pb virus

Question

Bonjour,
impossible instaler antivir eet cclaner si joint rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:41, on 26/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users	homas\AppData\Roaming\mqtgsvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBPE.EXE
C:\Users	homas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\Users	homas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users	homas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T502GIDP\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\Users	homas\AppData\Roaming\MICROS~1\mqtgsvc.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\Windows\TEMP\E_SE231.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\Windows\TEMP\E_S54D5.tmp" /EF "HKCU"
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Users	homas\AppData\Roaming\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [SessMgr] C:\Users	homas\AppData\Local\Temp\sessmgr.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [rsvp] C:\Users	homas\AppData\Roamingsvp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [rsvp] C:\Users	homas\AppData\Roamingsvp.exe /waitservice (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = thomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbaresources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{E001E5C7-AC5E-4DA1-A0D1-A3FDC3A6980D}: NameServer = 192.168.30.1
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

totobetourne · Answer

bonjour


1)pour vista si infection.

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html 




2)Bonjour,

*Télécharge SDFix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Double-clique sur SDFix.exe
*Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
*Redémarre en mode sans échec
*Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
*Double clique sur RunThis.bat pour lancer le script. (Le .bat peut ne pas apparaître)
*Appuie sur Y pour commencer le processus de nettoyage.
*Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
*Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
*Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
*Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
*Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
*Copie/colle le contenu


*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.

toto60420 · Answer

je n arrive pas a ouvrire RunThis.bat en mode sans écheque

totobetourne · Answer

as tu fait cela.

*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.

phi60420 · Answer

re 
oui mais il ne veut pas quand je copie %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe il me dit vérifiez que vous avez entré lle nom correct puis rééssayez tous ca a été fait en mode sans echec

dragibusdragibus · Answer

héé lol klk1 pourai m'aider s'il vous plai merci

toto60420 · Answer

phi60420 est le compte d'utilisateur de mon pere

totobetourne · Answer

passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm 
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.

garde le et lance un scan tout les mois comme indique.

si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.

toto60420 · Answer

qd je clic sur l icone dans le bureau en mode sans echec il me marque eror 481 alors que en mode normal il fonctione

totobetourne · Answer

fait comme indique le scan mais en mode normal.

toto60420 · Answer

voila le rapport : 

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 6.0.6001 Service Pack 1

27/12/2008 15:54:08
mbam-log-2008-12-27 (15-54-08).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 185237
Temps écoulé: 1 hour(s), 48 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Worm.Bagel) -> Quarantined and deleted successfully.


Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users	homas\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\Users	homas\AppData\Roaming\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Users	homas\Downloads\Setup+Patch.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users	homas\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users	homas\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users	homas\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Users	homas\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot.

totobetourne · Answer

ok on y voit un peu plus.


si tu as des cracks vire les de ton ordi.

ensuite passe cela.
 Télécharges FindyKill de Chiquitine29 

Fais un clique droit sur le lien et choisis "enregistrer la cible sous ...." , destination le bureau .

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe


Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

--> Entre dans le dossier " FindyKill "

Double clic sur " FindyKill.bat " (et pas sur autre chose!) pour lancer l'outil .

->choisis l'option 1 . Puis laisses travailler ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

toto60420 · Answer

voila le rapport

----------------- FindyKill V4.710 ------------------

* User : thomas - PC-DE-THOMAS
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 15:57:37 le 28/12/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\thomas\AppData\Roaming\mqtgsvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\Users\thomas\AppData\Roaming\drivers\winupgro.exe
C:\Users\thomas\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\thomas\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

--------------- [ Processus infectieux stoppés ] ----------------

"C:\Users\thomas\AppData\Roaming\drivers\winupgro.exe" (3312)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\Prefetch\KEYGEN.EXE-D4E824F1.pf
Found ! - C:\Windows\Prefetch\KEYGEN.EXE-EC64A75C.pf
Found ! - C:\Windows\Prefetch\KEYGEN.EXE-D4E824F1.pf
Found ! - C:\Windows\Prefetch\KEYGEN.EXE-EC64A75C.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [28/12/2008 15:47] - C:\Windows\system32\mdelk.exe
Found ! [28/12/2008 15:47] - C:\Windows\system32\wintems.exe
Found ! [28/12/2008 15:47] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\thomas\AppData\Roaming

