B2FE
CRC32: 6EF0BCE9
Version: 6.0.50.13

{A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: IeCatch2 Class
description: FlashGet
classification: Open for discussion
known filename: Jccatch.dll
info link: http://www.amazesoft.com/
info source: TonyKlein
Path: C:\PROGRA~1\FlashGet\
Long name: Jccatch.dll
Short name:
Date (created): 2008-01-28 17:39:00
Date (last access): 2008-04-12 13:01:34
Date (last write): 2002-01-16 13:12:18
Filesize: 65536
Attributes: archive
MD5: F2FAFE3CB6412C89F43D88CCEBE308F3
CRC32: B1AEC78B
Version: 1.1.4.0

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 2006-09-27 17:45:28
Date (last access): 2008-04-12 14:42:30
Date (last write): 2006-09-27 17:45:28
Filesize: 544032
Attributes: archive
MD5: 3D97244F1254E41036458BCACB8FDA4F
CRC32: E6449E14
Version: 3.1.0.68



--- ActiveX list ---
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class)
DPF name:
CLSID name: DjVuCtl Class
Installer: C:\WINDOWS\Downloaded Program Files\DjVuLite.us.inf
Codebase: http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
description:
classification: Legitimate
known filename: DjVuCntl.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\LizardTech\DjVuControl\
Long name: DjVuCntl.dll
Short name:
Date (created): 2007-02-04 23:03:14
Date (last access): 1980-04-09 00:18:34
Date (last write): 2007-02-04 23:03:14
Filesize: 651264
Attributes: archive
MD5: 490276F2E85058202D98BB0D0ABC1095
CRC32: E9ADACE7
Version: 6.1.1.1574

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\Common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 2008-03-10 02:24:12
Date (last access): 1980-04-09 00:19:20
Date (last write): 2006-07-30 13:25:34
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class)
DPF name:
CLSID name: MUCatalogWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf
Codebase: http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1201739244718
Path: C:\WINDOWS\system32\
Long name: MicrosoftUpdateCatalogWebControl.dll
Short name: MICROS~1.DLL
Date (created): 2007-07-31 02:25:54
Date (last access): 2008-04-12 13:04:22
Date (last write): 2007-07-31 02:25:54
Filesize: 142696
Attributes: archive
MD5: 6F28C6D6022AD49B36ED3A9BA5368805
CRC32: 91F5EA19
Version: 7.0.6000.569

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201671693453
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 2008-01-28 17:13:58
Date (last access): 2008-04-12 13:04:34
Date (last write): 2007-07-30 19:19:46
Filesize: 203096
Attributes: archive
MD5: FD984F9BFC9C62BD6546BD183CE5ADE7
CRC32: 8092F837
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2008-02-22 02:33:32
Date (last access): 1980-04-08 20:51:40
Date (last write): 2008-02-22 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI142_05.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2004-06-03 16:05:06
Date (last access): 1980-04-08 20:48:52
Date (last write): 2004-06-03 16:05:06
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 1.4.2.50

{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_04
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_04\bin\
Long name: npjpi160_04.dll
Short name: NPJPI1~1.DLL
Date (created): 2007-12-14 01:59:16
Date (last access): 1980-04-08 20:50:14
Date (last write): 2007-12-14 03:42:38
Filesize: 132496
Attributes: archive
MD5: 58A1C3B13CC79E76F66CA6F8FED3B36A
CRC32: A4EACB48
Version: 6.0.40.12

