Pc infecté de pub, PC rame...
Forum Sécurité - Virus : Pc infecté de pub, PC rame...
Bonjour,
Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux lorsque tu seras en mode sans échec.
Ton infection utilise le social engineering comme vecteur de propagation.
Pour en savoir plus sur les infections se propageant via MSN, clique **ICI**.
Télécharge MSNFix (de !aur3n7) sur ton Bureau :
Dézippe-le sur C:\ et redémarre en mode sans échec :
Redémarre l'ordinateur et dès qu'il commence à charger appuie continuellement sur la touche F8. Un menu devrait apparaitre où tu auras la possibilité de choisir le mode sans échec.
Note 1 : Si tu es sous Windows Vista, fais un clic droit sur le programme et choisis Exécuter en tant qu'Administrateur.
- Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat (L’extension bat peut ne pas apparaître).
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage (N).
- Si tu dois redémarrer l’ordinateur fais le manuellement.
- Poste le rapport situé dans le dossier MSNFix.
Note 2 : Le nom du rapport correspond à l'heure de sa création : date_heure.log
Note 3 : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci.
Aide : Comment utiliser MSNFix.
Sécurité / Prévention
Répondre à Egwene
Re,
Tu as utilisé une mauvaise version d'hijackthis. Désinstalle-la.
Télécharge et installe la celle que je t'ai donnée dans mon lien ( à lire ! ).
Hijackthis
***
1) Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.
Télécharge SDFix (d’Andy Manchesta)
- Enregistre le sur ton le bureau.
- Lance le.
- Fais install afin qu’il puisse s’extraire.
Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
- Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
- Appuie sur Y pour le lancer.
- Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
- Il est probable que le redémarrage soit un peu plus long que d’habitude.
- Une fois l’apparition de ton Bureau, il affichera Finished
- Appuie sur une touche.
- Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
Note : Si SDFix ne se lance pas (ça arrive!)
* Démarrer->Exécuter
* Copie/colle ceci:
| Citation : %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe |
* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDFix.
Aide : Comment faire démarrer son ordinateur en mode sans échec.
2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
- ferme toutes les applications et fenêtres
- double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
- s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
- tu devras cliquer 2 fois sur le OK des boîtes de dialogue
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
- quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
- tu n'auras pas de boîte de dialogue (pas de OK)
- quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran
- copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
- copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
- n'oublie pas de réactiver les protections si elles ont été stoppées.
Ce que fait DSS :
- crée un point de restauration dans Windows XP et Vista
- nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
- vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.
Sécurité / Prévention
Répondre à Egwene
voilà tous les rapports,
on commence par SDFix:
SDFix: Version 1.209
Run by Administrateur on 29/07/2008 at 22:54
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Resetting SecurityProviders Value
Resetting AppInit_DLLs value
Rebooting
Checking Files :
Trojan Files Found:
C:\ABQCNP~1.EXE - Deleted
C:\AEOJCM~1.EXE - Deleted
C:\AHIZMF~1.EXE - Deleted
C:\AILBCO~1.EXE - Deleted
C:\AINPXV~1.EXE - Deleted
C:\AJDQDE~1.EXE - Deleted
C:\AJFOKX~1.EXE - Deleted
C:\ANCDWH~1.EXE - Deleted
C:\ANWTOQ~1.EXE - Deleted
C:\AOBUKF~1.EXE - Deleted
C:\AOTBQH~1.EXE - Deleted
C:\APXHOX~1.EXE - Deleted
C:\ATTIHH~1.EXE - Deleted
C:\ATXLNE~1.EXE - Deleted
C:\AUMONJ~1.EXE - Deleted
C:\AWYUTP~1.EXE - Deleted
C:\AXGVGS~1.EXE - Deleted
C:\AXSFFJ~1.EXE - Deleted
C:\AYYTVK~1.EXE - Deleted
C:\AZWMUM~1.EXE - Deleted
C:\BABHDK~1.EXE - Deleted
C:\BACLQR~1.EXE - Deleted
C:\BAFYMU~1.EXE - Deleted
C:\BBDQKW~1.EXE - Deleted
C:\BESYPA~1.EXE - Deleted
C:\BFXBLH~1.EXE - Deleted
C:\BGGNUT~1.EXE - Deleted
C:\BHGSMW~1.EXE - Deleted
C:\BHLIYU~1.EXE - Deleted
C:\BHLZRH~1.EXE - Deleted
C:\BHNCLE~1.EXE - Deleted
C:\BHNRIO~1.EXE - Deleted
C:\BIFYJO~1.EXE - Deleted
C:\BIHLKV~1.EXE - Deleted
C:\BJECPA~1.EXE - Deleted
C:\BJLZHI~1.EXE - Deleted
C:\BJOFZJ~1.EXE - Deleted
C:\BKLFJW~1.EXE - Deleted
C:\BKRRDZ~1.EXE - Deleted
C:\BKYWJG~1.EXE - Deleted
C:\BLJJLA~1.EXE - Deleted
C:\BOSHER~1.EXE - Deleted
C:\BPZGZT~1.EXE - Deleted
C:\BRKPAU~1.EXE - Deleted
C:\BSVKRM~1.EXE - Deleted
C:\BUOGCF~1.EXE - Deleted
C:\BVFDGJ~1.EXE - Deleted
C:\BVKMZU~1.EXE - Deleted
C:\BVZPGS~1.EXE - Deleted
C:\BWTBEX~1.EXE - Deleted
C:\BWTZKH~1.EXE - Deleted
C:\BYMCTZ~1.EXE - Deleted
C:\BZVBHS~1.EXE - Deleted
C:\BZZQVA~1.EXE - Deleted
C:\CAMUFX~1.EXE - Deleted
C:\CBKOEW~1.EXE - Deleted
C:\CCHSVS~1.EXE - Deleted
C:\CCIURI~1.EXE - Deleted
C:\CCWALN~1.EXE - Deleted
C:\CDADQL~1.EXE - Deleted
C:\CDUDMV~1.EXE - Deleted
C:\CDWEXF~1.EXE - Deleted
C:\CEDQUR~1.EXE - Deleted
C:\CEQYBA~1.EXE - Deleted
C:\CFPGNW~1.EXE - Deleted
C:\CFPGRY~1.EXE - Deleted
C:\CFTDKC~1.EXE - Deleted
C:\CGPFEW~1.EXE - Deleted
C:\CKQEYF~1.EXE - Deleted
C:\CLMPXS~1.EXE - Deleted
C:\CMKRTY~1.EXE - Deleted
C:\CNWQQV~1.EXE - Deleted
C:\COIHMJ~1.EXE - Deleted
C:\CRCEAJ~1.EXE - Deleted
C:\CRITFS~1.EXE - Deleted
C:\CSAQUZ~1.EXE - Deleted
C:\CTHINO~1.EXE - Deleted
C:\CTQVRZ~1.EXE - Deleted
C:\CUBQTW~1.EXE - Deleted
C:\CUXJGG~1.EXE - Deleted
C:\CVOMJB~1.EXE - Deleted
C:\CVQVTG~1.EXE - Deleted
C:\CXFARL~1.EXE - Deleted
C:\CYFYEF~1.EXE - Deleted
C:\CZBTQV~1.EXE - Deleted
C:\CZWHZY~1.EXE - Deleted
C:\DARDHY~1.EXE - Deleted
C:\DBQFDY~1.EXE - Deleted
C:\DCBNGI~1.EXE - Deleted
C:\DCLHRS~1.EXE - Deleted
C:\DDBPUE~1.EXE - Deleted
C:\DHDRTS~1.EXE - Deleted
C:\DHQVSX~1.EXE - Deleted
C:\DIYKEA~1.EXE - Deleted
C:\DJIEBV~1.EXE - Deleted
C:\DJMPVS~1.EXE - Deleted
C:\DLBUWZ~1.EXE - Deleted
C:\DMLFPT~1.EXE - Deleted
C:\DNTXCW~1.EXE - Deleted
C:\DOXJBA~1.EXE - Deleted
C:\DPIIJX~1.EXE - Deleted
C:\DPTOWD~1.EXE - Deleted
C:\DQAEPE~1.EXE - Deleted
C:\DSKBJU~1.EXE - Deleted
C:\DTCHFN~1.EXE - Deleted
C:\DUMPLN~1.EXE - Deleted
C:\DUPANE~1.EXE - Deleted
C:\DVOTPC~1.EXE - Deleted
C:\DVVJQX~1.EXE - Deleted
C:\DVYSWQ~1.EXE - Deleted
C:\DYLLFS~1.EXE - Deleted
C:\DYMZUB~1.EXE - Deleted
C:\DYPREE~1.EXE - Deleted
C:\DYQURI~1.EXE - Deleted
C:\DYRTSH~1.EXE - Deleted
C:\DZJTNA~1.EXE - Deleted
C:\EAFHCS~1.EXE - Deleted
C:\ECFODL~1.EXE - Deleted
C:\ECKMLS~1.EXE - Deleted
C:\ECMUNN~1.EXE - Deleted
C:\EDARGT~1.EXE - Deleted
C:\EEWUYQ~1.EXE - Deleted
C:\EHAQAL~1.EXE - Deleted
C:\EHIYGQ~1.EXE - Deleted
C:\EICNPZ~1.EXE - Deleted
C:\EJHQIY~1.EXE - Deleted
C:\EJSPRZ~1.EXE - Deleted
C:\EJVJGO~1.EXE - Deleted
C:\EKADSW~1.EXE - Deleted
C:\EKEUBR~1.EXE - Deleted
C:\EMVIFN~1.EXE - Deleted
C:\ENLHBP~1.EXE - Deleted
C:\ENQYSK~1.EXE - Deleted
C:\EOGRXU~1.EXE - Deleted
C:\EOXRHW~1.EXE - Deleted
C:\EPPQBC~1.EXE - Deleted
C:\EPPSKC~1.EXE - Deleted
C:\EQUXRG~1.EXE - Deleted
C:\ERPBEN~1.EXE - Deleted
C:\ERYMOX~1.EXE - Deleted
C:\EWEKPX~1.EXE - Deleted
C:\EWKFLG~1.EXE - Deleted
C:\EWLIOW~1.EXE - Deleted
C:\EXLFYA~1.EXE - Deleted
C:\EYMZYM~1.EXE - Deleted
C:\FCDMQX~1.EXE - Deleted
C:\FDAZAF~1.EXE - Deleted
C:\FEAOJA~1.EXE - Deleted
C:\FELGPP~1.EXE - Deleted
C:\FFZUTA~1.EXE - Deleted
C:\FGVQWA~1.EXE - Deleted
C:\FJIPEK~1.EXE - Deleted
C:\FJXLDD~1.EXE - Deleted
C:\FMKLAK~1.EXE - Deleted
C:\FMMPDS~1.EXE - Deleted
C:\FNVDDX~1.EXE - Deleted
C:\FPFZYM~1.EXE - Deleted
C:\FPGQQB~1.EXE - Deleted
C:\FRCVHR~1.EXE - Deleted
C:\FRJVYI~1.EXE - Deleted
C:\FRKONJ~1.EXE - Deleted
C:\FRREKT~1.EXE - Deleted
C:\FSCIKM~1.EXE - Deleted
C:\FSHCLI~1.EXE - Deleted
C:\FUUZVI~1.EXE - Deleted
C:\FUVTHJ~1.EXE - Deleted
C:\FVCCBK~1.EXE - Deleted
C:\FVDXQJ~1.EXE - Deleted
C:\FZMHTA~1.EXE - Deleted
C:\GACXCF~1.EXE - Deleted
C:\GBBSKU~1.EXE - Deleted
C:\GBFJJT~1.EXE - Deleted
C:\GBFWCK~1.EXE - Deleted
C:\GBGRUK~1.EXE - Deleted
C:\GBKVYF~1.EXE - Deleted
C:\GBXXBY~1.EXE - Deleted
C:\GCLOPP~1.EXE - Deleted
C:\GCLTDJ~1.EXE - Deleted
C:\GDXXAX~1.EXE - Deleted
C:\GEDDUD~1.EXE - Deleted
C:\GEQSHR~1.EXE - Deleted
C:\GEWMXT~1.EXE - Deleted
C:\GFBHEW~1.EXE - Deleted
C:\GGAQJL~1.EXE - Deleted
C:\GGLTAI~1.EXE - Deleted
C:\GGRQHR~1.EXE - Deleted
C:\GHJJYE~1.EXE - Deleted
C:\GHQGSI~1.EXE - Deleted
C:\GJWYUI~1.EXE - Deleted
C:\GKPGEZ~1.EXE - Deleted
C:\GMWXOO~1.EXE - Deleted
C:\GNHZQC~1.EXE - Deleted
C:\GPHLXG~1.EXE - Deleted
C:\GPULVO~1.EXE - Deleted
C:\GQPPIX~1.EXE - Deleted
C:\GRUOGM~1.EXE - Deleted
C:\GSRWZT~1.EXE - Deleted
C:\GTPXBM~1.EXE - Deleted
C:\GUXXPY~1.EXE - Deleted
C:\GVEHEZ~1.EXE - Deleted
C:\GVGHXR~1.EXE - Deleted
C:\GVXPCW~1.EXE - Deleted
C:\GWMEZA~1.EXE - Deleted
C:\GYIVHS~1.EXE - Deleted
C:\GZIGVP~1.EXE - Deleted
C:\GZMPEY~1.EXE - Deleted
C:\HAEQIG~1.EXE - Deleted
C:\HAQKKK~1.EXE - Deleted
C:\HBERJN~1.EXE - Deleted
C:\HDBKIL~1.EXE - Deleted
C:\HDVDIP~1.EXE - Deleted
C:\HFCYUM~1.EXE - Deleted
C:\HGZJBA~1.EXE - Deleted
C:\HHRUPB~1.EXE - Deleted
C:\HIHUZI~1.EXE - Deleted
C:\HKNPAX~1.EXE - Deleted
C:\HKZZBE~1.EXE - Deleted
C:\HLYMCV~1.EXE - Deleted
C:\HMEFKA~1.EXE - Deleted
C:\HMYRAK~1.EXE - Deleted
C:\HNGUQC~1.EXE - Deleted
C:\HOZNFU~1.EXE - Deleted
C:\HPUYXH~1.EXE - Deleted
C:\HQRIGP~1.EXE - Deleted
C:\HSOCOT~1.EXE - Deleted
C:\HSOVNW~1.EXE - Deleted
C:\HSQNPY~1.EXE - Deleted
C:\HVYZBU~1.EXE - Deleted
C:\HWNHGX~1.EXE - Deleted
C:\HWPZGH~1.EXE - Deleted
C:\HWQZAF~1.EXE - Deleted
C:\HYWLQR~1.EXE - Deleted
C:\HZEICS~1.EXE - Deleted
C:\HZFDXR~1.EXE - Deleted
C:\HZINQK~1.EXE - Deleted
C:\IAFGEY~1.EXE - Deleted
C:\IBBTLK~1.EXE - Deleted
C:\ICIVSN~1.EXE - Deleted
C:\ICWVSR~1.EXE - Deleted
C:\IEJGCL~1.EXE - Deleted
C:\IFEHFM~1.EXE - Deleted
C:\IFXBBZ~1.EXE - Deleted
C:\IGBXDC~1.EXE - Deleted
C:\IHYIGS~1.EXE - Deleted
C:\IKDVPJ~1.EXE - Deleted
C:\IKDXUM~1.EXE - Deleted
C:\IKTYKA~1.EXE - Deleted
C:\ILJQPI~1.EXE - Deleted
C:\IMEBBP~1.EXE - Deleted
C:\IMZHDY~1.EXE - Deleted
C:\IPAOHR~1.EXE - Deleted
C:\IPXMTY~1.EXE - Deleted
C:\IQTLQP~1.EXE - Deleted
C:\ISBFBY~1.EXE - Deleted
C:\ISWPXS~1.EXE - Deleted
C:\IWJOHA~1.EXE - Deleted
C:\IWLUOR~1.EXE - Deleted
C:\IXYYIL~1.EXE - Deleted
C:\IYZJGI~1.EXE - Deleted
C:\IZAFTO~1.EXE - Deleted
C:\IZDVHT~1.EXE - Deleted
C:\JARYNE~1.EXE - Deleted
C:\JCICXH~1.EXE - Deleted
C:\JEGQQZ~1.EXE - Deleted
C:\JESWHM~1.EXE - Deleted
C:\JFLEOB~1.EXE - Deleted
C:\JFYOUM~1.EXE - Deleted
C:\JGASSS~1.EXE - Deleted
C:\JHSOHB~1.EXE - Deleted
C:\JICXTT~1.EXE - Deleted
C:\JKCHEY~1.EXE - Deleted
C:\JLSFFF~1.EXE - Deleted
C:\JMLVSI~1.EXE - Deleted
C:\JMNZWI~1.EXE - Deleted
C:\JOORQN~1.EXE - Deleted
C:\JPJLBF~1.EXE - Deleted
C:\JPRURW~1.EXE - Deleted
C:\JRHNTU~1.EXE - Deleted
C:\JSCAUN~1.EXE - Deleted
C:\JSKHSK~1.EXE - Deleted
C:\JSSVQS~1.EXE - Deleted
C:\JTIDUS~1.EXE - Deleted
C:\JTKXFT~1.EXE - Deleted
C:\JULIXY~1.EXE - Deleted
C:\JVGABA~1.EXE - Deleted
C:\JWPXJJ~1.EXE - Deleted
C:\JXFVNS~1.EXE - Deleted
C:\JXYFYF~1.EXE - Deleted
C:\JYHIUG~1.EXE - Deleted
C:\JZDAND~1.EXE - Deleted
C:\KABTKT~1.EXE - Deleted
C:\KADTRA~1.EXE - Deleted
C:\KBRVOD~1.EXE - Deleted
C:\KCHKGJ~1.EXE - Deleted
C:\KEAIMA~1.EXE - Deleted
C:\KEUYWN~1.EXE - Deleted
C:\KEVFBI~1.EXE - Deleted
C:\KFTCWX~1.EXE - Deleted
C:\KFWUMM~1.EXE - Deleted
C:\KHQZZH~1.EXE - Deleted
C:\KHSPKR~1.EXE - Deleted
C:\KHUEZR~1.EXE - Deleted
C:\KJGEBX~1.EXE - Deleted
C:\KKRETR~1.EXE - Deleted
C:\KLACEG~1.EXE - Deleted
C:\KLBQVS~1.EXE - Deleted
C:\KNNXCX~1.EXE - Deleted
C:\KQOBJE~1.EXE - Deleted
C:\KRXEYK~1.EXE - Deleted
C:\KSVESS~1.EXE - Deleted
C:\KTELES~1.EXE - Deleted
C:\KTEXKB~1.EXE - Deleted
C:\KTYJAX~1.EXE - Deleted
C:\KUDMNI~1.EXE - Deleted
C:\KWVTJZ~1.EXE - Deleted
C:\KXEQUF~1.EXE - Deleted
C:\KXNYED~1.EXE - Deleted
C:\KXVDLV~1.EXE - Deleted
C:\KYMDBH~1.EXE - Deleted
C:\KZJUYA~1.EXE - Deleted
C:\LBDIXJ~1.EXE - Deleted
C:\LCDOFX~1.EXE - Deleted
C:\LDUYEO~1.EXE - Deleted
C:\LEXCJS~1.EXE - Deleted
C:\LFBDWH~1.EXE - Deleted
C:\LGGSEL~1.EXE - Deleted
C:\LGGTWE~1.EXE - Deleted
C:\LGKDEE~1.EXE - Deleted
C:\LIZEFS~1.EXE - Deleted
C:\LJWRHP~1.EXE - Deleted
C:\LKITEA~1.EXE - Deleted
C:\LLWSHC~1.EXE - Deleted
C:\LMLNBU~1.EXE - Deleted
C:\LPDLFI~1.EXE - Deleted
C:\LPYTVH~1.EXE - Deleted
C:\LQSDND~1.EXE - Deleted
C:\LSNRVF~1.EXE - Deleted
C:\LSRXRZ~1.EXE - Deleted
C:\LTEEQC~1.EXE - Deleted
C:\LUDZTH~1.EXE - Deleted
C:\LUWXZM~1.EXE - Deleted
C:\LXGRQJ~1.EXE - Deleted
C:\LYDLPN~1.EXE - Deleted
C:\LYUJNL~1.EXE - Deleted
C:\LYZSJI~1.EXE - Deleted
C:\MBLZIY~1.EXE - Deleted
C:\MBMUAT~1.EXE - Deleted
C:\MDWSDN~1.EXE - Deleted
C:\MEFLHP~1.EXE - Deleted
C:\MFMPCP~1.EXE - Deleted
C:\MFPVHU~1.EXE - Deleted
C:\MFXCAU~1.EXE - Deleted
C:\MGUSBW~1.EXE - Deleted
C:\MILLHH~1.EXE - Deleted
C:\MIQSFP~1.EXE - Deleted
C:\MJPMFH~1.EXE - Deleted
C:\MKDZQO~1.EXE - Deleted
C:\MKJQCM~1.EXE - Deleted
C:\MLNTMU~1.EXE - Deleted
C:\MLYUZX~1.EXE - Deleted
C:\MLZOIK~1.EXE - Deleted
C:\MMNSQJ~1.EXE - Deleted
C:\MMOLRX~1.EXE - Deleted
C:\MNHMNO~1.EXE - Deleted
C:\MNNFDO~1.EXE - Deleted
C:\MNNWQR~1.EXE - Deleted
C:\MQFPOJ~1.EXE - Deleted
C:\MQTTWB~1.EXE - Deleted
C:\MQVEUP~1.EXE - Deleted
C:\MSDTNX~1.EXE - Deleted
C:\MTKSUA~1.EXE - Deleted
C:\MTLZAP~1.EXE - Deleted
C:\MUMZUT~1.EXE - Deleted
C:\MUPIBF~1.EXE - Deleted
C:\MUTGQC~1.EXE - Deleted
C:\MUTJEW~1.EXE - Deleted
C:\MVJGNW~1.EXE - Deleted
C:\MVWTQK~1.EXE - Deleted
C:\MVZCBF~1.EXE - Deleted
C:\MWAVPD~1.EXE - Deleted
C:\MWGVDY~1.EXE - Deleted
C:\MYCXVH~1.EXE - Deleted
C:\MZDYDI~1.EXE - Deleted
C:\MZMGTD~1.EXE - Deleted
C:\MZPVEJ~1.EXE - Deleted
C:\MZSRQM~1.EXE - Deleted
C:\NBJALV~1.EXE - Deleted
C:\NEWYNP~1.EXE - Deleted
C:\NFWXDI~1.EXE - Deleted
C:\NGNBPT~1.EXE - Deleted
C:\NJSJAQ~1.EXE - Deleted
C:\NMOIPX~1.EXE - Deleted
C:\NMURJP~1.EXE - Deleted
C:\NNDRFM~1.EXE - Deleted
C:\NOZXSZ~1.EXE - Deleted
C:\NPPGRW~1.EXE - Deleted
C:\NPSRGA~1.EXE - Deleted
C:\NQDEIN~1.EXE - Deleted
C:\NQZSBR~1.EXE - Deleted
C:\NSOARN~1.EXE - Deleted
C:\NSRCQK~1.EXE - Deleted
C:\NUYJQA~1.EXE - Deleted
C:\NWPNGK~1.EXE - Deleted
C:\NYIZNB~1.EXE - Deleted
C:\NYWFMQ~1.EXE - Deleted
C:\OAAUNE~1.EXE - Deleted
C:\OBHRCW~1.EXE - Deleted
C:\OBPMIY~1.EXE - Deleted
C:\OBSFZT~1.EXE - Deleted
C:\ODCOOS~1.EXE - Deleted
C:\ODJWUG~1.EXE - Deleted
C:\ODKUKM~1.EXE - Deleted
C:\OFBLJP~1.EXE - Deleted
C:\OFEKTB~1.EXE - Deleted
C:\OFWNIO~1.EXE - Deleted
C:\OHZTHX~1.EXE - Deleted
C:\OJOQWU~1.EXE - Deleted
C:\OJUEWJ~1.EXE - Deleted
C:\OJWKCN~1.EXE - Deleted
C:\OLCRQK~1.EXE - Deleted
C:\OMFANJ~1.EXE - Deleted
C:\OMRSRK~1.EXE - Deleted
C:\ONHWOE~1.EXE - Deleted
C:\ONMMMW~1.EXE - Deleted
C:\ONSDYD~1.EXE - Deleted
C:\OOHCTS~1.EXE - Deleted
C:\OOHQTA~1.EXE - Deleted
C:\OOHXQL~1.EXE - Deleted
C:\OOYLJH~1.EXE - Deleted
C:\OPQSBM~1.EXE - Deleted
C:\ORGDCQ~1.EXE - Deleted
C:\ORTTRB~1.EXE - Deleted
C:\OSMCSR~1.EXE - Deleted
C:\OTXSSW~1.EXE - Deleted
C:\OUTJYQ~1.EXE - Deleted
C:\OUZPSB~1.EXE - Deleted
C:\OVFGLO~1.EXE - Deleted
C:\OVLYQZ~1.EXE - Deleted
C:\OWBMJS~1.EXE - Deleted
C:\OWSUAO~1.EXE - Deleted
C:\OXNWSL~1.EXE - Deleted
C:\OYGAPM~1.EXE - Deleted
C:\OYKTCM~1.EXE - Deleted
C:\OYUNEK~1.EXE - Deleted
C:\OYVBVE~1.EXE - Deleted
C:\OZHFJJ~1.EXE - Deleted
C:\OZIHCV~1.EXE - Deleted
C:\OZPKFX~1.EXE - Deleted
C:\PAPMOU~1.EXE - Deleted
C:\PAYBEP~1.EXE - Deleted
C:\PDNVYN~1.EXE - Deleted
C:\PFJGRC~1.EXE - Deleted
C:\PHTPHR~1.EXE - Deleted
C:\PIIBKO~1.EXE - Deleted
C:\PINUFD~1.EXE - Deleted
C:\PIWPAS~1.EXE - Deleted
C:\PJEXKO~1.EXE - Deleted
C:\PKLJXP~1.EXE - Deleted
C:\PKTOAL~1.EXE - Deleted
C:\PKVEUX~1.EXE - Deleted
C:\PMFRJI~1.EXE - Deleted
C:\PMQWMW~1.EXE - Deleted
C:\PNUNRA~1.EXE - Deleted
C:\PPSXOQ~1.EXE - Deleted
C:\PPZXCT~1.EXE - Deleted
C:\PQRVSP~1.EXE - Deleted
C:\PSJNSU~1.EXE - Deleted
C:\PTPRCH~1.EXE - Deleted
C:\PTRTZM~1.EXE - Deleted
C:\PTTGFK~1.EXE - Deleted
C:\PTWEZE~1.EXE - Deleted
C:\PVLILX~1.EXE - Deleted
C:\PWXIXD~1.EXE - Deleted
C:\PXSRYR~1.EXE - Deleted
C:\PXWMQC~1.EXE - Deleted
C:\PYOWSG~1.EXE - Deleted
C:\PYVEIS~1.EXE - Deleted
C:\PZBPJR~1.EXE - Deleted
C:\PZDKBH~1.EXE - Deleted
C:\PZOCED~1.EXE - Deleted
C:\QARZZL~1.EXE - Deleted
C:\QBRDMS~1.EXE - Deleted
C:\QCBWAL~1.EXE - Deleted
C:\QCGFUA~1.EXE - Deleted
C:\QCOEAA~1.EXE - Deleted
C:\QDDHZZ~1.EXE - Deleted
C:\QDPAKK~1.EXE - Deleted
C:\QDWNPJ~1.EXE - Deleted
C:\QEHJWK~1.EXE - Deleted
C:\QFSOIP~1.EXE - Deleted
C:\QFTVWD~1.EXE - Deleted
C:\QGSQWA~1.EXE - Deleted
C:\QGTMFE~1.EXE - Deleted
C:\QHEKGJ~1.EXE - Deleted
C:\QHGVQK~1.EXE - Deleted
C:\QIDSSZ~1.EXE - Deleted
C:\QIJLWM~1.EXE - Deleted
C:\QITDJN~1.EXE - Deleted
C:\QJROBJ~1.EXE - Deleted
C:\QKOCTG~1.EXE - Deleted
C:\QMCMKV~1.EXE - Deleted
C:\QMLVIO~1.EXE - Deleted
C:\QNHRKA~1.EXE - Deleted
C:\QNIOJQ~1.EXE - Deleted
C:\QNXOWF~1.EXE - Deleted
C:\QQXGOF~1.EXE - Deleted
C:\QRRPPC~1.EXE - Deleted
C:\QSGDPI~1.EXE - Deleted
C:\QSIQFQ~1.EXE - Deleted
C:\QSPNPC~1.EXE - Deleted
C:\QSPORN~1.EXE - Deleted
C:\QSWWKH~1.EXE - Deleted
C:\QTRXEM~1.EXE - Deleted
C:\QTTPNA~1.EXE - Deleted
C:\QUDXMX~1.EXE - Deleted
C:\QULFVN~1.EXE - Deleted
C:\QVKDSU~1.EXE - Deleted
C:\QVKLWZ~1.EXE - Deleted
C:\QVLMDW~1.EXE - Deleted
C:\QWZGDB~1.EXE - Deleted
C:\QYSUJG~1.EXE - Deleted
C:\QZKYMF~1.EXE - Deleted
C:\QZTMLC~1.EXE - Deleted
C:\RAYYRT~1.EXE - Deleted
C:\RBCRHB~1.EXE - Deleted
C:\RBZFIQ~1.EXE - Deleted
C:\RCZRAL~1.EXE - Deleted
C:\RDPPFE~1.EXE - Deleted
C:\REJWPE~1.EXE - Deleted
C:\RFCZZG~1.EXE - Deleted
C:\RFKLMS~1.EXE - Deleted
C:\RFQFPJ~1.EXE - Deleted
C:\RGSZXU~1.EXE - Deleted
C:\RHIJGA~1.EXE - Deleted
C:\RHIQUH~1.EXE - Deleted
C:\RHPFYY~1.EXE - Deleted
C:\RICMUF~1.EXE - Deleted
C:\RIVGDL~1.EXE - Deleted
C:\RIVUZF~1.EXE - Deleted
C:\RJDTGX~1.EXE - Deleted
C:\RJGLHR~1.EXE - Deleted
C:\RJSNBJ~1.EXE - Deleted
C:\RJZYSU~1.EXE - Deleted
C:\RKCLXO~1.EXE - Deleted
C:\RLJZAG~1.EXE - Deleted
C:\RLUUNC~1.EXE - Deleted
C:\RMYVHE~1.EXE - Deleted
C:\ROCGJJ~1.EXE - Deleted
C:\RPCURR~1.EXE - Deleted
C:\RQSTQW~1.EXE - Deleted
C:\RRPBTP~1.EXE - Deleted
C:\RRVERZ~1.EXE - Deleted
C:\RSXDLI~1.EXE - Deleted
C:\RTFEMZ~1.EXE - Deleted
C:\RTMTRE~1.EXE - Deleted
C:\RTZXMI~1.EXE - Deleted
C:\RWEWEW~1.EXE - Deleted
C:\RWJMMC~1.EXE - Deleted
C:\RWKXNG~1.EXE - Deleted
C:\RWUZHI~1.EXE - Deleted
C:\RWWAIT~1.EXE - Deleted
C:\RWWGPS~1.EXE - Deleted
C:\RWZEQA~1.EXE - Deleted
C:\RXLEKB~1.EXE - Deleted
C:\RXNORA~1.EXE - Deleted
C:\RXVHHU~1.EXE - Deleted
C:\RXZISB~1.EXE - Deleted
C:\RYAKIY~1.EXE - Deleted
C:\RYPZKS~1.EXE - Deleted
C:\RZALPY~1.EXE - Deleted
C:\RZPGSI~1.EXE - Deleted
C:\SBCJBL~1.EXE - Deleted
C:\SBKOED~1.EXE - Deleted
C:\SCANVD~1.EXE - Deleted
C:\SCEEFY~1.EXE - Deleted
C:\SCINTU~1.EXE - Deleted
C:\SCMOGI~1.EXE - Deleted
C:\SESYWH~1.EXE - Deleted
C:\SEVEDC~1.EXE - Deleted
C:\SFMECH~1.EXE - Deleted
C:\SHJRVG~1.EXE - Deleted
C:\SJFAGW~1.EXE - Deleted
C:\SNACNO~1.EXE - Deleted
C:\SOCYZH~1.EXE - Deleted
C:\SQLCIU~1.EXE - Deleted
C:\SSLRWI~1.EXE - Deleted
C:\SSZITS~1.EXE - Deleted
C:\STLXYJ~1.EXE - Deleted
C:\SVRHBK~1.EXE - Deleted
C:\SWQFPB~1.EXE - Deleted
C:\SXMJKP~1.EXE - Deleted
C:\SYYCKV~1.EXE - Deleted
C:\TAJHHR~1.EXE - Deleted
C:\TBPDUO~1.EXE - Deleted
C:\TDYSBQ~1.EXE - Deleted
C:\TECMDB~1.EXE - Deleted
C:\TEZONB~1.EXE - Deleted
C:\TFHFPK~1.EXE - Deleted
C:\TFJRRL~1.EXE - Deleted
C:\TGCYND~1.EXE - Deleted
C:\TGVZEV~1.EXE - Deleted
C:\THOKHX~1.EXE - Deleted
C:\TIKDWU~1.EXE - Deleted
C:\TIUUTT~1.EXE - Deleted
C:\TJLUHP~1.EXE - Deleted
C:\TKIXNG~1.EXE - Deleted
C:\TLBILC~1.EXE - Deleted
C:\TNSLHZ~1.EXE - Deleted
C:\TNSUFE~1.EXE - Deleted
C:\TORILY~1.EXE - Deleted
C:\TQEFBE~1.EXE - Deleted
C:\TQMUPV~1.EXE - Deleted
C:\TRCOPF~1.EXE - Deleted
C:\TRUUFZ~1.EXE - Deleted
C:\TRWBGG~1.EXE - Deleted
C:\TRYKYU~1.EXE - Deleted
C:\TTNJDU~1.EXE - Deleted
C:\TUGGUC~1.EXE - Deleted
C:\TUIHHB~1.EXE - Deleted
C:\TURZPA~1.EXE - Deleted
C:\TVMTEW~1.EXE - Deleted
C:\TVOQHK~1.EXE - Deleted
C:\TVUSBN~1.EXE - Deleted
C:\TWRSTS~1.EXE - Deleted
C:\TWTTEC~1.EXE - Deleted
C:\TWVBLQ~1.EXE - Deleted
C:\TWVPOC~1.EXE - Deleted
C:\TXJZJY~1.EXE - Deleted
C:\TXLZXS~1.EXE - Deleted
C:\TXUILP~1.EXE - Deleted
C:\TYPZNB~1.EXE - Deleted
C:\TYQBJM~1.EXE - Deleted
C:\TZKMBC~1.EXE - Deleted
C:\TZMYLS~1.EXE - Deleted
C:\UAYACZ~1.EXE - Deleted
C:\UBXPVA~1.EXE - Deleted
C:\UCOWYC~1.EXE - Deleted
C:\UDNFFL~1.EXE - Deleted
C:\UEHSPU~1.EXE - Deleted
C:\UEJTOD~1.EXE - Deleted
C:\UEMHKH~1.EXE - Deleted
C:\UGICDU~1.EXE - Deleted
C:\UHSQFO~1.EXE - Deleted
C:\UINHMN~1.EXE - Deleted
C:\UJRMAJ~1.EXE - Deleted
C:\UJYNTK~1.EXE - Deleted
C:\UKNYRV~1.EXE - Deleted
C:\UNBILZ~1.EXE - Deleted
C:\UNELXR~1.EXE - Deleted
C:\UNHZSM~1.EXE - Deleted
C:\UNLYGB~1.EXE - Deleted
C:\UNZJDJ~1.EXE - Deleted
C:\UOODQB~1.EXE - Deleted
C:\UPQPXX~1.EXE - Deleted
C:\UPQRAQ~1.EXE - Deleted
C:\UPWFFX~1.EXE - Deleted
C:\UQHILQ~1.EXE - Deleted
C:\USOFAQ~1.EXE - Deleted
C:\USSAJK~1.EXE - Deleted
C:\UTLORX~1.EXE - Deleted
C:\UUNWGX~1.EXE - Deleted
C:\UUUHRJ~1.EXE - Deleted
C:\UWRESB~1.EXE - Deleted
C:\UXVUSP~1.EXE - Deleted
C:\UYKSWK~1.EXE - Deleted
C:\UZBVQQ~1.EXE - Deleted
C:\UZQNMA~1.EXE - Deleted
C:\VADEGO~1.EXE - Deleted
C:\VAEVFB~1.EXE - Deleted
C:\VBKTTD~1.EXE - Deleted
C:\VCZGOA~1.EXE - Deleted
C:\VDQNIV~1.EXE - Deleted
C:\VEZADI~1.EXE - Deleted
C:\VFDMER~1.EXE - Deleted
C:\VFJJSB~1.EXE - Deleted
C:\VGEQFY~1.EXE - Deleted
C:\VGJBTQ~1.EXE - Deleted
C:\VGTDGD~1.EXE - Deleted
C:\VHVQON~1.EXE - Deleted
C:\VHVVWN~1.EXE - Deleted
C:\VICGHY~1.EXE - Deleted
C:\VIHWUM~1.EXE - Deleted
C:\VKKWFM~1.EXE - Deleted
C:\VLVHQY~1.EXE - Deleted
C:\VMZENE~1.EXE - Deleted
C:\VNHMNQ~1.EXE - Deleted
C:\VNVFUI~1.EXE - Deleted
C:\VOFNRX~1.EXE - Deleted
C:\VRKGOU~1.EXE - Deleted
C:\VSGOKS~1.EXE - Deleted
C:\VVULHZ~1.EXE - Deleted
C:\VWEYFO~1.EXE - Deleted
C:\VWIIUN~1.EXE - Deleted
C:\VWUROY~1.EXE - Deleted
C:\VXFQFQ~1.EXE - Deleted
C:\VXVYSI~1.EXE - Deleted
C:\VXXXMK~1.EXE - Deleted
C:\VZNYJC~1.EXE - Deleted
C:\VZYUCQ~1.EXE - Deleted
C:\WAFOUB~1.EXE - Deleted
C:\WAJCVP~1.EXE - Deleted
C:\WAPBUY~1.EXE - Deleted
C:\WBEOJM~1.EXE - Deleted
C:\WCASOV~1.EXE - Deleted
C:\WCBXPF~1.EXE - Deleted
C:\WCCGXO~1.EXE - Deleted
C:\WEZBGN~1.EXE - Deleted
C:\WGFUUV~1.EXE - Deleted
C:\WGUXQC~1.EXE - Deleted
C:\WIDZUR~1.EXE - Deleted
C:\WIHZZP~1.EXE - Deleted
C:\WIVIZJ~1.EXE - Deleted
C:\WJYQMS~1.EXE - Deleted
C:\WKDKLK~1.EXE - Deleted
C:\WKDNSU~1.EXE - Deleted
C:\WKSPBI~1.EXE - Deleted
C:\WLGKCP~1.EXE - Deleted
C:\WLTCZO~1.EXE - Deleted
C:\WNNYVK~1.EXE - Deleted
C:\WNYCYG~1.EXE - Deleted
C:\WODEPF~1.EXE - Deleted
C:\WOVHWP~1.EXE - Deleted
C:\WQHEGJ~1.EXE - Deleted
C:\WSFTYF~1.EXE - Deleted
C:\WSWQPS~1.EXE - Deleted
C:\WTMLPG~1.EXE - Deleted
C:\WTVEEL~1.EXE - Deleted
C:\WVVVYB~1.EXE - Deleted
C:\WWAXTK~1.EXE - Deleted
C:\WXOMQR~1.EXE - Deleted
C:\WYRSFR~1.EXE - Deleted
C:\WZJZRQ~1.EXE - Deleted
C:\XCRMCJ~1.EXE - Deleted
C:\XCTASV~1.EXE - Deleted
C:\XCVYOL~1.EXE - Deleted
C:\XDORSW~1.EXE - Deleted
C:\XEZMCS~1.EXE - Deleted
C:\XGENWJ~1.EXE - Deleted
C:\XGWBDU~1.EXE - Deleted
C:\XHBKNP~1.EXE - Deleted
C:\XIMUIH~1.EXE - Deleted
C:\XKWKHG~1.EXE - Deleted
C:\XKWQBE~1.EXE - Deleted
C:\XLOVJZ~1.EXE - Deleted
C:\XLSYQQ~1.EXE - Deleted
C:\XMIXBZ~1.EXE - Deleted
C:\XMNTIX~1.EXE - Deleted
C:\XNAGEJ~1.EXE - Deleted
C:\XPVEEE~1.EXE - Deleted
C:\XRXSDS~1.EXE - Deleted
C:\XSNOFE~1.EXE - Deleted
C:\XTEMZN~1.EXE - Deleted
C:\XUVEFO~1.EXE - Deleted
C:\XVATZB~1.EXE - Deleted
C:\XXWDHA~1.EXE - Deleted
C:\XZCAMI~1.EXE - Deleted
C:\XZNAQG~1.EXE - Deleted
C:\XZPTHT~1.EXE - Deleted
C:\XZTNKK~1.EXE - Deleted
C:\XZXAUO~1.EXE - Deleted
C:\YBCIHB~1.EXE - Deleted
C:\YBHVWQ~1.EXE - Deleted
C:\YBTOZZ~1.EXE - Deleted
C:\YCHEVW~1.EXE - Deleted
C:\YDVAYT~1.EXE - Deleted
C:\YECIFL~1.EXE - Deleted
C:\YEGAXF~1.EXE - Deleted
C:\YEVFUB~1.EXE - Deleted
C:\YEVLCI~1.EXE - Deleted
C:\YFIKRX~1.EXE - Deleted
C:\YGDXPN~1.EXE - Deleted
C:\YHVQEH~1.EXE - Deleted
C:\YIACEU~1.EXE - Deleted
C:\YIVAOE~1.EXE - Deleted
C:\YIZYZM~1.EXE - Deleted
C:\YKWQXW~1.EXE - Deleted
C:\YODSEX~1.EXE - Deleted
C:\YOJAZB~1.EXE - Deleted
C:\YPQXEH~1.EXE - Deleted
C:\YQBJPB~1.EXE - Deleted
C:\YQBSWF~1.EXE - Deleted
C:\YSFIAN~1.EXE - Deleted
C:\YSIVDX~1.EXE - Deleted
C:\YSWFKG~1.EXE - Deleted
C:\YTUBEE~1.EXE - Deleted
C:\YVPJTI~1.EXE - Deleted
C:\YWCQRU~1.EXE - Deleted
C:\YZIOVV~1.EXE - Deleted
C:\ZFBQHI~1.EXE - Deleted
C:\ZGJRUT~1.EXE - Deleted
C:\ZHCOWS~1.EXE - Deleted
C:\ZIGIBL~1.EXE - Deleted
C:\ZJPVHG~1.EXE - Deleted
C:\ZKBACY~1.EXE - Deleted
C:\ZLKMRP~1.EXE - Deleted
C:\ZLZMVA~1.EXE - Deleted
C:\ZMKLIA~1.EXE - Deleted
C:\ZNDPGF~1.EXE - Deleted
C:\ZONULW~1.EXE - Deleted
C:\ZPENOF~1.EXE - Deleted
C:\ZQVEZF~1.EXE - Deleted
C:\ZRDYPJ~1.EXE - Deleted
C:\ZTBEJD~1.EXE - Deleted
C:\ZUPYTF~1.EXE - Deleted
C:\ZUVXIR~1.EXE - Deleted
C:\ZVAGHO~1.EXE - Deleted
C:\ZWGAXN~1.EXE - Deleted
C:\ZYJGYR~1.EXE - Deleted
C:\ZYSRPK~1.EXE - Deleted
C:\ZYYQLK~1.EXE - Deleted
C:\ZZIOGH~1.EXE - Deleted
C:\autorun.inf - Deleted
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\config.cfg - Deleted
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\config.MSNFix - Deleted
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe - Deleted
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SRUninstall.exe - Deleted
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SRUninstall.MSNFix - Deleted
C:\Documents and Settings\Administrateur\Application Data\WinTouch\wintouch.MSNFix - Deleted
C:\Documents and Settings\Administrateur\Application Data\WinTouch\WTUninstaller.MSNFix - Deleted
C:\Program Files\GetModule\dicik.gz - Deleted
C:\Program Files\GetModule\GetModule18.exe - Deleted
C:\Program Files\GetModule\GetModule19.exe - Deleted
C:\Program Files\GetModule\GetModule20.exe - Deleted
C:\Program Files\GetModule\kwdik.gz - Deleted
C:\Program Files\GetModule\sonetupd.exe - Deleted
C:\Program Files\GetModule\zolnupdate.exe - Deleted
C:\Program Files\GetPack\dianeadupd.exe - Deleted
C:\Program Files\GetPack\dictame.gz - Deleted
C:\Program Files\GetPack\GetPack18.exe - Deleted
C:\Program Files\GetPack\GetPack19.exe - Deleted
C:\Program Files\GetPack\GetPack20.exe - Deleted
C:\Program Files\GetPack\trgtame.gz - Deleted
C:\Program Files\iCheck\iCheck.exe - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted
C:\Program Files\ISM\ism.exe - Deleted
C:\Program Files\ISM\Uninstall.exe - Deleted
C:\Program Files\JavaCore\JavaCore.MSNFix - Deleted
C:\Program Files\JavaCore\UnInstall.MSNFix - Deleted
C:\Program Files\mjc\mjc.exe - Deleted
C:\Program Files\QdrPack\bostrupd.exe - Deleted
C:\Program Files\QdrPack\QdrPack16.exe - Deleted
C:\Program Files\QdrPack\QdrPack17.exe - Deleted
C:\Program Files\QdrPack\wadsvupd.exe - Deleted
C:\Program Files\Spcron\Spc.dll - Deleted
C:\Program Files\Svconr\Svconr.exe - Deleted
C:\Program Files\Svconr\Svconr.MSNFix - Deleted
C:\Program Files\Temporary\InsiDERInst.MSNFix - Deleted
C:\Program Files\Webtools\webtools.dll - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.MSNFix - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa118.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa119.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa219.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa220.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ismtpa17.exe - Deleted
C:\WINDOWS\17PHolmes1001186.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b152.exe - Deleted
C:\WINDOWS\b155.exe - Deleted
C:\WINDOWS\b156.exe - Deleted
C:\WINDOWS\b157.exe - Deleted
C:\WINDOWS\mrofinu1001186.exe - Deleted
C:\WINDOWS\mrofinu1001186.exe.tmp - Deleted
C:\Program Files\.autoreg - Deleted
C:\WINDOWS\AutoUpdateWin31.dll - Deleted
C:\WINDOWS\AutoUpdateWin32.exe - Deleted
C:\WINDOWS\system32\wowfx.dll - Deleted
Folder C:\Documents and Settings\Administrateur\Application Data\SpeedRunner - Removed
Folder C:\Documents and Settings\Administrateur\Application Data\WinTouch - Removed
Folder C:\Program Files\GetModule - Removed
Folder C:\Program Files\GetPack - Removed
Folder C:\Program Files\iCheck - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\ISM - Removed
Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\mjc - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\Spcron - Removed
Folder C:\Program Files\Svconr - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Webtools - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 23:15:07
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
"khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a6,39,eb,91,79,92,8d,53,1f,1b,fe,f2,d8,6b,1b,2b,c9,55,cd,26,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:20,52,42,21,65,6e,0a,13,30,dd,51,81,2a,9d,12,2f,ba,92,8a,5d,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c2,8c,dd,c2,af,bb,06,00,63,dc,6e,3b,a6,3b,0e,92,03,88,39,41,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:3d,52,d5,a5,23,74,b5,bd,19,92,cd,9a,57,a0,6a,c4,06,65,90,55,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
"khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6a,9c,6f,95,8c,93,9e,c4,11,84,a4,a9,e6,6e,a1,e9,01,01,b1,e0,6f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:20,c3,36,3f,e8,e6,a7,81,eb,73,8e,3f,be,37,97,df,9d,e5,b1,26,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c2,8c,dd,c2,af,bb,06,00,63,dc,6e,3b,a6,3b,0e,92,03,88,39,41,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:3d,52,d5,a5,23,74,b5,bd,19,92,cd,9a,57,a0,6a,c4,06,65,90,55,eb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
"khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:c5,15,d8,6d,83,b0,cb,0b,e6,ac,53,4c,9a,0f,cf,b9,29,af,26,c8,1d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:a3,5d,b6,49,10,0c,9b,65,4e,20,73,7e,26,09,c8,96,15,da,82,79,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:51,d3,bf,81,47,67,04,a9,0a,7a,ef,bb,de,c9,86,57,83,ec,de,24,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:92,0d,fe,02,6a,62,80,d6,03,8e,57,03,3b,58,9f,d9,c1,27,7c,5f,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
"khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4e,d9,79,a4,9e,6d,6f,89,53,60,c6,b3,65,9a,90,7f,93,c5,8d,5f,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4f,27,2a,f0,05,29,d5,b3,34,31,4c,f6,50,35,33,b3,43,af,e9,5c,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:51,d3,bf,81,47,67,04,a9,0a,7a,ef,bb,de,c9,86,57,83,ec,de,24,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:92,0d,fe,02,6a,62,80,d6,03,8e,57,03,3b,58,9f,d9,c1,27,7c,5f,ec,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
"khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4e,d9,79,a4,9e,6d,6f,89,53,60,c6,b3,65,9a,90,7f,93,c5,8d,5f,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4f,27,2a,f0,05,29,d5,b3,34,31,4c,f6,50,35,33,b3,43,af,e9,5c,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:51,d3,bf,81,47,67,04,a9,0a,7a,ef,bb,de,c9,86,57,83,ec,de,24,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:92,0d,fe,02,6a,62,80,d6,03,8e,57,03,3b,58,9f,d9,c1,27,7c,5f,ec,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*
isabled:Windows Live Call"
"C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\vbfodkshc.exe"="C:\\WINDOWS\\system32\\vbfodkshc.exe:*:Enabled:Log System"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files :
C:\WINDOWS\mrofinu1001186.exe Found
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 13 Jun 2008 87,552 A.SHR --- "C:\aqnhkupua.exe"
Wed 13 Jun 2007 87,552 A.SHR --- "C:\austvekws.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\bmehupqdv.exe"
Wed 13 Jun 2007 87,552 A.SHR --- "C:\fkjqsenjv.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\fnxekmrhq.exe"
Wed 13 Jun 2007 87,552 A.SHR --- "C:\izlxwycqu.exe"
Wed 13 Jun 2007 87,552 A.SHR --- "C:\kefgsvkax.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\linsmdakf.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\mitnlygip.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\noqxuuycu.exe"
Wed 13 Jun 2007 87,552 ...H. --- "C:\ntqxvrfhk.exe"
Wed 13 Jun 2007 87,552 A.SHR --- "C:\nvmjljceg.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\ogiqwaxbd.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\ojcwbnwks.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\qmlpxekdd.exe"
Sat 14 Jun 2008 87,552 A.SHR --- "C:\qoepuqjpp.exe"
Sat 14 Jun 2008 87,552 A.SHR --- "C:\qxtvqsygc.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\sxplhpjjc.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\tmtsohicx.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\trsmyoqpe.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\udpwolusm.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\vcocroqgh.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\vdvjcytca.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\vwopajxnq.exe"
Wed 13 Jun 2007 87,552 A.SHR --- "C:\wubeuplfl.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\ysfjlogmo.exe"
Fri 13 Jun 2008 87,552 A.SHR --- "C:\ywinmulpn.exe"
Wed 13 Jun 2007 87,552 A.SHR --- "C:\zedsgsusr.exe"
Sat 14 Jun 2008 87,552 A.SHR --- "C:\zlluflzog.exe"
Sat 14 Jun 2008 87,552 A.SHR --- "C:\znvlxptss.exe"
Fri 14 Dec 2007 1,578,312 ...H. --- "C:\Program Files\Travelogue 360 Paris\TraveLogue-Paris.exe"
Wed 16 Apr 2008 78,848 ..SHR --- "C:\Program Files\T?sks\spoolsv.exe"
Thu 29 May 2008 230,400 ..SHR --- "C:\WINDOWS\F?nts\??plorer.exe"
Wed 13 Jun 2007 87,552 ..SHR --- "C:\WINDOWS\system32\vbfodkshc.exe"
Thu 24 May 2007 39,873,867 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\~WRL0003.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITE.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT11.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT15.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITD.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT12.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BITF.tmp"
Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT19.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT14.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT10.tmp"
Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT13.tmp"
Fri 7 Sep 2007 2,325 ...HR --- "C:\Documents and Settings\Administrateur\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
****************************************************
Puis le main.txt de Dss
Deckard's System Scanner v20071014.68
Run by Administrateur on 2008-07-29 23:26:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 1 Restore Point(s) --
1: 2008-07-29 21:21:33 UTC - RP316 - Deckard's System Scanner Restore Point
Backed up registry hives.
Performed disk cleanup.
[color=red]System Drive C: has 1.04 GiB (less than 15%) free.[/color]
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 23:28:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\vbfodkshc.exe
C:\Program Files\Mojicon\Mojicon\mojiim.exe
C:\Program Files\Mojicon\Mojicon\mojiwin.exe
C:\Program Files\Mojicon\Mojicon\mojiversion.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\T?sks\spoolsv.exe
C:\WINDOWS\F?nts\??plorer.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/red [...] r=iesearch
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_b [...] Player.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_d [...] 0.0.33.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8498 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 UNPR - c:\windows\system32\unpr.sys
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
S0 d344bus - c:\windows\system32\drivers\d344bus.sys
S0 d344prt - c:\windows\system32\drivers\d344prt.sys
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
S3 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: d344bus
-- Files created between 2008-06-29 and 2008-07-29 -----------------------------
2008-07-29 23:23:10 87552 ---h---c- C:\gzpzjqult.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
2008-07-27 15:58:53 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Sudden Games
2008-07-24 12:53:21 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Amaranth Games
2008-07-23 21:54:18 44544 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-07-23 05:56:58 62976 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-07-22 21:54:55 0 d-------- C:\Program Files\Antipub
2008-07-22 21:52:57 0 d-------- C:\Program Files\FileSubmit
2008-07-22 21:49:58 0 d-------- C:\Program Files\Mojicon
2008-07-22 21:49:15 0 d-------- C:\Program Files\AdVantage
2008-07-22 21:48:32 0 d-------- C:\WINDOWS\icons
2008-07-22 21:48:23 0 d-------- C:\Program Files\Mojicon Installer
2008-07-22 21:14:24 0 d-------- C:\WINDOWS\F?nts
2008-07-22 21:14:13 60928 --a------ C:\WINDOWS\system32\eqv.dll
2008-07-22 21:12:18 64852 --a------ C:\WINDOWS\system32\irdwzsmttobfcxo.exe
2008-07-11 15:47:12 158208 --a------ C:\WINDOWS\system32\yvczvochgojsjaij.dll
-- Find3M Report ---------------------------------------------------------------
2008-07-29 23:03:33 0 d-------- C:\Program Files\Fichiers communs
2008-07-29 10:18:56 0 d------c- C:\Documents and Settings\Administrateur\Application Data\PlayFirst
2008-07-28 18:01:47 0 d-------- C:\Program Files\Outerinfo
2008-07-24 13:10:37 0 d-------- C:\Program Files\Zylom Games
2008-07-24 12:48:43 0 d-------- C:\Program Files\bfgclient
2008-07-22 23:28:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Zylom
2008-07-22 23:28:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-07-22 21:49:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-22 21:27:11 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Adobe
2008-07-22 21:22:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2008-06-14 10:46:10 87552 -rahs--c- C:\qoepuqjpp.exe
2008-06-14 10:01:03 87552 -rahs--c- C:\znvlxptss.exe
2008-06-14 01:06:32 87552 -rahs--c- C:\zlluflzog.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
2008-06-14 01:06:01 87552 -rahs--c- C:\qxtvqsygc.exe
2008-06-13 23:49:51 87552 -rahs--c- C:\udpwolusm.exe
2008-06-13 23:45:37 87552 -rahs--c- C:\mitnlygip.exe
2008-06-13 22:17:32 87552 -rahs--c- C:\ojcwbnwks.exe
2008-06-13 21:35:19 87552 -rahs--c- C:\vdvjcytca.exe
2008-06-13 21:30:46 87552 -rahs--c- C:\ysfjlogmo.exe
2008-06-13 21:26:47 87552 -rahs--c- C:\vcocroqgh.exe
2008-06-13 21:06:35 87552 -rahs--c- C:\noqxuuycu.exe
2008-06-13 20:56:41 87552 -rahs--c- C:\trsmyoqpe.exe
2008-06-13 20:49:09 87552 -rahs--c- C:\tmtsohicx.exe
2008-06-13 18:49:48 87552 -rahs--c- C:\bmehupqdv.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
2008-06-13 18:48:13 87552 -rahs--c- C:\vwopajxnq.exe
2008-06-13 18:17:36 87552 -rahs--c- C:\sxplhpjjc.exe
2008-06-13 17:17:31 87552 -rahs--c- C:\linsmdakf.exe
2008-06-13 17:10:19 87552 -rahs--c- C:\qmlpxekdd.exe
2008-06-13 10:43:38 87552 -rahs--c- C:\ywinmulpn.exe
2008-06-13 10:26:49 87552 -rahs--c- C:\fnxekmrhq.exe
2008-06-13 10:14:46 87552 -rahs--c- C:\ogiqwaxbd.exe
2008-06-13 10:09:42 87552 -rahs--c- C:\aqnhkupua.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad99cf64-ff59-9e30-3cae-5b7a705e14b9}]
11/07/2008 15:47 158208 --a------ C:\WINDOWS\system32\yvczvochgojsjaij.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D930EF6E-24F1-0F20-FF4D-71A2E0E918B0}]
29/05/2008 20:34 60928 --a------ C:\WINDOWS\system32\eqv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 13:26]
"nwiz"="nwiz.exe" []
"SW20"="C:\WINDOWS\system32\sw20.exe" []
"SW24"="C:\WINDOWS\system32\sw24.exe" []
"SoundMan"="SOUNDMAN.EXE" [27/03/2003 16:34 C:\WINDOWS\SOUNDMAN.EXE]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 16:57]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [18/03/2005 09:47]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [19/04/2007 13:26]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08/11/2007 14:00]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [21/08/2007 17:22]
"Log System"="C:\WINDOWS\system32\vbfodkshc.exe" [13/06/2007 15:22]
"mojiim"="C:\Program Files\Mojicon\Mojicon\mojiim.exe" [08/08/2007 15:59]
"mojioutlook"="regsvr32 C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" []
"mojiexpress"="regsvr32 C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" []
"mojiwin"="C:\Program Files\Mojicon\Mojicon\mojiwin.exe" [28/11/2007 20:13]
"mojiversion"="C:\Program Files\Mojicon\Mojicon\mojiversion.exe" [31/01/2008 11:30]
"{d4bfaa67-4026-014f-5674-02bc612d9a51}"="C:\WINDOWS\system32\yvczvochgojsjaij.dll" [11/07/2008 15:47]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [29/07/2008 23:24]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:54]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" []
"Veoh"="J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [30/01/2008 13:55]
"Seno"="C:\PROGRA~1\TSKS~1\spoolsv.exe" [16/04/2008 21:39]
"Gashrv"="C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe" []
"Hae"="C:\WINDOWS\F?nts\??plorer.exe" []
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [14/07/2008 11:52]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mjc"=C:\Program Files\mjc\mjc.exe
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe [23/03/2003 20:38:22]
BoontyBox VNUnet.lnk - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe [06/11/2007 21:55:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bd8f9c-0602-11dc-b33b-000feaa950fc}]
AutoRun\command- K:\setup.exe
-- Hosts -----------------------------------------------------------------------
127.0.0.1 NtKrnlpa.info
-- End of Deckard's System Scanner: finished at 2008-07-29 23:30:55 ------------
**************************************************
Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: AMD Sempron(tm) 2600+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 767.48 MiB / 383.33 MiB
Pagefile Memory (total/avail): 1876.2 MiB / 1580.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.25 MiB
C: is Fixed (NTFS) - 9.77 GiB total, 1.03 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Fixed (NTFS) - 64.76 GiB total, 28.21 GiB free.
K: is CDROM (UDF)
L: is CDROM (CDFS)
M: is CDROM (No Media)
N: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BB-00JHA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 9.77 GiB - C:
\PARTITION1 - Système de fichiers installable - 64.76 GiB - J:
\\.\PHYSICALDRIVE1 - IC USB Storage-CFC USB Device
\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device
\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device
\\.\PHYSICALDRIVE2 - IC USB Storage-SMC USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AV: Avira AntiVir PersonalEdition v 7.0.0.188
(Avira GmbH) [COLOR=RED]Disabled[/COLOR] [COLOR=RED]Outdated[/COLOR]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*isabled:Windows Live Call"
"C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\system32\\vbfodkshc.exe"="C:\\WINDOWS\\system32\\vbfodkshc.exe:*:Enabled:Log System"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrateur\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=DIDY
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrateur
LOGONSERVER=\\DIDY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=DIDY
USERNAME=Administrateur
USERPROFILE=C:\Documents and Settings\Administrateur
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrateur [I](admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
--> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
18 Wheels of Steel Pedal to the Metal --> J:\Program Files\18 WoS Pedal to the Metal\uninst.exe
181985 --> MsiExec.exe /X{29E1FBA5-C4D3-43DE-B04C-4CEB8593A899}
Abra Academy: Returning Cast --> "J:\Program Files\Abra Academy Returning Cast\Uninstall.exe"
Ad-aware SE - Traduction FR --> C:\Program Files\Lavasoft\Ad-Aware SE Professional\uninst-trad.exe
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AdVantage --> MsiExec.exe /X{B63C1E49-2E0E-406B-BD8A-C703E4263E0A}
AGEIA PhysX v6.10.25 --> MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
Anti-Pub 2003.03 --> "C:\Program Files\Antipub\unins000.exe"
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Big Island Blends --> J:\Program Files\PLAYFI~1\BIGISL~1\UNWISE.EXE J:\Program Files\PLAYFI~1\BIGISL~1\INSTALL.LOG
BoontyBox 2.1 --> "C:\WINDOWS\unins000.exe"
BSPlayer --> "j:\Program Files\Webteh\BSplayer\uninstall.exe"
Building & Co --> J:\Program Files\Elektrogames\Building&Co\uninstall.exe
Burger Rush --> J:\Program Files\GAMEHO~1\BURGER~1\UNWISE.EXE /U J:\Program Files\GAMEHO~1\BURGER~1\INSTALL.LOG
Cake Mania 2 --> J:\Program Files\PLAYFI~1\CAKEMA~1\UNWISE.EXE J:\Program Files\PLAYFI~1\CAKEMA~1\INSTALL.LOG
Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi040c.dll"
Canon Utilities Easy-LayoutPrint --> J:\Program Files\uninst.exe uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDPoker --> "C:\Poker\CDPoker\_SetupPoker.exe" /uninstall
CEP - Color Enable Package --> "J:\Program Files\EA GAMES\zCEP_Uninstaller\unins000.exe"
Chromadrome 2 --> "C:\Program Files\Gamenext\Chromadrome 2\Uninstall.exe" "C:\Program Files\Gamenext\Chromadrome 2\install.log"
Coffee Rush --> "J:\Program Files\Coffee Rush\Uninstall.exe"
Construction - Destruction --> C:\PROGRA~1\FICHIE~1\InstallShield\Driver\7\INTEL3~1\IDriver.exe /M{9C488DA2-01C0-47A4-A4C9-7A1F82B819D9}
Construction Destruction --> J:\Program Files\Valusoft\CONSTR~2\UNWISE.EXE J:\Program Files\Valusoft\CONSTR~2\INSTALL.LOG
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Cribbage Quest fr --> "C:\Program Files\BoontyGames\Cribbage Quest\unins000.exe"
Daycare Nightmare --> J:\Program Files\PLAYFI~1\DAYCAR~1\UNWISE.EXE J:\Program Files\PLAYFI~1\DAYCAR~1\INSTALL.LOG
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Content Uploader --> J:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> J:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Enhancement Browser Tools Bannerstyle --> C:\WINDOWS\system32\irdwzsmttobfcxo.exe
Europa Casino --> "C:\Casino\Europa Casino\_SetupCasino.exe" /uninstall
Fashion Dash --> "J:\Program Files\Fashion Dash\Uninstall.exe"
Generic USB Card Reader Driver v1.9e3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\irunin.ini"
Golden Hearts Juice Bar --> "C:\My Games\un_Golden Hearts Juice Bar _35701.exe"
Hidden Expedition Titanic --> "C:\Program Files\MSN Games\Hidden Expedition Titanic\Uninstall.exe" "C:\Program Files\MSN Games\Hidden Expedition Titanic\install.log"
HijackThis 1.99.1 --> C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HijackThis.exe /uninstall
InterCasino France --> C:\WINDOWS\system32\UnCasinoV5_FRA.exe InterCasinoV8FRA
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Les Sims 2 --> J:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims 2 : Nuits de Folie --> J:\Program Files\EA GAMES\Les Sims 2 Nuits de Folie\EAUninstall.exe
Les Sims 2 Fun en Famille Kit --> J:\Program Files\EA GAMES\Les Sims 2 F
Re,
Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux lorsque tu seras en mode sans échec.
Ton infection utilise le social engineering comme vecteur de propagation.
Pour en savoir plus sur les infections se propageant via MSN, clique **ICI**.
Télécharge MSNFix (de !aur3n7) sur ton Bureau :
Dézippe-le sur C:\ et redémarre en mode sans échec :
Redémarre l'ordinateur et dès qu'il commence à charger appuie continuellement sur la touche F8. Un menu devrait apparaitre où tu auras la possibilité de choisir le mode sans échec.
Note 1 : Si tu es sous Windows Vista, fais un clic droit sur le programme et choisis Exécuter en tant qu'Administrateur.
- Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat (L’extension bat peut ne pas apparaître).
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage (N).
- Si tu dois redémarrer l’ordinateur fais le manuellement.
- Poste le rapport situé dans le dossier MSNFix.
Note 2 : Le nom du rapport correspond à l'heure de sa création : date_heure.log
Note 3 : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci.
Aide : Comment utiliser MSNFix.
Sécurité / Prévention
Répondre à Egwene
Re,
On continue, il en reste
Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
- ferme toutes les applications et fenêtres
- double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
- s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
- tu devras cliquer 2 fois sur le OK des boîtes de dialogue
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
- quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
- tu n'auras pas de boîte de dialogue (pas de OK)
- quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran
- copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
- copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
- n'oublie pas de réactiver les protections si elles ont été stoppées.
Ce que fait DSS :
- crée un point de restauration dans Windows XP et Vista
- nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
- vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.
Sécurité / Prévention
Répondre à Egwene
Bonjour,
1) --> Télécharger OTMoveIt2 par OldTimer.
Enregistrer ce fichier sur le Bureau.
--> Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Installe-le et fais la mise à jour.
--> Téléchargez ATF Cleaner sur votre Bureau.
2) Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier
@echo off & cls
|
Puis , menu Démarrer / Executer , tape cmd et valide par OK
Fais un clique droit dans la fenêtre noire et choisis Coller
il va sortir un rapport , poste le ici
3) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :
| Citation : O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
|
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.
4) Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
5) Désinstalle les programmes suivants ( si présents ) via ajout/suppression de programmes du panneau de configuration ( menu démarrer > panneau de configuration ) :
AdVantage
mjc
Boonty Games
6) Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
- Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
[kill explorer]
|
- Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre jaune clair) puis choisir Coller.
- Cliquer sur le bouton rouge Moveit!.
- Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
- Fermer OTMoveIt2
Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.
Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
7) Faites un double clic sur ATF-Cleaner.exe pour lancer le programme.
- Cliquez sur Select All situé en bas de la liste.
- Cliquez sur le bouton Empty Selected.
Si vous utilisez le navigateur Firefox, faites aussi ceci :
- Cliquez sur Firefox en haut et choisissez Select All dans la liste.
- Cliquez sur le bouton Empty Selected.
- NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.
Si vous utilisez le navigateur Opera, faites aussi ceci :
- Cliquez sur Opera en haut et choisissez Select All dans la liste.
- Fermez TOUS les navigateurs Internet (très important).
- Cliquez sur le bouton Empty Selected.
- NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.
Cliquez sur Exit dans le menu principal pour fermer le programme.
8) Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
9) Merci de me poster les rapports suivants :
- OTmoveIT2.
- MBAM.
- Un nouveau rapport DSS scan.
- Le contenu du notepad de l'étape 2.
Sécurité / Prévention
Répondre à Egwene
Re,
| Citation : la manip de OTmoveIT et des progs suivant doit être faite sous mode sans échec ou bien sous win normal? |
En mode sans échec. Le bureau disparaîtra lors de la manip', c'est normal alors ne t'inquiète pas
Sinon laisse tomber l'étape de suppression des programmes via le panneau de configuration, fais la manip' avec OTmoveIT2 et les suivantes.
J'attends les rapports.
Sécurité / Prévention
Répondre à Egwene
Re,
Laisse tomber OTmoveIT2 et supprime tous les fichiers de l'encadré manuellement en mode sans échec.
Si ça ne marche pas, on essayera autrement.
Poste un nouveau rapport DSS scan une fois que tu auras fait les suppressions en mode sans échec.
Sécurité / Prévention
Répondre à Egwene