Found ! [28/12/2008 13:48] - "C:\Users\thomas\AppData\Roaming\drivers"
Found ! [28/12/2008 15:47] - "C:\Users\thomas\AppData\Roaming\drivers\srosa.sys"
Found ! [28/12/2008 15:47] - "C:\Users\thomas\AppData\Roaming\drivers\srosa2.sys"
Found ! [01/09/2004 03:06] - "C:\Users\thomas\AppData\Roaming\drivers\winupgro.exe"
Found ! [28/12/2008 15:53] - "C:\Users\thomas\AppData\Roaming\drivers\downld"
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1002259.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1008218.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\103506.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\105129.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1055533.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1057265.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\105862.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1093613.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1094612.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1094627.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\109528.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\110386.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1109853.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1111195.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1111647.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1112333.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1115235.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1117637.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\111892715.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\111893370.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\111893386.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\111941387.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\111942916.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\111943712.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\111975224.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\112336.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\113100.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\113116.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1158853.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1159477.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1159493.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1160694.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1171832.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1177058.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1189554.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1193173.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1194718.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1196746.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1198836.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1199694.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1200100.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1200755.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1201550.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\120323.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1234186.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1234888.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1234950.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\123864.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\123880.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\124270.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\124785.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\124800.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\125596.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\125783.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\126329.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\126641.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\126953.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\127421.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\127733.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1277882.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1283170.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1285510.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1297273.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\130182.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\130510.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\130978.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\134597.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\141368.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\141383.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1415038.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1421371.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1430872.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\143552.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1445224.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\144722.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\145049.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\145439.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\147093.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\147483.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\147654.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\155751.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\156032.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\158029.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\158450.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\158731.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1593051.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1594907.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1595375.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1596997.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\159776.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1598058.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1598791.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1632628.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1633455.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1633533.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\173613.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1745245.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1755214.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\175859.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\176343.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1770299.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\184065.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1850468.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1856583.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\1856957.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\187950.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\195703.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\206623.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\208682.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\211630.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\236247.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\237230.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\237402.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\245436.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\251270.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\252659.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\253111.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\253782.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\254593.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\255155.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\256777.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2613874.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\261410.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2616963.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2616979.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2623156.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\262549.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\262908.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2645589.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2646790.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2647165.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\2670097.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\270848.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\278290.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\286261.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\287931.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\288648.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\297447.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\299537.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\299989.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\301690.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\302579.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\303047.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\319131.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\320285.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\320301.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\321424.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\322313.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\322750.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\330690.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\331439.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\331548.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\331580.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\333155.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\335417.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\336478.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\338272.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\339894.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\340300.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\341174.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\341345.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\341985.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\342827.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\343670.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\344138.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\345089.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\351361.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\362093.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\364449.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\365323.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\365869.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\366087.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\367397.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\373840.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\376024.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\376602.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\377038.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\377335.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\378177.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\378240.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\378271.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\378739.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\378786.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\379394.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\379519.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\380548.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\381297.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\381391.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\387272.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\388645.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\389160.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\389971.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\390813.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\390844.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\391312.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\391780.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\392623.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\393122.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\393980.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\394885.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\395337.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\402186.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\404307.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\404323.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\404822.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\405602.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\405664.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\408644.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\411530.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\412123.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\412326.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\412404.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\413324.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\413714.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\416195.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\417380.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\417692.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\417989.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\419393.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\419439.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\419861.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\420547.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\421296.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\421748.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\422965.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\424650.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\426210.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\426974.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\428051.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\428581.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\436755.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\445944.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\450593.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\451934.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\453947.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\456256.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\457987.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\459532.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\463525.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\463931.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\477597.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\483759.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\487908.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\496941.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\504444.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\507627.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\509327.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\510981.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\512120.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\512291.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\512853.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\513009.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\513742.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\514101.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\516004.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\516550.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\516862.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\52400.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\526940.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\535847.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\535957.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\542119.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\543398.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\548873.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\549544.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\551026.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\551354.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\552259.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\552820.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\557906.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\558717.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\558857.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\564302.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\572133.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\573756.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\573771.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\578997.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\588030.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\605954.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\606438.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\606625.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\606765.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\60793.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\607982.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\60809.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\608232.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\60840.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\608856.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\608965.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\609823.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\609901.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\610104.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\614160.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\619979.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\620384.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\621554.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\621913.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\623083.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\623847.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\62790.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\63102.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\632552.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\63710.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\641772.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\64334.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\656717.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\657591.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\657669.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\65988.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\66004.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\66097.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\66238.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\675562.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\67688.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\68125.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\68141.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\68812.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\68827.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\701052.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\71698.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\71776.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\72400.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\72712.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7283140.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\72836.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7284763.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7284778.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7293764.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\73008.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7316103.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7317133.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7317523.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7344714.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7408269.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7409173.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7409314.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7427301.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7429173.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7429703.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7430686.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7431606.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7432293.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7457752.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7459078.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7459562.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7468657.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7470560.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7470950.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7494740.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7509498.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7510480.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\7510574.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\826368.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\828552.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\829020.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\831485.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\833497.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\835775.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\837506.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\847444.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\84817.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\855462.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\85628.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\87610.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\87625.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\88249.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\88639.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\89248.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\89575.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\910733.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\911233.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\916131.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\92118.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\92274.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\926692.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\927800.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\927909.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\93397.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\93413.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\941622.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\96221.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\971699.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\973976.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\97563.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\97984.exe
Found ! [28/12/2008 15:53] - C:\Users\thomas\AppData\Roaming\drivers\downld\993039.exe

»»»» Presence des fichiers dans C:\Users\thomas\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\thomas\Local Settings\Temporary Internet Files\Content.IE5

Found ! [28/12/2008 15:47] - C:\Users\thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HO3BRP2\b64_3[1].jpg
Found ! [28/12/2008 15:51] - C:\Users\thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT6ZKOG3\b64_1[1].jpg
Found ! [28/12/2008 15:52] - C:\Users\thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT6ZKOG3\b64_2[1].jpg
Found ! [28/12/2008 15:49] - C:\Users\thomas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5DYDO3O\b64[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
LightScribe Control Panel=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
ccleaner="C:\Program Files\CCleaner\CCleaner.exe" /AUTO
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
EPSON Stylus Photo RX560 Series=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\Windows\TEMP\E_SE231.tmp" /EF "HKCU"
ehTray.exe=C:\Windows\ehome\ehTray.exe
BitComet=C:\Program Files\BitComet\BitComet.exe /tray
NBCore="C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
EPSON Stylus Photo RX560 Series (Copie 1)=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\Windows\TEMP\E_S54D5.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IgfxTray=C:\Windows\system32\igfxtray.exe
HotKeysCmds=C:\Windows\system32\hkcmd.exe
Persistence=C:\Windows\system32\igfxpers.exe
UCam_Menu="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
QPService="C:\Program Files\HP\QuickPlay\QPService.exe"
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
QlbCtrl.exe=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-3127354377-3950098403-135022865-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-3127354377-3950098403-135022865-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-3127354377-3950098403-135022865-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-3127354377-3950098403-135022865-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-3127354377-3950098403-135022865-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-3127354377-3950098403-135022865-1000\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

totobetourne · Answer

1)Réouvre FindyKill , choisi cette fois ci l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage terminé"

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque 



attend ce n est pas fini.suivant le rapport il faudra faire autre chose.merci

toto60420 · Answer

voila le rapport

----------------- FindyKill V4.710 ------------------

* User : thomas - PC-DE-THOMAS
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 18:57:54 the 28/12/2008
* Windows Vista - Internet Explorer 7.0.6001.18000
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32unonce.exe
C:\Windows\system32\conime.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
 
»»»» Supression files in C:\Windows 
 
 
»»»» Supression files in C:\Windows\Prefetch 
 
 
»»»» Supression files in C:\Windows\system32 
 
 
»»»» Supression files in C:\Windows\system32\config\systemprofile\AppData\Roaming 
 
 
»»»» Supression files in C:\Windows\system32\drivers 
 
 
»»»» Supression files in C:\Users	homas\AppData\Roaming 
 
 
»»»» Supression files in C:\Users	homas\AppData\Local\Temp 
 
 
»»»» Supression files in C:\Users	homas\Local Settings\Temporary Internet Files\Content.IE5 
 
Deleted ! - C:\Users	homas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QLZUNBG\b64[1].jpg    
Deleted ! - C:\Users	homas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QLZUNBG\b64_1[1].jpg    
Deleted ! - C:\Users	homas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QLZUNBG\b64_2[1].jpg    
Deleted ! - C:\Users	homas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11SO22A5\b64_3[1].jpg    
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   
 
--------------- [ States / Restarting of services ] ---------------- 
 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

 Ndisuio - Type of startup  = 3 
 
 EapHost - Type of startup  = 2 
 
 Wlansvc - Type of startup  = 2 
 
 SharedAccess - Type of startup  = 2 
 
 wuauserv - Type of startup  = 2 
 
 wscsvc - Type of startup  = 2 
 
 WinDefend - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe
D: - Lecteur fixe
 
+- deleting files : 
 
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
 
 
---------------- ! End of report ! ------------------

totobetourne · Answer

ok .

toujours presente la salete.


pour voir télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.IL FAUT ABSOLUMENT RENOMMER COMBO FIX EN FAISANT UN CLIC DROIT PUIS RENOMMER, SINON INEFFICACE SUR BAGLE.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

toto60420 · Answer

voila le rapport

ComboFix 08-12-28.01 - thomas 2008-12-28 22:26:08.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3002.2076 [GMT 1:00]
Lancé depuis: c:\users\thomas\Desktop\thomas.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Pncrt.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))
.

2008-12-28 22:29 . 2008-12-24 17:10 81,920 --a------ c:\windows\System32\drivers\cmstp.exe
2008-12-28 22:21 . 2008-12-28 22:24 <REP> d-------- C:\ComboFix
2008-12-28 19:36 . 2008-12-28 19:36 <REP> d-------- c:\users\All Users\Google
2008-12-28 19:35 . 2008-12-28 19:36 <REP> d-------- c:\program files\Google
2008-12-28 15:54 . 2008-12-28 19:00 <REP> d-------- c:\program files\FindyKill
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\users\thomas\AppData\Roaming\Malwarebytes
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\programdata\Malwarebytes
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 22:44 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-26 22:44 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-26 22:17 . 2008-12-27 17:43 69 --a------ c:\windows\NeroDigital.ini
2008-12-26 19:17 . 2008-12-26 19:17 19,968 --a------ C:\fr.doc
2008-12-26 14:59 . 2008-12-26 15:54 <REP> d-------- C:\SDFix
2008-12-24 18:05 . 2008-12-24 17:10 81,920 --a------ c:\users\thomas\AppData\Roaming\rsvp.exe
2008-12-24 18:05 . 2008-12-24 17:10 81,920 --a------ c:\users\thomas\AppData\Roaming\mqtgsvc.exe
2008-12-24 17:43 . 2008-12-24 17:59 <REP> d-------- c:\program files\WinAVI MP4 Converter
2008-12-24 17:26 . 2008-12-24 17:26 <REP> d-------- c:\program files\Amic Utilities
2008-12-24 17:26 . 2005-12-30 20:10 761,856 --a------ c:\windows\System32\xvidcore.dll
2008-12-24 17:26 . 2006-07-07 11:56 580,114 --a------ c:\windows\System32\x264vfw.dll
2008-12-24 17:26 . 2005-12-30 20:18 180,224 --a------ c:\windows\System32\xvidvfw.dll
2008-12-24 17:26 . 2006-05-26 16:29 5,120 --a------ c:\windows\System32\ff_vfw.dll
2008-12-24 17:26 . 2006-04-03 15:26 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2008-12-24 17:02 . 2008-12-24 17:04 <REP> d-------- c:\users\thomas\AppData\Roaming\Vso
2008-12-24 17:02 . 2008-12-24 17:02 <REP> d-------- c:\program files\VSO
2008-12-24 17:02 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2008-12-24 17:02 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2008-12-24 17:02 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2008-12-24 17:02 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2008-12-24 17:02 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2008-12-24 17:02 . 2002-12-10 02:20 102,439 --a------ c:\windows\System32\sipr3260.dll
2008-12-24 17:02 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2008-12-24 17:02 . 2008-12-24 17:02 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-12-24 17:02 . 2008-12-24 17:02 47,360 --a------ c:\users\thomas\AppData\Roaming\pcouffin.sys
2008-12-24 15:53 . 2008-12-24 15:53 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-23 00:03 . 2008-12-23 00:05 <REP> d-------- C:\Downloads
2008-12-19 21:27 . 2008-12-28 17:15 <REP> d-------- c:\users\thomas\Tracing
2008-12-19 21:16 . 2008-12-19 21:16 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-19 21:16 . 2008-12-19 21:16 <REP> d-------- c:\program files\Microsoft
2008-12-19 20:38 . 2008-12-19 20:38 <REP> d-------- c:\program files\Common Files\Windows Live
2008-12-19 15:25 . 2008-12-19 15:25 <REP> d-------- c:\users\All Users\ma-config.com
2008-12-19 15:25 . 2008-12-19 15:25 <REP> d-------- c:\programdata\ma-config.com
2008-12-19 15:25 . 2008-12-19 15:25 <REP> d-------- c:\program files\ma-config.com
2008-12-19 08:37 . 2008-12-19 15:57 <REP> d-------- c:\program files\EPSON Print CD
2008-12-19 08:35 . 2008-12-19 16:00 <REP> d-------- c:\users\All Users\UDL
2008-12-19 08:35 . 2008-12-19 16:00 <REP> d-------- c:\programdata\UDL
2008-12-19 08:27 . 2008-12-19 15:54 <REP> d-------- c:\program files\epson
2008-12-19 08:27 . 2008-12-19 08:27 25 --a------ c:\windows\CDE RX560EFGD.ini
2008-12-14 12:45 . 2008-12-14 12:45 <REP> d-------- c:\users\thomas\AppData\Roaming\CyberLink
2008-12-14 12:33 . 2008-12-14 12:33 <REP> d-------- c:\users\thomas\AppData\Roaming\U3
2008-12-14 01:26 . 2008-12-14 01:26 <REP> d-------- c:\users\All Users\LightScribe
2008-12-14 01:26 . 2008-12-14 01:26 <REP> d-------- c:\programdata\LightScribe
2008-12-13 18:40 . 2008-12-13 18:40 4,767 --a------ c:\windows\Irremote.ini
2008-12-13 18:38 . 2008-12-24 14:15 <REP> d-------- c:\users\thomas\AppData\Roaming\Nero
2008-12-13 18:18 . 2008-12-13 18:38 <REP> d-------- c:\program files\Nero
2008-12-13 18:17 . 2008-12-13 18:28 <REP> d-------- c:\users\All Users\Nero
2008-12-13 18:17 . 2008-12-13 18:28 <REP> d-------- c:\programdata\Nero
2008-12-13 18:17 . 2008-12-14 01:22 <REP> d-------- c:\program files\Common Files\Nero
2008-12-13 18:15 . 2008-12-24 18:00 <REP> d-------- c:\program files\Common Files\LightScribe
2008-12-13 15:23 . 2008-12-13 15:23 <REP> d-------- c:\program files\VirtualDJ
2008-12-13 11:46 . 2008-12-13 11:46 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-12-13 11:46 . 2008-12-13 11:46 <REP> d-------- c:\programdata\Messenger Plus!
2008-12-12 18:37 . 2008-12-12 18:37 <REP> d-------- c:\program files\Messenger Plus! Live
2008-12-12 17:15 . 2008-12-12 17:15 <REP> d-------- c:\users\All Users\EPSON
2008-12-12 17:15 . 2008-12-12 17:15 <REP> d-------- c:\programdata\EPSON
2008-12-12 17:14 . 2006-05-08 03:00 75,264 --a------ c:\windows\System32\E_FLBBPE.DLL
2008-12-12 17:14 . 2006-04-19 03:00 62,976 --a------ c:\windows\System32\E_FD4BBPE.DLL
2008-12-12 17:14 . 2004-09-10 21:12 49,152 --a------ c:\windows\System32\E_DCINST.DLL
2008-12-12 17:13 . 2006-03-20 00:00 63,488 --a------ c:\windows\System32\escwiad.dll
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- c:\users\All Users\Player Metaboli
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- C:\Remote Programs
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- c:\programdata\Player Metaboli
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- c:\program files\Player Metaboli
2008-12-11 19:55 . 2008-05-15 14:12 53,314 --------- c:\windows\ExentInfo.exe
2008-12-11 19:55 . 2004-02-04 10:01 2,238 --------- c:\windows\metaboli.ico
2008-12-11 19:55 . 2008-12-11 19:55 68 --a------ c:\windows\GPlrLanc.dat
2008-12-11 15:35 . 2008-12-13 16:30 <REP> d-------- c:\users\thomas\AppData\Roaming\dvdcss
2008-12-11 11:29 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 09:47 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 09:47 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 09:47 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-11 09:26 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 09:24 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 09:24 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 09:23 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 09:23 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 09:00 . 2008-12-11 09:08 <REP> d-------- c:\users\thomas\AppData\Roaming\vlc
2008-12-11 08:59 . 2008-12-11 08:59 <REP> d-------- c:\program files\VideoLAN
2008-12-11 08:43 . 2008-12-11 08:43 <REP> d-------- c:\program files\MSXML 4.0
2008-12-07 14:44 . 2008-12-07 14:44 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-07 14:44 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2008-12-07 14:31 . 2008-12-07 14:31 <REP> d-------- c:\users\All Users\WLInstaller
2008-12-07 14:31 . 2008-12-07 14:31 <REP> d-------- c:\programdata\WLInstaller
2008-12-07 14:31 . 2008-12-19 21:21 <REP> d-------- c:\program files\Windows Live
2008-12-07 14:31 . 2008-12-07 14:38 <REP> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-07 14:28 . 2007-04-09 13:23 28,040 --a------ c:\windows\System32\mdimon.dll
2008-12-07 14:28 . 2008-12-07 14:28 382 --a------ c:\windows\ODBC.INI
2008-12-07 13:58 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-07 13:58 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-07 13:58 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-07 13:58 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-07 13:58 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-07 13:58 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-07 13:54 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-07 13:54 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-07 13:54 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-07 13:43 . 2008-03-08 05:21 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-07 13:43 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-07 13:43 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-12-07 13:43 . 2008-06-19 04:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-07 13:43 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-07 13:43 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-12-07 13:43 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-12-07 13:43 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-12-07 13:43 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-12-07 13:42 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-07 13:40 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-07 13:40 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-07 13:40 . 2008-06-26 04:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-07 13:40 . 2008-04-18 06:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 13:37 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-07 13:37 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-12-07 13:37 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-07 13:36 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-12-07 13:13 . 2008-12-07 13:13 <REP> d-------- c:\users\All Users\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 16:00 255,572,312 ----a-w c:\windows\DUMP6f45.tmp
2008-12-24 16:10 81,920 ----a-w c:\windows\system32\drivers\rsvp.exe
2008-12-23 20:54 --------- d-----w c:\programdata\CyberLink
2008-12-19 07:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 07:42 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-19 02:05 --------- d-----w c:\programdata\Microsoft Help
2008-12-13 10:49 --------- d-----w c:\program files\Windows Mail
2008-12-13 10:48 --------- d-----w c:\program files\Common Files\Adobe
2008-12-12 09:16 --------- d-----w c:\programdata\WildTangent
2008-12-11 08:56 --------- d-----w c:\program files\CONEXANT
2008-12-07 13:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-07 13:19 --------- d-----w c:\programdata\Symantec
2008-12-06 12:24 --------- d-----w c:\programdata\AOL
2008-12-06 12:03 --------- d-sh--w c:\programdata\Modèles
2008-12-06 12:03 --------- d-sh--w c:\programdata\Menu Démarrer
2008-12-06 12:03 --------- d-sh--w c:\programdata\Favoris
2008-12-06 12:03 --------- d-sh--w c:\programdata\Bureau
2008-12-06 12:03 --------- d-sh--w c:\program files\Fichiers communs
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-12-01 1406192]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"EPSON Stylus Photo RX560 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE" [2006-05-23 139264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2008-09-30 1561896]
"EPSON Stylus Photo RX560 Series (Copie 1)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE" [2006-05-23 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-28 171448]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-12-28 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\users\thomas\AppData\Roaming\mqtgsvc.exe" [2008-12-24 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\windows\System32\drivers\cmstp.exe" [2008-12-24 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rsvp"="c:\users\thomas\AppData\Roaming\rsvp.exe" [2008-12-24 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\System32\drivers\rsvp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3127354377-3950098403-135022865-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4E360EEB-4791-4528-8724-89B171AA244C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{852DDDFC-8629-4527-8FF8-2B776DAAEDE0}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A49C9FF3-C4E7-41C0-8429-9085706E301A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{95828CFE-5942-4439-B847-A81AFF0C3C4D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BBAB42C7-8D0F-4A55-B7F5-61846483499F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9AF30284-F87C-4AF1-8A2E-D52E10647215}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{413F87F1-4EAE-49A0-9655-5A7251E946AB}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{A6D9F512-7AB7-4E44-B434-207A8157CD04}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{DDFDF9D8-C620-4D00-BBE4-6F73DB9FA87C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{237FCF2A-CD28-4C1F-94AE-90943100B914}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{283D6D81-C5BD-418A-908E-95E75E1A94D7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4520CE81-8445-4DBD-9502-F136767175CF}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{1BD05C7A-62BA-4B58-A601-071CC9E1AFBF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{92FB5539-A918-4FA3-84F3-64D3ED4BC128}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{6D261BAB-A3D7-4424-85D5-EAE25791B4B0}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{0D672B22-9D8C-481A-BE94-BFA62CDDFD89}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-02 361808]
R2 X4HSX32Ex;X4HSX32Ex;\??\c:\program files\Player Metaboli\X4HSX32Ex.Sys [2008-12-11 29856]
R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-08-02 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-12-16 195752]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be3a9fb4-d26d-11dd-b6fa-001d727ca7af}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa4fa686-c9cf-11dd-a7d9-001d727ca7af}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{F493CD47-D035-4AC7-AD29-41F8CEB98209}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 22:29:21
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Heure de fin: 2008-12-28 22:48:20 - La machine a redémarré [thomas]
ComboFix-quarantined-files.txt 2008-12-28 21:48:08

Avant-CF: 207 572 967 424 octets libres
Après-CF: 207,526,158,336 octets libres

296 --- E O F --- 2008-12-28 17:49:50

totobetourne · Answer

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )


Files::
c:\windows\system32\drivers\rsvp.exe

Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.



Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

toto60420 · Answer

voila le rapport combofix je joint le rapport Hijackthis apres

ComboFix 08-12-28.01 - thomas 2008-12-29 0:44:46.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3002.1997 [GMT 1:00]
Lancé depuis: c:\users\thomas\Desktop\thomas.exe
Commutateurs utilisés :: c:\users\thomas\Desktop\CFScript.txt..txt
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))
.

2008-12-29 00:46 . 2008-12-24 17:10 81,920 --a------ c:\windows\dllhst3g.exe
2008-12-28 22:48 . 2008-12-24 17:10 81,920 --a------ c:\windows\logman.exe
2008-12-28 22:29 . 2008-12-24 17:10 81,920 --a------ c:\windows\System32\drivers\rsvp.exe
2008-12-28 22:29 . 2008-12-24 17:10 81,920 --a------ c:\windows\System32\drivers\cmstp.exe
2008-12-28 22:21 . 2008-12-28 22:24 <REP> d-------- C:\ComboFix
2008-12-28 19:36 . 2008-12-28 19:36 <REP> d-------- c:\users\All Users\Google
2008-12-28 19:35 . 2008-12-28 19:36 <REP> d-------- c:\program files\Google
2008-12-28 15:54 . 2008-12-28 19:00 <REP> d-------- c:\program files\FindyKill
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\users\thomas\AppData\Roaming\Malwarebytes
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\programdata\Malwarebytes
2008-12-26 22:44 . 2008-12-26 22:44 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 22:44 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-26 22:44 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-26 22:17 . 2008-12-27 17:43 69 --a------ c:\windows\NeroDigital.ini
2008-12-26 19:17 . 2008-12-26 19:17 19,968 --a------ C:\fr.doc
2008-12-26 14:59 . 2008-12-26 15:54 <REP> d-------- C:\SDFix
2008-12-24 18:05 . 2008-12-24 17:10 81,920 --a------ c:\users\thomas\AppData\Roaming\rsvp.exe
2008-12-24 18:05 . 2008-12-24 17:10 81,920 --a------ c:\users\thomas\AppData\Roaming\mqtgsvc.exe
2008-12-24 17:43 . 2008-12-24 17:59 <REP> d-------- c:\program files\WinAVI MP4 Converter
2008-12-24 17:26 . 2008-12-24 17:26 <REP> d-------- c:\program files\Amic Utilities
2008-12-24 17:26 . 2005-12-30 20:10 761,856 --a------ c:\windows\System32\xvidcore.dll
2008-12-24 17:26 . 2006-07-07 11:56 580,114 --a------ c:\windows\System32\x264vfw.dll
2008-12-24 17:26 . 2005-12-30 20:18 180,224 --a------ c:\windows\System32\xvidvfw.dll
2008-12-24 17:26 . 2006-05-26 16:29 5,120 --a------ c:\windows\System32\ff_vfw.dll
2008-12-24 17:26 . 2006-04-03 15:26 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2008-12-24 17:02 . 2008-12-24 17:04 <REP> d-------- c:\users\thomas\AppData\Roaming\Vso
2008-12-24 17:02 . 2008-12-24 17:02 <REP> d-------- c:\program files\VSO
2008-12-24 17:02 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2008-12-24 17:02 . 2006-05-11 19:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2008-12-24 17:02 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2008-12-24 17:02 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2008-12-24 17:02 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2008-12-24 17:02 . 2002-12-10 02:20 102,439 --a------ c:\windows\System32\sipr3260.dll
2008-12-24 17:02 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2008-12-24 17:02 . 2008-12-24 17:02 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-12-24 17:02 . 2008-12-24 17:02 47,360 --a------ c:\users\thomas\AppData\Roaming\pcouffin.sys
2008-12-24 15:53 . 2008-12-24 15:53 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-23 00:03 . 2008-12-23 00:05 <REP> d-------- C:\Downloads
2008-12-19 21:27 . 2008-12-28 22:30 <REP> d-------- c:\users\thomas\Tracing
2008-12-19 21:16 . 2008-12-19 21:16 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-19 21:16 . 2008-12-19 21:16 <REP> d-------- c:\program files\Microsoft
2008-12-19 20:38 . 2008-12-19 20:38 <REP> d-------- c:\program files\Common Files\Windows Live
2008-12-19 15:25 . 2008-12-19 15:25 <REP> d-------- c:\users\All Users\ma-config.com
2008-12-19 15:25 . 2008-12-19 15:25 <REP> d-------- c:\programdata\ma-config.com
2008-12-19 15:25 . 2008-12-19 15:25 <REP> d-------- c:\program files\ma-config.com
2008-12-19 08:37 . 2008-12-19 15:57 <REP> d-------- c:\program files\EPSON Print CD
2008-12-19 08:35 . 2008-12-19 16:00 <REP> d-------- c:\users\All Users\UDL
2008-12-19 08:35 . 2008-12-19 16:00 <REP> d-------- c:\programdata\UDL
2008-12-19 08:27 . 2008-12-19 15:54 <REP> d-------- c:\program files\epson
2008-12-19 08:27 . 2008-12-19 08:27 25 --a------ c:\windows\CDE RX560EFGD.ini
2008-12-14 12:45 . 2008-12-14 12:45 <REP> d-------- c:\users\thomas\AppData\Roaming\CyberLink
2008-12-14 12:33 . 2008-12-14 12:33 <REP> d-------- c:\users\thomas\AppData\Roaming\U3
2008-12-14 01:26 . 2008-12-14 01:26 <REP> d-------- c:\users\All Users\LightScribe
2008-12-14 01:26 . 2008-12-14 01:26 <REP> d-------- c:\programdata\LightScribe
2008-12-13 18:40 . 2008-12-13 18:40 4,767 --a------ c:\windows\Irremote.ini
2008-12-13 18:38 . 2008-12-24 14:15 <REP> d-------- c:\users\thomas\AppData\Roaming\Nero
2008-12-13 18:18 . 2008-12-13 18:38 <REP> d-------- c:\program files\Nero
2008-12-13 18:17 . 2008-12-13 18:28 <REP> d-------- c:\users\All Users\Nero
2008-12-13 18:17 . 2008-12-13 18:28 <REP> d-------- c:\programdata\Nero
2008-12-13 18:17 . 2008-12-14 01:22 <REP> d-------- c:\program files\Common Files\Nero
2008-12-13 18:15 . 2008-12-24 18:00 <REP> d-------- c:\program files\Common Files\LightScribe
2008-12-13 15:23 . 2008-12-13 15:23 <REP> d-------- c:\program files\VirtualDJ
2008-12-13 11:46 . 2008-12-13 11:46 <REP> d-------- c:\users\All Users\Messenger Plus!
2008-12-13 11:46 . 2008-12-13 11:46 <REP> d-------- c:\programdata\Messenger Plus!
2008-12-12 18:37 . 2008-12-12 18:37 <REP> d-------- c:\program files\Messenger Plus! Live
2008-12-12 17:15 . 2008-12-12 17:15 <REP> d-------- c:\users\All Users\EPSON
2008-12-12 17:15 . 2008-12-12 17:15 <REP> d-------- c:\programdata\EPSON
2008-12-12 17:14 . 2006-05-08 03:00 75,264 --a------ c:\windows\System32\E_FLBBPE.DLL
2008-12-12 17:14 . 2006-04-19 03:00 62,976 --a------ c:\windows\System32\E_FD4BBPE.DLL
2008-12-12 17:14 . 2004-09-10 21:12 49,152 --a------ c:\windows\System32\E_DCINST.DLL
2008-12-12 17:13 . 2006-03-20 00:00 63,488 --a------ c:\windows\System32\escwiad.dll
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- c:\users\All Users\Player Metaboli
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- C:\Remote Programs
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- c:\programdata\Player Metaboli
2008-12-11 19:55 . 2008-12-11 19:55 <REP> d-------- c:\program files\Player Metaboli
2008-12-11 19:55 . 2008-05-15 14:12 53,314 --------- c:\windows\ExentInfo.exe
2008-12-11 19:55 . 2004-02-04 10:01 2,238 --------- c:\windows\metaboli.ico
2008-12-11 19:55 . 2008-12-11 19:55 68 --a------ c:\windows\GPlrLanc.dat
2008-12-11 15:35 . 2008-12-13 16:30 <REP> d-------- c:\users\thomas\AppData\Roaming\dvdcss
2008-12-11 11:29 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 09:47 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 09:47 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 09:47 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-11 09:26 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 09:24 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 09:24 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 09:23 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 09:23 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 09:00 . 2008-12-11 09:08 <REP> d-------- c:\users\thomas\AppData\Roaming\vlc
2008-12-11 08:59 . 2008-12-11 08:59 <REP> d-------- c:\program files\VideoLAN
2008-12-11 08:43 . 2008-12-11 08:43 <REP> d-------- c:\program files\MSXML 4.0
2008-12-07 14:44 . 2008-12-07 14:44 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-07 14:44 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\System32\d3dx9_32.dll
2008-12-07 14:31 . 2008-12-07 14:31 <REP> d-------- c:\users\All Users\WLInstaller
2008-12-07 14:31 . 2008-12-07 14:31 <REP> d-------- c:\programdata\WLInstaller
2008-12-07 14:31 . 2008-12-19 21:21 <REP> d-------- c:\program files\Windows Live
2008-12-07 14:31 . 2008-12-07 14:38 <REP> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-07 14:28 . 2007-04-09 13:23 28,040 --a------ c:\windows\System32\mdimon.dll
2008-12-07 14:28 . 2008-12-07 14:28 382 --a------ c:\windows\ODBC.INI
2008-12-07 13:58 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-12-07 13:58 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-12-07 13:58 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-12-07 13:58 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-12-07 13:58 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-12-07 13:58 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-12-07 13:54 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-07 13:54 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-07 13:54 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-07 13:43 . 2008-03-08 05:21 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-12-07 13:43 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-12-07 13:43 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2008-12-07 13:43 . 2008-06-19 04:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-07 13:43 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-07 13:43 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-12-07 13:43 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-12-07 13:43 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2008-12-07 13:43 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2008-12-07 13:42 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-07 13:40 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-12-07 13:40 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-07 13:40 . 2008-06-26 04:29 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-12-07 13:40 . 2008-04-18 06:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-07 13:37 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-07 13:37 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 16:00 255,572,312 ----a-w c:\windows\DUMP6f45.tmp
2008-12-23 20:54 --------- d-----w c:\programdata\CyberLink
2008-12-19 07:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 07:42 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-19 02:05 --------- d-----w c:\programdata\Microsoft Help
2008-12-13 10:49 --------- d-----w c:\program files\Windows Mail
2008-12-13 10:48 --------- d-----w c:\program files\Common Files\Adobe
2008-12-12 09:16 --------- d-----w c:\programdata\WildTangent
2008-12-11 08:56 --------- d-----w c:\program files\CONEXANT
2008-12-07 13:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-07 13:19 --------- d-----w c:\programdata\Symantec
2008-12-06 12:24 --------- d-----w c:\programdata\AOL
2008-12-06 12:03 --------- d-sh--w c:\programdata\Modèles
2008-12-06 12:03 --------- d-sh--w c:\programdata\Menu Démarrer
2008-12-06 12:03 --------- d-sh--w c:\programdata\Favoris
2008-12-06 12:03 --------- d-sh--w c:\programdata\Bureau
2008-12-06 12:03 --------- d-sh--w c:\program files\Fichiers communs
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-28_22.31.59.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-28 21:28:59 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-28 21:28:59 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-28 17:57:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-28 21:29:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-28 17:57:36 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-28 21:29:03 98,304 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-28 17:57:36 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-28 21:29:03 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-28 17:59:27 6,520 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3127354377-3950098403-135022865-1000_UserData.bin
+ 2008-12-28 21:32:33 6,886 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3127354377-3950098403-135022865-1000_UserData.bin
- 2008-12-28 17:59:27 95,802 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-28 21:32:33 95,810 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-26 18:19:35 306,262 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-28 23:32:32 306,902 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-12-01 1406192]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"EPSON Stylus Photo RX560 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE" [2006-05-23 139264]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"NBCore"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBCore.exe" [2008-09-30 1561896]
"EPSON Stylus Photo RX560 Series (Copie 1)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE" [2006-05-23 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-12-28 171448]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-12-28 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MqtgSVC"="c:\users\thomas\AppData\Roaming\mqtgsvc.exe" [2008-12-24 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\windows\System32\drivers\cmstp.exe" [2008-12-24 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"rsvp"="c:\users\thomas\AppData\Roaming\rsvp.exe" [2008-12-24 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\cmstp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3127354377-3950098403-135022865-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4E360EEB-4791-4528-8724-89B171AA244C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{852DDDFC-8629-4527-8FF8-2B776DAAEDE0}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{A49C9FF3-C4E7-41C0-8429-9085706E301A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{95828CFE-5942-4439-B847-A81AFF0C3C4D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BBAB42C7-8D0F-4A55-B7F5-61846483499F}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9AF30284-F87C-4AF1-8A2E-D52E10647215}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{413F87F1-4EAE-49A0-9655-5A7251E946AB}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{A6D9F512-7AB7-4E44-B434-207A8157CD04}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{DDFDF9D8-C620-4D00-BBE4-6F73DB9FA87C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{237FCF2A-CD28-4C1F-94AE-90943100B914}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{283D6D81-C5BD-418A-908E-95E75E1A94D7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4520CE81-8445-4DBD-9502-F136767175CF}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{1BD05C7A-62BA-4B58-A601-071CC9E1AFBF}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{92FB5539-A918-4FA3-84F3-64D3ED4BC128}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{6D261BAB-A3D7-4424-85D5-EAE25791B4B0}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{0D672B22-9D8C-481A-BE94-BFA62CDDFD89}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-02 361808]
R2 X4HSX32Ex;X4HSX32Ex;\??\c:\program files\Player Metaboli\X4HSX32Ex.Sys [2008-12-11 29856]
R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-08-02 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-12-16 195752]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\DRIVERS\WlanBZXP.sys [2006-03-21 402944]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be3a9fb4-d26d-11dd-b6fa-001d727ca7af}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa4fa686-c9cf-11dd-a7d9-001d727ca7af}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{F493CD47-D035-4AC7-AD29-41F8CEB98209}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 00:46:19
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-29 0:50:31
ComboFix-quarantined-files.txt 2008-12-28 23:50:28
ComboFix2.txt 2008-12-28 21:48:21

Avant-CF: 207 336 206 336 octets libres
Après-CF: 207,309,795,328 octets libres

286 --- E O F --- 2008-12-28 17:49:50

toto60420 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:55:13, on 29/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Users	homas\AppData\Roaming\mqtgsvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32
otepad.exe
C:\Users	homas\AppData\Local\Temp\~tmp\sps32_1\mdm32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users	homas\AppData\Local\Temp\Rar$EX00.638\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\Users	homas\AppData\Roaming\clipsrv.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\Windows\TEMP\E_SE231.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NBCore] "C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX560 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE /FU "C:\Windows\TEMP\E_S54D5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\Users	homas\AppData\Roaming\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [rsvp] C:\Users	homas\AppData\Roamingsvp.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [rsvp] C:\Users	homas\AppData\Roamingsvp.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbaresources\fr-FR\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{E001E5C7-AC5E-4DA1-A0D1-A3FDC3A6980D}: NameServer = 192.168.30.1
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

totobetourne · Answer

c est pas evident de te debarasser de ta merde.

Ensuite,
*Rends toi sur ce site :

https://www.virustotal.com/gui/

*Clique sur "Parcourir" et cherche ces fichiers : 

c:\windows\dllhst3g.exe
c:\windows\logman.exe
c:\windows\System32\drivers\rsvp.exe
c:\windows\System32\drivers\cmstp.exe­ 


*Un rapport va s'élaborer ligne à ligne.
*Attends la fin. Il doit comprendre la taille du fichier envoyé.
*Sauvegarde le rapport avec le bloc-note.
*Copie le dans ta réponse.
*Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintena

toto60420 · Answer

le lien que tu ma donner ne fonctione pas internet marque : Internet Explorer ne peut pas afficher cette page Web

totobetourne · Answer

on va voir si on peut y arriver , on va passer cela et voir le resultat.

Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.


Exécute le en choisissant l’option 1,
il va générer un rapport
Copie/colle le sur le poste stp.

toto60420 · Answer

voila le rapport

SmitFraudFix v2.387

Scan done at 18:00:14,38, 29/12/2008
Run from C:\Users	homas\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users	homas\AppData\Roaming\mqtgsvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32	askeng.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users	homas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users	homas\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users	homas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users	homas\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E337ACB-98AC-4BD6-92A8-1B69128DDC95}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6EAB6B8B-03D4-40E1-936B-26BE823F0F47}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4736EF4-EC8D-40D0-9E0E-6AF479779519}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D0A90CCE-3B39-429B-A33D-2662FF533693}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E001E5C7-AC5E-4DA1-A0D1-A3FDC3A6980D}: NameServer=192.168.30.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E337ACB-98AC-4BD6-92A8-1B69128DDC95}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6EAB6B8B-03D4-40E1-936B-26BE823F0F47}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4736EF4-EC8D-40D0-9E0E-6AF479779519}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D0A90CCE-3B39-429B-A33D-2662FF533693}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E001E5C7-AC5E-4DA1-A0D1-A3FDC3A6980D}: NameServer=192.168.30.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3E337ACB-98AC-4BD6-92A8-1B69128DDC95}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6EAB6B8B-03D4-40E1-936B-26BE823F0F47}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B4736EF4-EC8D-40D0-9E0E-6AF479779519}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D0A90CCE-3B39-429B-A33D-2662FF533693}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E001E5C7-AC5E-4DA1-A0D1-A3FDC3A6980D}: NameServer=192.168.30.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Pb virus

23 réponses

Votre réponse

Discussions similaires

Newsletters