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2008-02-22 02:33:32
Date (last access): 2008-04-12 14:45:52
Date (last write): 2008-02-22 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 2008-02-22 02:33:32
Date (last access): 2008-04-12 14:45:52
Date (last write): 2008-02-22 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 2007-11-20 19:04:14
Date (last access): 1980-04-12 12:39:48
Date (last write): 2007-11-20 19:04:14
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 564 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 640 ( 564) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 664 ( 564) \??\C:\WINDOWS\system32\winlogon.exe
size: 506368
PID: 708 ( 664) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 720 ( 664) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 880 ( 708) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 932 ( 708) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1012 ( 708) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1124 ( 708) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1148 ( 708) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1208 ( 708) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
size: 17272
MD5: 3CA72CEA90DF8DA569D35CEC89676749
PID: 1276 ( 708) C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 144760
MD5: 6A0A14F60654DF588F55160CB1B6DA8D
PID: 1476 ( 708) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: B4EF928E4FAD79364A80ACBA6D999934
PID: 1596 ( 708) C:\WINDOWS\system32\inetsrv\inetinfo.exe
size: 15872
MD5: 13F79611400A265D9F6931A42C9A3978
PID: 1668 ( 708) C:\WINDOWS\system32\tcpsvcs.exe
size: 19456
MD5: 50F22575C0FB5D85A9D41EF963610C32
PID: 1732 ( 708) C:\Program Files\Spyware Terminator\sp_rsser.exe
size: 1097216
MD5: C5C51BF81B6F5B787F6A69F70518C37C
PID: 1772 ( 708) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75304
MD5: 4BB7862806BEA6BF50D618C5D593ED54
PID: 232 ( 708) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
size: 247160
MD5: 7FBDDB77353D3EB6ABF70F8122292CEC
PID: 272 ( 708) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
size: 345464
MD5: A697E8A40037783358CD5A2CB5F532E0
PID: 368 ( 708) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 2428 (2328) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 998F3F568F6074A35AB08CD3395A9DC2
PID: 2628 (2428) C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
size: 144784
MD5: 836DC47E6CAD975304D1D3EB2F516A1C
PID: 2684 (2428) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 79224
MD5: E1E4780C87DACC69BE77DA4A1B3EC692
PID: 2720 (2428) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 6B632BE30A0930421560A9A9C677ABD4
PID: 2736 (2428) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
size: 2957824
MD5: B9771925BFB1414ECB05C3E4CC32D65F
PID: 2752 (2428) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
PID: 1928 (2768) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 1220 ( 880) C:\PROGRA~1\Crawler\CToolbar.exe
size: 1982312
MD5: 8997C8732211497DCA9C932AEAD0B729
PID: 3128 (2428) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: 833E2B3F0E2484C0F2B804AE871B4381
PID: 2508 (1276) C:\Program Files\Alwil Software\Avast4\setup\avast.setup
size: 2514992
MD5: 0B0A8EC0BFF9934F0E6C48548CFEC4A3
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 2008-04-12 14:46:06

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.fr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://runonce.msn.com/?v=msgrv75
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 7: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C3F8B5EE-F12C-4669-BCD8-1B682AE0F24A}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C3F8B5EE-F12C-4669-BCD8-1B682AE0F24A}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{456B4946-B561-4206-98F1-CCBBEDAF1231}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{456B4946-B561-4206-98F1-CCBBEDAF1231}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0834F89A-3979-454F-935C-54C8CDF85371}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{0834F89A-3979-454F-935C-54C8CDF85371}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3F8B5EE-F12C-4669-BCD8-1B682AE0F24A}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C3F8B5EE-F12C-4669-BCD8-1B682AE0F24A}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{456B4946-B561-4206-98F1-CCBBEDAF1231}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{456B4946-B561-4206-98F1-CCBBEDAF1231}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{135B2C0C-1370-4F46-AB67-8A80490E5871}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{135B2C0C-1370-4F46-AB67-8A80490E5871}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E557D743-3AEA-4D37-9776-A1E5DB6D825C}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E557D743-3AEA-4D37-9776-A1E5DB6D825C}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4155AF4D-1F2C-4A9E-AB57-D1FB4A05FE9B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4155AF4D-1F2C-4A9E-AB57-D1FB4A05FE9B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC5C70BC-DE2B-4E12-A5A0-479CFE09B036}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC5C70BC-DE2B-4E12-A5A0-479CFE09B036}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: Fournisseur d'espace de noms du nuage PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

Namespace Provider 4: Fournisseur d'espace de noms du nom PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename: C:\WINDOWS\system32\pnrpnsp.dll

vinngambini
2008-04-13, 05:42
i dont know wath to do whit this ...
i try to clean hijackthis ccleaner sdfix ???nothing work ??

spybot could not remove infection only remove some problem ...but always come back ??

realy need help !

vinngambini
2008-04-18, 07:30
ah !
mon virus ou cossin qui poluait mon ordi est parti !
jai chercher mais j ai reusit seul ! je peu pas dire quel progame ou quel ligne mais c est partie de mes ordi

merci pareille !
bonne chance au prochain chanceux qui va pogner cette merde !
jai passer au moin 3 jour dessus a tout essayer ........:spider::oops:


:lip: