Sujet Précédent Sujet Suivant

Virus protector

Marvolo Messages postés 16 Statut Membre -  
moment de grace Messages postés 30049 Statut Contributeur sécurité -
Bonjour,
quand je demarre le pc(Vista),le bureau ne s'affiche pas,mais c'est Virus protector.
Quand je cherche un peu,je trouve que le processus s'appelle "aadmvrqas.exe".
Evidement,j'ai au prealable cherche sur le forum et les solutions avec rogue remover et SmitFraudFix non plus.
Je viens de faire un scan avec MBAM et toujours rien.

Merci d'avance
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
bonjour

peux tu poster ce rapport MBAM stp

de plus

• Télécharge Random's System Information Tool (RSIT) de Random/Random.

(outil de diagnostic)

http://images.malwareremoval.com/random/RSIT.exe

• Enregistre le sur ton Bureau.

• Double clique sur RSIT.exe pour lancer l'outil.

• Clique sur "Continue" à l'écran Disclaimer.

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

et tu devras accepter la licence.

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
0
Réponse 2 / 26
Marvolo Messages postés 16 Statut Membre
 
Rapport MBAM

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

12/03/2010 22:40:17
mbam-log-2010-03-12 (22-40-17).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 383043
Temps écoulé: 3 hour(s), 21 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1dcf4499-04f7-4b72-a782-db77fa010c94}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.189;85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{722c9bed-6214-4b55-8533-104d7bfc01b1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.189;85.255.112.113 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4ff0844-4cef-4130-bc06-070fee20df66}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.189;85.255.112.113 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lt-lt_bf12ba06fdc0c65b_msimsg.dll.mui_72e8994f (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\hBlvIvfF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 3 / 26
Marvolo Messages postés 16 Statut Membre
 
LOG.TXT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Schizoprenic at 2010-03-12 22:52:07
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 49 GB (30%) free of 163 GB
Total RAM: 3070 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:39, on 12/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\Windows\system32\lxdncoms.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Users\Schizoprenic\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Schizoprenic.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=C:\Windows\system32\aadmvrqas.exe
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Windows\pok32.exe",
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~1
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] Search Guard Plus Updater] cmd.exe /C RD /S /Q C:\PROGRA~1\SEARCH~2
O4 - HKLM\..\RunOnce: [DeleteDir[CD8] SGPSA] cmd.exe /C RD /S /Q C:\PROGRA~1\SGPSA
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [UMService] C:\Program Files\LG Electronics\Modem USB LG Electronics\UMAService.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKLM\..\Policies\Explorer\Run: [FFreezer] C:\Windows\system32\explorer.exe\explorer.exe.exe
O4 - HKCU\..\Policies\Explorer\Run: [configs] C:\Windows\pok32.exe
O4 - HKCU\..\Policies\Explorer\Run: [FFreezer] C:\Windows\system32\explorer.exe\explorer.exe.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.www.m6.fr
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {61FA0CB0-0806-46EA-B784-0F843285BA23} (TuentiFotoUploader Control) - http://estaticosak1.tuenti.com/client_apps/TuentiPhotoUploader.24936.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DCF4499-04F7-4B72-A782-DB77FA010C94}: NameServer = 85.255.112.189;85.255.112.113
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service Google Update (gupdate1ca2cd22c28197e) (gupdate1ca2cd22c28197e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 4 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

tres infecté

Attention, avant de commencer, lit attentivement la procédure, et imprime la

Aide à l’utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Télécharge ComboFix de sUBs sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l’installer remets internet)

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Marvolo
 
Merci infiniment,tout semble marcher du tonnerre.
Tu me recommandes quoi comme antivirus?J'utilise AVG mais vu que tu m'as dit que j'avais enormement de virus,vaut mieux changer...

Ah oui,le rapport de combo fix:

ComboFix 10-03-12.02 - Schizoprenic 13/03/2010 6:33.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.2220 [GMT 0:00]
Lancé depuis: c:\users\Schizoprenic\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1070371420-295023708-545849085-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3242307328-3026939525-2831412068-500
c:\$recycle.bin\S-1-5-21-3902122447-900610744-3200546403-500
c:\windows\10013sz9535.bin
c:\windows\105z3troj5869.exe
c:\windows\109909zcktoo5118.dll
c:\windows\1161b5c9dzor44.exe
c:\windows\1177vir5sz93.ocx
c:\windows\11ff9d5ware192z.bin
c:\windows\123d5zreat3139.exe
c:\windows\12858zac5tool975.dll
c:\windows\12c6add9ar53z39.bin
c:\windows\13028notza-vi5us13b9.bin
c:\windows\13094viruz53c.dll
c:\windows\1356backd9or9z.bin
c:\windows\13659hacktoo591z.dll
c:\windows\13849z5rm21f.cpl
c:\windows\1395th5ez26029.bin
c:\windows\14233hacktoolz955.bin
c:\windows\150z75acktool5d9.bin
c:\windows\152back5oz92017.exe
c:\windows\15495wozm35f9.dll
c:\windows\1579zspambot7309.dll
c:\windows\15916troj795z.bin
c:\windows\15z3steal9450.bin
c:\windows\16755viru9272z.cpl
c:\windows\16934sza5bot5d1.ocx
c:\windows\17009spam5otzbc.bin
c:\windows\17019hackto5l3zc.dll
c:\windows\174z49py16b5.cpl
c:\windows\17909s9y7z5.dll
c:\windows\17zste9l1547.cpl
c:\windows\18114not-9-vzru54ed.dll
c:\windows\18z6sp9rs5237.cpl
c:\windows\19009spambot7zf5.cpl
c:\windows\1900downloadz5820.ocx
c:\windows\1905threatz7586.ocx
c:\windows\190935irus175z.dll
c:\windows\19282zack9ool552.dll
c:\windows\19490nzt-a-vir9s5235.ocx
c:\windows\19590worm504z.bin
c:\windows\1967d5wnloader2z65.cpl
c:\windows\19961w5rmz719.bin
c:\windows\19995troz61d.cpl
c:\windows\19f9b5ck9oor2z74.cpl
c:\windows\19z6vir30159.exe
c:\windows\19z98sp5m9ot3a0.bin
c:\windows\1b94threa911549z.dll
c:\windows\1bf9ba5zdoor876.cpl
c:\windows\1d99steaz2528.ocx
c:\windows\1dz55ddwa9e640.cpl
c:\windows\1ef2spyzare1959.cpl
c:\windows\1f5bspzw9re245.ocx
c:\windows\1f68backdzor9257.bin
c:\windows\1z21not-a-virus5d79.ocx
c:\windows\1z55pyware798.cpl
c:\windows\1z594spy7679.dll
c:\windows\1z62st5al3119.bin
c:\windows\1z953sp9mbot3c1.ocx
c:\windows\1zd9s5ars92388.bin
c:\windows\20519w9rz620.dll
c:\windows\205529ot-a5virus1efz.ocx
c:\windows\2056spywa9e159z.dll
c:\windows\20912wo5z19c.exe
c:\windows\211z5tr5j949.cpl
c:\windows\21433spyz995.ocx
c:\windows\215z4sp9d.cpl
c:\windows\21939v5rus3bdz.exe
c:\windows\21z8t9o53d4.cpl
c:\windows\22202hazktool759.ocx
c:\windows\22z71spy9f45.cpl
c:\windows\23c95r26z.dll
c:\windows\23z62s9y615.cpl
c:\windows\23z76v59us2e.bin
c:\windows\242205pa9bot554z.cpl
c:\windows\24547sp9zbot772.bin
c:\windows\24709spa9b5t782z.ocx
c:\windows\25425vzr5s9cb.ocx
c:\windows\25615zoj29e9.exe
c:\windows\25795nzt-a-virus2bf9.bin
c:\windows\25857spamb9z5f4.dll
c:\windows\258z8s9y289.exe
c:\windows\25900s5z1e1.exe
c:\windows\2595ztroj690.dll
c:\windows\2599szarse1758.exe
c:\windows\259z6worm993.dll
c:\windows\25z0195y441.dll
c:\windows\25z909irus2e25.dll
c:\windows\2638s9y3dz5.dll
c:\windows\265495p9zaa.dll
c:\windows\26813v9rzs35.ocx
c:\windows\26834t9ojz405.cpl
c:\windows\26955izus549.bin
c:\windows\26995wozm299.cpl
c:\windows\26c5vir27z9.ocx
c:\windows\2707v9ru5z21.ocx
c:\windows\285879orz750.cpl
c:\windows\285cadd9are60z.dll
c:\windows\28795trojz8d.ocx
c:\windows\28e9threz530896.exe
c:\windows\28z98not-a-vir9s6905.cpl
c:\windows\2915stea55z9.cpl
c:\windows\2916zs5y4ee.exe
c:\windows\29551v9r5z382.dll
c:\windows\295759rus6dcz.ocx
c:\windows\29797sp9mzot651.dll
c:\windows\29z15irus450.cpl
c:\windows\2a53thrzat9639.bin
c:\windows\2ad5thiefz319.exe
c:\windows\2dz0s95ware551.bin
c:\windows\2z15thief2999.cpl
c:\windows\2z3c9i555.ocx
c:\windows\2z49thre9t5385.ocx
c:\windows\2z9es9arse3185.ocx
c:\windows\300069o5mz94.ocx
c:\windows\30341zi9u55bf.cpl
c:\windows\30555sz5mbot179.dll
c:\windows\30837not-az9i5usd8.ocx
c:\windows\30923zorm59.dll
c:\windows\30964troz55e.exe
c:\windows\3191thizf5799.dll
c:\windows\31ffba9kz5or1858.ocx
c:\windows\320z3vi5us7359.exe
c:\windows\32743hz5kt9ol567.exe
c:\windows\32b7vir951z.cpl
c:\windows\32z225acktool23a9.bin
c:\windows\32zbste5l7299.dll
c:\windows\340bt5zef394.ocx
c:\windows\35379spy509z.exe
c:\windows\354az5eal1912.cpl
c:\windows\355zspars92680.ocx
c:\windows\3589vir19z9.ocx
c:\windows\3594z95kdoor2101.bin
c:\windows\3599zhreat5438.bin
c:\windows\3696spywarez590.exe
c:\windows\379aviz835.exe
c:\windows\379d5zr9932.ocx
c:\windows\38559zr795.bin
c:\windows\3905zp9ware835.ocx
c:\windows\39279pz568.exe
c:\windows\39565zo919.bin
c:\windows\3957s9eal16z3.dll
c:\windows\39645wor51z6.bin
c:\windows\39995pywarz145.ocx
c:\windows\39c4viz995.dll
c:\windows\39c6spar5ez05.bin
c:\windows\39z5st5al9330.dll
c:\windows\3c58bac9d5oz2465.ocx
c:\windows\3ecds9ywaze195.bin
c:\windows\3f67t9izf1605.ocx
c:\windows\3z622no9-a-v5rus43f.exe
c:\windows\41zcvir98005.cpl
c:\windows\4339s5yz1c.dll
c:\windows\43zcs9yw5re538.ocx
c:\windows\44d7ad9waze11845.cpl
c:\windows\4511thzef3059.exe
c:\windows\4519w9rm2cz.bin
c:\windows\4531vir789z.exe
c:\windows\455cst9alz6715.dll
c:\windows\4592spywzre959.ocx
c:\windows\4715spyw9r519z2.cpl
c:\windows\4885otz9-virus24a.bin
c:\windows\48e7doz5load9r1540.dll
c:\windows\48f0threa513339z.cpl
c:\windows\4993dow9loazer5720.dll
c:\windows\49e1ad9wzre5982.bin
c:\windows\4cd35pywarez069.dll
c:\windows\4d3aszy5are392.cpl
c:\windows\4e15z9ckdoor2152.exe
c:\windows\4e44t9re5t1290z.exe
c:\windows\4e89threaz18945.bin
c:\windows\4f01threa59z709.cpl
c:\windows\4fbes95warz2249.cpl
c:\windows\4z0troj9105.bin
c:\windows\5049viruszf59.bin
c:\windows\505th5ez1998.bin
c:\windows\5071a9dwzre1708.ocx
c:\windows\5095spyz95.bin
c:\windows\509z3h9cktool59c.bin
c:\windows\50a9spyware1z34.dll
c:\windows\50bbt9r5at173z2.ocx
c:\windows\50e0vir159z.dll
c:\windows\50zdadd9are2009.dll
c:\windows\51075t9oz23e.cpl
c:\windows\51494szy6be.dll
c:\windows\51965worm565z.ocx
c:\windows\51espywa9e3137z.bin
c:\windows\51f1d5wnloaderz519.dll
c:\windows\51fzbac5door9032.ocx
c:\windows\52398zroj429.ocx
c:\windows\52815ackd9or23z0.exe
c:\windows\52892wormzb8.cpl
c:\windows\52e6zpa9se1473.exe
c:\windows\533zthr9at1125.ocx
c:\windows\53a2zir957.ocx
c:\windows\545069ot-a-virusz13.ocx
c:\windows\54835spamz9t2f7.dll
c:\windows\5490zhief171.dll
c:\windows\549339irus6za.cpl
c:\windows\5505spy91z.bin
c:\windows\551aspywarz398.exe
c:\windows\5581not-a-viru5972z.ocx
c:\windows\558zpyw9re536.ocx
c:\windows\559zworm26a.exe
c:\windows\55adbac9door21z3.cpl
c:\windows\55b95hreat2z787.dll
c:\windows\5698bac9door1562z.dll
c:\windows\56996trzj3b5.exe
c:\windows\56c5addwar91753z.dll
c:\windows\56d9spzrs51738.dll
c:\windows\56z6spy9ar52968.bin
c:\windows\5785steaz20259.bin
c:\windows\588estza9825.dll
c:\windows\58bfaddw9ze652.ocx
c:\windows\5925troz13a.dll
c:\windows\592evir20z95.ocx
c:\windows\5969spyzare755.cpl
c:\windows\5983szar9e257.ocx
c:\windows\5997spyware2z84.ocx
c:\windows\5aa5zt9al2065.bin
c:\windows\5aez5py9are1136.dll
c:\windows\5c31adzwar52592.exe
c:\windows\5c51stea9290z.exe
c:\windows\5c9e5hiz9755.ocx
c:\windows\5cc5spyware139z.bin
c:\windows\5ce7spa9se1z60.dll
c:\windows\5d1zthief9851.ocx
c:\windows\5e97zdd5are598.cpl
c:\windows\5e9fdownloade517z2.exe
c:\windows\5f9baddzar52998.bin
c:\windows\5fd4thief1z9.bin
c:\windows\5ffdthr9at29259z.exe
c:\windows\5z1bsteal591.ocx
c:\windows\605c9pzrse7285.bin
c:\windows\6255steal29z99.dll
c:\windows\633zthief19055.bin
c:\windows\64ebsp9r5e477z.ocx
c:\windows\65179irzs3d8.exe
c:\windows\6559downloader26z1.dll
c:\windows\655ad9warz881.dll
c:\windows\6589spywarez895.cpl
c:\windows\6590spa5se533z.bin
c:\windows\65d9dow5lzader2559.bin
c:\windows\6708zparse5971.cpl
c:\windows\67d4zhr9at4505.cpl
c:\windows\67e95hrea927z86.bin
c:\windows\6852spywzre1992.exe
c:\windows\6881ste5l1z93.ocx
c:\windows\68939orz1eb5.dll
c:\windows\68ezspywa9e5948.cpl
c:\windows\69839hrea52z255.cpl
c:\windows\6az49hre5t16773.cpl
c:\windows\6b5zsp9ware2454.bin
c:\windows\6ddaaz9war52373.bin
c:\windows\6e8e9h5zf361.bin
c:\windows\6eb75parsez985.bin
c:\windows\6z17st9al55.dll
c:\windows\6z29v953276.dll
c:\windows\7198a5d9aze2772.dll
c:\windows\71zbthreat14956.cpl
c:\windows\722bad59are860z.exe
c:\windows\7269a5dware3249z.cpl
c:\windows\72c59ddzare180.exe
c:\windows\739ft9izf9765.ocx
c:\windows\7498zackdoor2395.ocx
c:\windows\7529spyw5ze2237.exe
c:\windows\752fzt9al3169.bin
c:\windows\7597zir15.cpl
c:\windows\7599threa51z864.bin
c:\windows\75a9t9izf2379.cpl
c:\windows\75cdszywar93.bin
c:\windows\75dadownzo9der3237.bin
c:\windows\75ffzddware2978.bin
c:\windows\75z95t9al603.dll
c:\windows\76055py79z.dll
c:\windows\765ethreat9851z.bin
c:\windows\77075ir97z.dll
c:\windows\77595rus757z.bin
c:\windows\77a7dowzload5r22049.ocx
c:\windows\7852zownloader9549.ocx
c:\windows\789b9hief113z5.dll
c:\windows\791dstezl6505.dll
c:\windows\7a5dthief1495z.dll
c:\windows\7b51t9reat24z56.dll
c:\windows\7c9fszeal1354.bin
c:\windows\7d54spars954z.cpl
c:\windows\7d9ds5arse1476z.dll
c:\windows\7dz39teal18005.exe
c:\windows\7e42th95zt5552.bin
c:\windows\7e6b9z5door717.bin
c:\windows\7z5thief27599.bin
c:\windows\8256hackz9ol13b.cpl
c:\windows\845thzef1945.bin
c:\windows\8490szambot45a.cpl
c:\windows\850zt95j183.cpl
c:\windows\896b9ckdo5r9z4.exe
c:\windows\8993not-a-v5rz94b1.exe
c:\windows\905b5tezl2547.ocx
c:\windows\91535vzru5.exe
c:\windows\91z2threat26735.bin
c:\windows\92020worm55cz.dll
c:\windows\923zspam5ot4c6.cpl
c:\windows\93569z5oj1c7.cpl
c:\windows\93815izus7a3.cpl
c:\windows\945sz9f95.ocx
c:\windows\951espyware273z.cpl
c:\windows\952z0spy361.ocx
c:\windows\956zspy6279.bin
c:\windows\95b1spazse2179.exe
c:\windows\96dsparsez3995.exe
c:\windows\97225s5z378.cpl
c:\windows\9835szambot5b8.bin
c:\windows\98790tzo5653.cpl
c:\windows\98f8down5oader1z2.cpl
c:\windows\99693zi5us56d.bin
c:\windows\99d4stzal1885.bin
c:\windows\9ad05ir306z.exe
c:\windows\9c8fthief55z.ocx
c:\windows\9cc5ad5warz1620.exe
c:\windows\9cc5d9waze259.cpl
c:\windows\9ef2thr5az3376.bin
c:\windows\9fcfdownloa5er3z70.cpl
c:\windows\9z516troj4b1.exe
c:\windows\9z5f5ackdoor2048.exe
c:\windows\9z5wo95709.dll
c:\windows\9zaddware5354.ocx
c:\windows\a59adzw9re1047.bin
c:\windows\AdeVCVO.dll
c:\windows\agGwKJhOo.dll
c:\windows\ahVMYvNxk.exe
c:\windows\AkjSVdRIi.dll
c:\windows\apFNoT.exe
c:\windows\ApJokMoCD.exe
c:\windows\awxbkned.dll
c:\windows\b0spa5sz2978.exe
c:\windows\b5bdownloadzr3958.bin
c:\windows\bBdrGuLKJ.exe
c:\windows\bHymx.exe
c:\windows\BIUqUa.dll
c:\windows\BwDKhBpub.exe
c:\windows\c5zthief91035.bin
c:\windows\CfPKSYHa.dll
c:\windows\cfSLusC.dll
c:\windows\cjHAd.dll
c:\windows\CYpbt.exe
c:\windows\DdVANm.dll
c:\windows\DdVawJDe.exe
c:\windows\DfVDAwj.exe
c:\windows\dHHMOMnU.dll
c:\windows\dLGnrI.exe
c:\windows\dqrmU.dll
c:\windows\dUCFbOL.dll
c:\windows\e59vir25z3.bin
c:\windows\eAqgH.exe
c:\windows\easBRFSXB.dll
c:\windows\ef0baczdoo914515.dll
c:\windows\EJRtW.dll
c:\windows\elqnLK.dll
c:\windows\endkPM.dll
c:\windows\ePlQB.dll
c:\windows\eWFhlBnsw.exe
c:\windows\f15tzief21829.bin
c:\windows\fcSwLApw.exe
c:\windows\FjnOhR.exe
c:\windows\fkUhK.exe
c:\windows\fNOSv.exe
c:\windows\fsgxNr.dll
c:\windows\fTmuQP.dll
c:\windows\fUjpTc.dll
c:\windows\GExKuW.exe
c:\windows\gKHkgOf.dll
c:\windows\gkViF.exe
c:\windows\hAVEsJhG.exe
c:\windows\HEdxgIqO.exe
c:\windows\hhNJsxIP.dll
c:\windows\hiTLtb.dll
c:\windows\hsgDS.exe
c:\windows\IEnPcJLT.exe
c:\windows\IIiJnpV.exe
c:\windows\IJOmWef.exe
c:\windows\inkXpSDfl.exe
c:\windows\ivLmfqcRQ.dll
c:\windows\JCxvCxR.exe
c:\windows\jIGUeQh.dll
c:\windows\jNVqILbX.exe
c:\windows\JoPNqftjP.exe
c:\windows\JVHBc.dll
c:\windows\jVSWfVJhm.exe
c:\windows\jWTSqKo.dll
c:\windows\kAuDP.exe
c:\windows\KBfLR.exe
c:\windows\KcKrMvste.dll
c:\windows\kdxaePCM.dll
c:\windows\keGWjfw.dll
c:\windows\KejsOEN.dll
c:\windows\Keqxf.exe
c:\windows\LbpytdtHY.dll
c:\windows\lennHtXb.dll
c:\windows\lfJRdS.exe
c:\windows\LFOWLBhl.dll
c:\windows\LfRFHyjx.exe
c:\windows\LItXGSG.dll
c:\windows\LJLSA.exe
c:\windows\lNPCDl.dll
c:\windows\lPjAIH.exe
c:\windows\lsEyjv.exe
c:\windows\LXtBqB.dll
c:\windows\lyYpPUnkL.exe
c:\windows\MBYXnUl.exe
c:\windows\McHAYjivj.dll
c:\windows\meFQdeX.dll
c:\windows\MfBQRyv.dll
c:\windows\MIhLeyc.dll
c:\windows\mJSnhJ.dll
c:\windows\moiRu.dll
c:\windows\mpemdm.exe
c:\windows\nEWglMRyj.dll
c:\windows\nHJcjSeEm.dll
c:\windows\NkeOvtV.dll
c:\windows\NlQkS.exe
c:\windows\NqWtvyGtR.exe
c:\windows\OBnrwxJK.exe
c:\windows\OmejmQjO.exe
c:\windows\ONdiItRr.exe
c:\windows\OWDVh.dll
c:\windows\oxOVlU.exe
c:\windows\pHlryoK.dll
c:\windows\PIQvDiC.dll
c:\windows\PmYakNDj.exe
c:\windows\pqnPFWWp.dll
c:\windows\pRSXe.exe
c:\windows\PuFYyjsux.dll
c:\windows\pXYir.exe
c:\windows\QEnALkBSY.dll
c:\windows\QlFFSw.exe
c:\windows\qRTREKGa.dll
c:\windows\qVAuWax.exe
c:\windows\rDWcFop.dll
c:\windows\RiCKFVe.exe
c:\windows\RjUdtcFn.dll
c:\windows\rRMwARQ.exe
c:\windows\rwJmrFual.exe
c:\windows\sirFKRUn.exe
c:\windows\struct~.ini
c:\windows\SUlsRbYqI.exe
c:\windows\system32\1000back9z5r1780.cpl
c:\windows\system32\100z69orm358.exe
c:\windows\system32\100z9pa5se2748.ocx
c:\windows\system32\10479zroj55f9.ocx
c:\windows\system32\10943szy735.bin
c:\windows\system32\10975t5oj7cbz.bin
c:\windows\system32\10d7b9czdoor952.ocx
c:\windows\system32\10f995reat11622z.bin
c:\windows\system32\11820ha5z9ool614.cpl
c:\windows\system32\1192dow9lo5zer2.dll
c:\windows\system32\12435h9eat2657z.dll
c:\windows\system32\12c95hreat20z94.bin
c:\windows\system32\12z9thre5t1309.cpl
c:\windows\system32\13315not-a-virz9358.bin
c:\windows\system32\134529orz3.bin
c:\windows\system32\13457viz9s75e5.ocx
c:\windows\system32\138a5ackzoor1966.exe
c:\windows\system32\13912not-a5vizus49e.dll
c:\windows\system32\1418zhack59ol7a9.ocx
c:\windows\system32\144z59iru572e.cpl
c:\windows\system32\1498zvirus4259.cpl
c:\windows\system32\14990wor5z9.exe
c:\windows\system32\15269szambot72b5.bin
c:\windows\system32\15520h9ckzool448.cpl
c:\windows\system32\15594s5y5z9.bin
c:\windows\system32\1565thie9z261.exe
c:\windows\system32\15691wz5m649.ocx
c:\windows\system32\15851not-a-vir956cz.ocx
c:\windows\system32\15995troj5bz.bin
c:\windows\system32\1599thi9z345.exe
c:\windows\system32\165abackdoor2z749.dll
c:\windows\system32\17081z9y55f.cpl
c:\windows\system32\1752ztroj975.exe
c:\windows\system32\1795h9cktool7f3z.dll
c:\windows\system32\188455ot-a-viruz68b9.bin
c:\windows\system32\189ev5r1z52.ocx
c:\windows\system32\19159s5z445.bin
c:\windows\system32\1916spyware514z.exe
c:\windows\system32\19270no5-a-v9rus2c3z.ocx
c:\windows\system32\19518v9r5z245.bin
c:\windows\system32\19566ha59tooz1a9.dll
c:\windows\system32\19764worm5z9.cpl
c:\windows\system32\1980vzr859.bin
c:\windows\system32\19860hac5tooz6a8.bin
c:\windows\system32\1989threatz5717.bin
c:\windows\system32\1991zn5t-a-virus433.bin
c:\windows\system32\19ffthzeat25974.exe
c:\windows\system32\19z68worm5f85.ocx
c:\windows\system32\19z90spy7fe5.exe
c:\windows\system32\19zab5ckdo9r797.exe
c:\windows\system32\1azcsp9wa5e854.bin
c:\windows\system32\1d2zthief9550.ocx
c:\windows\system32\1d53zi91553.exe
c:\windows\system32\1e76dzwnload9r1825.bin
c:\windows\system32\1z17s5y491.bin
c:\windows\system32\1z57v9r2777.dll
c:\windows\system32\1z6659oj2ea.ocx
c:\windows\system32\1z961sp5c29.bin
c:\windows\system32\1z9avir24315.dll
c:\windows\system32\1zc9backd5or929.exe
c:\windows\system32\207269pamb5tz7e.cpl
c:\windows\system32\20859hac9z5ol421.cpl
c:\windows\system32\20cdbac5dz9r1354.cpl
c:\windows\system32\211495oz959f.cpl
c:\windows\system32\21395trojz755.exe
c:\windows\system32\2156sparse2z9.bin
c:\windows\system32\21600tr5j359z.exe
c:\windows\system32\21685troz962.ocx
c:\windows\system32\21946h5ckt9oz8e.cpl
c:\windows\system32\22196zo5m922.dll
c:\windows\system32\22290not-a-v5rus44z.bin
c:\windows\system32\2278thief9z59.exe
c:\windows\system32\23155not-a9viruszeb.exe
c:\windows\system32\23199wz9m4575.ocx
c:\windows\system32\2335s9ambot15z.dll
c:\windows\system32\234z5hac5tool699.exe
c:\windows\system32\23859pzrse930.dll
c:\windows\system32\241429ot-az5irus1fe.bin
c:\windows\system32\2414t9i5f23z1.exe
c:\windows\system32\24785spamzo59ed.exe
c:\windows\system32\2498vi51987z.ocx
c:\windows\system32\24e9bac5doorz397.bin
c:\windows\system32\25025no9-a-virzs3d5.exe
c:\windows\system32\25460viru9770z.exe
c:\windows\system32\25496hack9o5lz76.exe
c:\windows\system32\255765or931z.ocx
c:\windows\system32\25587not-a-vizus6195.cpl
c:\windows\system32\25850spy693z.bin
c:\windows\system32\2592zhac9tool665.ocx
c:\windows\system32\25d5thre9tz4532.dll
c:\windows\system32\2614downlz9d5r2077.exe
c:\windows\system32\26865vi9zs1d.exe
c:\windows\system32\27141not-a9vi5usz0a.dll
c:\windows\system32\27792sp5z3.ocx
c:\windows\system32\277dvir2z955.cpl
c:\windows\system32\28778h9cztool251.ocx
c:\windows\system32\29115spambzt6a3.bin
c:\windows\system32\29588w9rm58cz.exe
c:\windows\system32\29659zpambot605.dll
c:\windows\system32\29785zp569c.exe
c:\windows\system32\29819not-azvirus585.bin
c:\windows\system32\29970s5zmbot1f6.bin
c:\windows\system32\299aspywa5e1248z.dll
c:\windows\system32\299bvi5154z.cpl
c:\windows\system32\29c5spyw5rz1588.bin
c:\windows\system32\2aa9sp5war92z31.ocx
c:\windows\system32\2ad3thie5z4539.bin
c:\windows\system32\2bz5downl59der2573.exe
c:\windows\system32\2cdczownloade52197.dll
c:\windows\system32\2d05zi925565.ocx
c:\windows\system32\2e7d5hiefz294.exe
c:\windows\system32\2z314spa5bot5a49.bin
c:\windows\system32\2z484hackt5ol9b.cpl
c:\windows\system32\2z499spamb5t47d.dll
c:\windows\system32\2z6595r9j13.dll
c:\windows\system32\2z747hac9tool159.bin
c:\windows\system32\2z820not-a-virus955.cpl
c:\windows\system32\2z993virus35e.cpl
c:\windows\system32\2za1thi592609.cpl
c:\windows\system32\3020zw59mdb.bin
c:\windows\system32\305109ot-a5zirus335.ocx
c:\windows\system32\3052thzef921.cpl
c:\windows\system32\30954vir5972z.bin
c:\windows\system32\30979sp5zbo975c.dll
c:\windows\system32\30981tzoj3ff5.ocx
c:\windows\system32\31027wz952b.bin
c:\windows\system32\3133virzs9145.bin
c:\windows\system32\31568not9a-virzs13d.bin
c:\windows\system32\323zackdoor519.exe
c:\windows\system32\32656not-a-9izu5405.cpl
c:\windows\system32\32659zpy5a.dll
c:\windows\system32\3391thr5a98z75.dll
c:\windows\system32\33e5bac9zoor334.exe
c:\windows\system32\34015o9z4d8.cpl
c:\windows\system32\349bspyware1z55.dll
c:\windows\system32\34ee5ir277z9.exe
c:\windows\system32\350zs9y51d.cpl
c:\windows\system32\3529sp956z.cpl
c:\windows\system32\355aadd9arez500.exe
c:\windows\system32\35791zroj6c99.dll
c:\windows\system32\358dspyw5rz25529.cpl
c:\windows\system32\3593zhief9669.exe
c:\windows\system32\35b8spyware2z589.cpl
c:\windows\system32\35bctzr9a531330.bin
c:\windows\system32\35d4threat9528z.exe
c:\windows\system32\35dazd95are280.dll
c:\windows\system32\367zs5arse19779.bin
c:\windows\system32\3696thie92854z.ocx
c:\windows\system32\36c2addwa59z462.dll
c:\windows\system32\36zethief29195.ocx
c:\windows\system32\3718add5are327z9.bin
c:\windows\system32\378zaddwar5459.dll
c:\windows\system32\3825spywa9e2z83.ocx
c:\windows\system32\39095hrzat29929.exe
c:\windows\system32\392zspam59t5b1.cpl
c:\windows\system32\3947v5r89z.bin
c:\windows\system32\39dbsparsez576.dll
c:\windows\system32\3a945hiefz885.ocx
c:\windows\system32\3aa29ownload5r1z10.dll
c:\windows\system32\3c3zst9al35.cpl
c:\windows\system32\3e96zownloader859.bin
c:\windows\system32\3ef9back5o9r3z4.bin
c:\windows\system32\3z58backd9or2949.exe
c:\windows\system32\3z85spyware593.ocx
c:\windows\system32\4004hack5ool29cz.cpl
c:\windows\system32\41bc5zief13749.ocx
c:\windows\system32\41dz9hr5at9899.ocx
c:\windows\system32\445cs9ywaze2336.cpl
c:\windows\system32\4511sza95ot5d9.cpl
c:\windows\system32\4659ddwaze3185.ocx
c:\windows\system32\46d8t5ief1z90.exe
c:\windows\system32\472dadz59re2139.bin
c:\windows\system32\4789stezl6615.bin
c:\windows\system32\47f4v9r3z15.exe
c:\windows\system32\4812sp9zbot33c5.bin
c:\windows\system32\4923thz5f1358.dll
c:\windows\system32\4949spa5zot74f.dll
c:\windows\system32\497zaddw9r52175.bin
c:\windows\system32\49bstzal5675.dll
c:\windows\system32\49e95ddwaz9430.bin
c:\windows\system32\4b33threa9z1375.exe
c:\windows\system32\4ceabackdozr1695.ocx
c:\windows\system32\4db6dzw9loader5882.dll
c:\windows\system32\4df0tzr9at5788.dll
c:\windows\system32\4e25th9ea53z236.bin
c:\windows\system32\4fb5ba5kdoor2981z.bin
c:\windows\system32\4ff9stz9l27205.bin
c:\windows\system32\4z59spam5ot39d.ocx
c:\windows\system32\4z67sp9r5e590.cpl
c:\windows\system32\501bdzwnl5ader1595.cpl
c:\windows\system32\50549zr2211.dll
c:\windows\system32\50e0virz1905.ocx
c:\windows\system32\5149n9t-a-virus30bz.cpl
c:\windows\system32\51515not-a-virzs5f9.ocx
c:\windows\system32\5199ba5zdoor1205.bin
c:\windows\system32\5209dowzload5r741.cpl
c:\windows\system32\5234zviru970.ocx
c:\windows\system32\52c2b9ckdzor2743.ocx
c:\windows\system32\5310spywarz1999.bin
c:\windows\system32\535edow9loadez502.bin
c:\windows\system32\536dthr95t273z8.dll
c:\windows\system32\53z02spy946.exe
c:\windows\system32\54249not9a-virzs612.ocx
c:\windows\system32\54fa9teaz55.bin
c:\windows\system32\5555hz9ktool556.dll
c:\windows\system32\5558vir5z29.ocx
c:\windows\system32\5590threat28058z.exe
c:\windows\system32\55e2spz9se312.ocx
c:\windows\system32\568zspy289.cpl
c:\windows\system32\5699zir148.bin
c:\windows\system32\56athreaz288699.bin
c:\windows\system32\5719wo5mz93.cpl
c:\windows\system32\5748zd5ware279.bin
c:\windows\system32\5755spam9o518z.cpl
c:\windows\system32\5759not-azvi5us39f.exe
c:\windows\system32\57772spamb9tz9b.exe
c:\windows\system32\578zworm984.dll
c:\windows\system32\582329pz636.ocx
c:\windows\system32\58339s9amboz7ef.cpl
c:\windows\system32\5853za9ktool7a3.cpl
c:\windows\system32\58874s9y6az.exe
c:\windows\system32\5895sparze545.ocx
c:\windows\system32\58absz9rse1773.ocx
c:\windows\system32\58z7sp9rse953.ocx
c:\windows\system32\58zspyw9re537.cpl
c:\windows\system32\5904sparsz9059.exe
c:\windows\system32\590ethiefz095.bin
c:\windows\system32\59375ownl9adez77.bin
c:\windows\system32\59499orz55.ocx
c:\windows\system32\5950virzs19.bin
c:\windows\system32\5954virz958.cpl
c:\windows\system32\5975troj120z.exe
c:\windows\system32\599av9529z8.exe
c:\windows\system32\59cazir1092.dll
c:\windows\system32\5a09steaz475.cpl
c:\windows\system32\5b02s9eal2z51.exe
c:\windows\system32\5bc3a5dware945z.cpl
c:\windows\system32\5c15spa95e208z.ocx
c:\windows\system32\5c5eszyware28889.exe
c:\windows\system32\5cf7spywa9z154.bin
c:\windows\system32\5d9dspzrs5579.ocx
c:\windows\system32\5db0spyw9rez75.cpl
c:\windows\system32\5df09hreaz31551.bin
c:\windows\system32\5e8sp5rse991z.cpl
c:\windows\system32\5eezvir3099.cpl
c:\windows\system32\5f23zownl5ader3293.cpl
c:\windows\system32\5f45z9eal2023.cpl
c:\windows\system32\5z09worm509.ocx
c:\windows\system32\5z2t9ief1342.cpl
c:\windows\system32\5z61backdo9r2980.bin
c:\windows\system32\619zha95tool6a2.ocx
c:\windows\system32\61eabac9door359z.cpl
c:\windows\system32\627aba5kzo9r2870.exe
c:\windows\system32\62d4st5a9z12.dll
c:\windows\system32\6434w59z358.dll
c:\windows\system32\6459azdwa5e2494.bin
c:\windows\system32\64aeaddwz952851.dll
c:\windows\system32\6592spar9e57z.exe
c:\windows\system32\659azown9oader2540.bin
c:\windows\system32\65ddthrzat29951.cpl
c:\windows\system32\6695adzware25895.cpl
c:\windows\system32\66a3vi5z29.dll
c:\windows\system32\66aeazd59re1508.ocx
c:\windows\system32\671fthie529z9.dll
c:\windows\system32\673cd9wnlz5der1198.cpl
c:\windows\system32\675addware3z69.cpl
c:\windows\system32\695bviz967.exe
c:\windows\system32\695fspazse3162.dll
c:\windows\system32\6985a5dwaze773.dll
c:\windows\system32\6995download5r191z.cpl
c:\windows\system32\69z09t5al1096.cpl
c:\windows\system32\6azdb5c9door1499.dll
c:\windows\system32\6d17sp9r5e2428z.exe
c:\windows\system32\6d57t9rzat22709.dll
c:\windows\system32\6e45steal14z95.bin
c:\windows\system32\6fz5thi9f2997.exe
c:\windows\system32\6z5daddwar919115.cpl
c:\windows\system32\71529i51182z.dll
c:\windows\system32\7209stzal7095.dll
c:\windows\system32\73209zrus9a5.bin
c:\windows\system32\7329azdware5095.cpl
c:\windows\system32\7434t9ojz5.cpl
c:\windows\system32\7499sza9bot2d5.ocx
c:\windows\system32\75cazh9eat298245.bin
c:\windows\system32\75z8vir1914.ocx
c:\windows\system32\77929pyware755z.dll
c:\windows\system32\7824bac95oor2z96.bin
c:\windows\system32\7979downloa5erz985.ocx
c:\windows\system32\79z9spars52014.bin
c:\windows\system32\7a91addware3562z.ocx
c:\windows\system32\7b75zi92977.bin
c:\windows\system32\7ca5adzware2941.cpl
c:\windows\system32\7cb69zr24085.bin
c:\windows\system32\7d5tz95f1811.bin
c:\windows\system32\7dbcst9z5117.ocx
c:\windows\system32\7edf9dd5zre1433.cpl
c:\windows\system32\7f6zaddware5932.dll
c:\windows\system32\8022sp5mbzt1489.bin
c:\windows\system32\829w9r5cz.ocx
c:\windows\system32\889zackto9l1f5.exe
c:\windows\system32\8z95spa5b9t404.exe
c:\windows\system32\9079wzrm50e.exe
c:\windows\system32\910sp57d1z.bin
c:\windows\system32\91265spamzo51b7.cpl
c:\windows\system32\91598spy1zf5.exe
c:\windows\system32\9189noz-a-vi5us2669.ocx
c:\windows\system32\918sz9mbotd35.dll
c:\windows\system32\92252spambotz31.exe
c:\windows\system32\924565irzs9a.dll
c:\windows\system32\92545trzj7fb.bin
c:\windows\system32\9353viruze59.bin
c:\windows\system32\9391spz9b5t7eb.exe
c:\windows\system32\93935not-a-virzs7a.ocx
c:\windows\system32\95115hzcktool3c2.dll
c:\windows\system32\95459not-a-vzrus5be.ocx
c:\windows\system32\9583zviru544a.bin
c:\windows\system32\95d6thizf1550.dll
c:\windows\system32\95z4downloader564.bin
c:\windows\system32\9707not-a-virus41z5.bin
c:\windows\system32\98312sz5mbot9d.bin
c:\windows\system32\99024s5y3z.dll
c:\windows\system32\99617no5-a-virusz5c.cpl
c:\windows\system32\99845not5z-virus464.ocx
c:\windows\system32\9a84spyw5ze49.exe
c:\windows\system32\9acdsteaz3509.ocx
c:\windows\system32\9ae5vir1051z.exe
c:\windows\system32\9f0zspywa5e2409.cpl
c:\windows\system32\9z12addw5re643.ocx
c:\windows\system32\9z83spy754.exe
c:\windows\system32\9z857troj754.bin
c:\windows\system32\a69sza5se585.bin
c:\windows\system32\a9fbackdo5z1576.bin
c:\windows\system32\aezthre9t25751.exe
c:\windows\system32\b4e9pyw5rz2429.dll
c:\windows\system32\b65downloaderz339.bin
c:\windows\system32\b99dz5nloader296.ocx
c:\windows\system32\dc2ste5z9365.cpl
c:\windows\system32\drivers\AilRJN.exe
c:\windows\system32\drivers\aJmIwCGU.dll
c:\windows\system32\drivers\alODR.exe
c:\windows\system32\drivers\AqMse.exe
c:\windows\system32\drivers\BKhgBDj.dll
c:\windows\system32\drivers\bOjaY.dll
c:\windows\system32\drivers\ceDOuQcVu.exe
c:\windows\system32\drivers\cffRhDG.dll
c:\windows\system32\drivers\CoavnVNE.exe
c:\windows\system32\drivers\CTdxprPd.exe
c:\windows\system32\drivers\dDiliAB.exe
c:\windows\system32\drivers\DDOgkvI.exe
c:\windows\system32\drivers\dPHbBWkTP.dll
c:\windows\system32\drivers\dRhkt.exe
c:\windows\system32\drivers\dwCYYlkhf.dll
c:\windows\system32\drivers\dWiOCYeX.dll
c:\windows\system32\drivers\dYgqyuu.dll
c:\windows\system32\drivers\ehlbWx.dll
c:\windows\system32\drivers\ehrNagy.exe
c:\windows\system32\drivers\ERFhwUkj.exe
c:\windows\system32\drivers\fNdkYdEEX.exe
c:\windows\system32\drivers\FsBhJjVV.dll
c:\windows\system32\drivers\fspqPJ.dll
c:\windows\system32\drivers\fVnyXNeyM.exe
c:\windows\system32\drivers\FXIfss.exe
c:\windows\system32\drivers\fyAIt.dll
c:\windows\system32\drivers\gGuKQq.exe
c:\windows\system32\drivers\GjOtpus.exe
c:\windows\system32\drivers\Glqks.dll
c:\windows\system32\drivers\GRTLo.exe
c:\windows\system32\drivers\GufBajrtq.dll
c:\windows\system32\drivers\HGJOlkjF.dll
c:\windows\system32\drivers\hioQklSv.dll
c:\windows\system32\drivers\HIWRWtbiN.exe
c:\windows\system32\drivers\HOglQfn.exe
c:\windows\system32\drivers\HoTEge.exe
c:\windows\system32\drivers\HsqxDfD.dll
c:\windows\system32\drivers\hUgRmCI.dll
c:\windows\system32\drivers\IIfPlCI.dll
c:\windows\system32\drivers\iNBLK.exe
c:\windows\system32\drivers\ixkbeE.dll
c:\windows\system32\drivers\iytqKMV.exe
c:\windows\system32\drivers\Jafji.dll
c:\windows\system32\drivers\jbxwb.exe
c:\windows\system32\drivers\JJrykjsd.dll
c:\windows\system32\drivers\JkmpWyJKX.dll
c:\windows\system32\drivers\jrpNPIY.exe
c:\windows\system32\drivers\JTYnB.exe
c:\windows\system32\drivers\jWTIBG.exe
c:\windows\system32\drivers\KeppckMaS.exe
c:\windows\system32\drivers\KhVltDHUr.exe
c:\windows\system32\drivers\KIoeGAxrE.exe
c:\windows\system32\drivers\kOLxQxA.exe
c:\windows\system32\drivers\KRXMHbmBk.exe
c:\windows\system32\drivers\KxmKjpi.exe
c:\windows\system32\drivers\LHFTBnu.dll
c:\windows\system32\drivers\LHspHc.exe
c:\windows\system32\drivers\LjBAumQ.dll
c:\windows\system32\drivers\lkeBgluU.exe
c:\windows\system32\drivers\LtREWXyaS.exe
c:\windows\system32\drivers\MgfcUbwH.dll
c:\windows\system32\drivers\MSgKuwe.dll
c:\windows\system32\drivers\MSUsiDcUg.exe
c:\windows\system32\drivers\NaxkmYqO.dll
c:\windows\system32\drivers\NkhvEqw.dll
c:\windows\system32\drivers\nOKAqY.dll
c:\windows\system32\drivers\NpXBoQr.dll
c:\windows\system32\drivers\OBGxTXF.dll
c:\windows\system32\drivers\OgiypPe.dll
c:\windows\system32\drivers\OIaYE.dll
c:\windows\system32\drivers\oOMEYkSsi.dll
c:\windows\system32\drivers\oTKnms.dll
c:\windows\system32\drivers\oumBah.exe
c:\windows\system32\drivers\peAIVl.exe
c:\windows\system32\drivers\pMqQCuKt.dll
c:\windows\system32\drivers\POQvOV.exe
c:\windows\system32\drivers\pOuHH.dll
c:\windows\system32\drivers\PtgXmiHOB.exe
c:\windows\system32\drivers\PyfjAm.exe
c:\windows\system32\drivers\qhiVOXm.exe
c:\windows\system32\drivers\qMiwL.dll
c:\windows\system32\drivers\QXpniF.dll
c:\windows\system32\drivers\qYAcL.exe
c:\windows\system32\drivers\RmovM.exe
c:\windows\system32\drivers\RrpHkvoII.dll
c:\windows\system32\drivers\rSluw.exe
c:\windows\system32\drivers\SAQmKOoWJ.dll
c:\windows\system32\drivers\SpVLe.dll
c:\windows\system32\drivers\tGSSJR.exe
c:\windows\system32\drivers\tJQbouKo.exe
c:\windows\system32\drivers\TPLfNGlnn.exe
c:\windows\system32\drivers\TrlsnjPNr.dll
c:\windows\system32\drivers\TtwQbp.dll
c:\windows\system32\drivers\UgHmuA.dll
c:\windows\system32\drivers\UMgGpJwP.exe
c:\windows\system32\drivers\UMRjLF.dll
c:\windows\system32\drivers\uuqjwd.exe
c:\windows\system32\drivers\uYSJwQlbG.exe
c:\windows\system32\drivers\vcMPJK.exe
c:\windows\system32\drivers\vCwTd.dll
c:\windows\system32\drivers\VuhLJUg.dll
c:\windows\system32\drivers\vVCtuIgB.dll
c:\windows\system32\drivers\vWogOhb.dll
c:\windows\system32\drivers\vXNHRQmO.exe
c:\windows\system32\drivers\VYtra.dll
c:\windows\system32\drivers\WbUkWmW.dll
c:\windows\system32\drivers\wcLJLpsjB.dll
c:\windows\system32\drivers\WICkV.exe
c:\windows\system32\drivers\wroyf.exe
c:\windows\system32\drivers\WsMBKgXu.dll
c:\windows\system32\drivers\wVpxPynav.dll
c:\windows\system32\drivers\WWUaY.exe
c:\windows\system32\drivers\xAQAyeq.dll
c:\windows\system32\drivers\xDiPSvmY.exe
c:\windows\system32\drivers\XfJdGYKL.exe
c:\windows\system32\drivers\XfUbpGVjc.exe
c:\windows\system32\drivers\XkjYRKe.dll
c:\windows\system32\drivers\xkYjglml.exe
c:\windows\system32\drivers\xnbyn.exe
c:\windows\system32\drivers\xpIVD.dll
c:\windows\system32\drivers\XRSGmDS.exe
c:\windows\system32\drivers\XrVRGI.exe
c:\windows\system32\drivers\XvxiYgRv.exe
c:\windows\system32\drivers\yBwgPai.exe
c:\windows\system32\drivers\YcsRlskmK.exe
c:\windows\system32\drivers\YItcHi.dll
c:\windows\system32\drivers\YkTdCDRV.exe
c:\windows\system32\drivers\YtBLr.dll
c:\windows\system32\e43thief3z95.cpl
c:\windows\system32\RFSTyALrq.exe
c:\windows\system32\tmp.reg
c:\windows\system32\z0105not-a-virus9b4.dll
c:\windows\system32\z0208vir9saf5.dll
c:\windows\system32\z0352spy7509.cpl
c:\windows\system32\z0509virus964.cpl
c:\windows\system32\z0ffdow5loader994.cpl
c:\windows\system32\z11689orm15.exe
c:\windows\system32\z1565w9rm503.bin
c:\windows\system32\z1824h5ckto9l30e.dll
c:\windows\system32\z26s5yw9re2520.bin
c:\windows\system32\z3173sp53ac9.bin
c:\windows\system32\z373spamb9te35.exe
c:\windows\system32\z494download5r1968.cpl
c:\windows\system32\z499threat26554.dll
c:\windows\system32\z527spywa5e2392.dll
c:\windows\system32\z5a6s9yware1925.exe
c:\windows\system32\z5astea9369.dll
c:\windows\system32\z5c5th5eat21997.dll
c:\windows\system32\z6592not-a-viru9404.dll
c:\windows\system32\z6f1a9dware1529.bin
c:\windows\system32\z80a59ware2067.bin
c:\windows\system32\z9425teal3901.dll
c:\windows\system32\zc9bdown5oader4409.cpl
c:\windows\system32\zc9steal5037.dll
c:\windows\system32\zebbth9ef5046.dll
c:\windows\TEKbky.exe
c:\windows\tLXaBuSvv.exe
c:\windows\TuacncMbK.exe
c:\windows\tWBWByyCw.exe
c:\windows\uaGmJVlgP.exe
c:\windows\UDhVaLPSu.exe
c:\windows\UFvknNlxE.dll
c:\windows\UgpwYxeae.dll
c:\windows\UGVKVL.dll
c:\windows\UhcvRRc.exe
c:\windows\UjOnYC.dll
c:\windows\UMKOwe.dll
c:\windows\uqeHn.dll
c:\windows\UTtprCU.exe
c:\windows\uVrkPN.dll
c:\windows\VetnvPsmv.dll
c:\windows\VfMhHW.exe
c:\windows\vsPGvCAwy.exe
c:\windows\VwCsCUrT.dll
c:\windows\wLwFOt.dll
c:\windows\WORXpFYXa.dll
c:\windows\WXTvUNCeS.dll
c:\windows\XLVqhJtq.dll
c:\windows\Xnoph.exe
c:\windows\ydluMs.exe
c:\windows\YhBaXIx.dll
c:\windows\yURgQX.dll
c:\windows\YYjRbrTi.dll
c:\windows\z09fspa5se25419.ocx
c:\windows\z13855a9ktool740.cpl
c:\windows\z1980spam5ot23b.dll
c:\windows\z1994spy59d.bin
c:\windows\z2738spy955.ocx
c:\windows\z3129tr5j105.bin
c:\windows\z3429spam5ot2f9.dll
c:\windows\z40e5ddware9419.dll
c:\windows\z4269not-a-95rus1c9.exe
c:\windows\z491s5eal2907.exe
c:\windows\z4abv59951.dll
c:\windows\z5036wo59b4.dll
c:\windows\z52889pyd25.ocx
c:\windows\z555i9us608.bin
c:\windows\z5970s5y9d5.ocx
c:\windows\z633spy1965.ocx
c:\windows\z692downloade51761.exe
c:\windows\z69athie93153.cpl
c:\windows\z74ath9ef19015.cpl
c:\windows\z8809d5ware344.ocx
c:\windows\z898steal525.exe
c:\windows\z8spy19e5.exe
c:\windows\z9153virus5a4.exe
c:\windows\z9560troj125.cpl
c:\windows\z98809irus25b.dll
c:\windows\z9ec9ir956.ocx
c:\windows\za59dow9loader894.dll
c:\windows\za93b5ck9oor285.bin
c:\windows\zb69addwar59922.cpl
c:\windows\zcf9backd5or2853.cpl
c:\windows\ze4fspyware3659.exe
D:\resycled

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-13 au 2010-03-13 ))))))))))))))))))))))))))))))))))))
.

2010-03-13 06:45 . 2010-03-13 06:45 -------- d-----w- c:\users\Schizoprenic\AppData\Local\temp
2010-03-13 06:45 . 2010-03-13 06:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-12 17:37 . 2010-03-12 17:37 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\Malwarebytes
2010-03-12 17:37 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 17:37 . 2010-03-12 17:37 -------- d-----w- c:\programdata\Malwarebytes
2010-03-12 17:37 . 2010-03-12 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 17:37 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 16:56 . 2008-12-18 15:55 142848 ----a-w- c:\users\Schizoprenic\AppData\Roaming\BSplayer\FFDShow\ff_liba52.dll
2010-03-12 15:50 . 2010-03-12 17:15 35 ----a-w- c:\users\Schizoprenic\AppData\Roaming\SetValue.bat
2010-03-11 10:27 . 2010-03-11 10:27 1471488 ----a-w- c:\windows\system32\aiXDKcoJh.dll
2010-03-11 10:27 . 2010-03-11 10:27 1471488 ----a-w- c:\windows\system32\aadmvrqas.exe
2010-03-09 15:24 . 2010-03-09 15:41 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\DC++
2010-03-09 15:24 . 2010-03-09 15:24 -------- d-----w- c:\users\Schizoprenic\AppData\Local\DC++
2010-03-09 15:19 . 2010-03-09 15:19 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-09 15:19 . 2010-03-09 15:19 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-09 15:19 . 2010-03-09 15:19 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-09 15:19 . 2010-03-09 15:19 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-09 15:19 . 2010-03-09 15:19 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-09 15:19 . 2010-03-09 15:19 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-09 15:19 . 2010-03-09 15:19 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-09 15:19 . 2010-03-09 15:19 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-09 15:18 . 2010-03-09 15:18 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-06 17:45 . 2010-03-06 17:46 -------- d-----w- c:\program files\Veetle
2010-03-05 01:41 . 2010-03-05 01:41 443912 ----a-w- c:\users\Schizoprenic\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-03 19:44 . 2010-03-03 19:51 5514304 ----a-w- c:\users\Schizoprenic\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
2010-02-25 12:39 . 2007-05-12 00:34 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-02-22 01:06 . 2010-02-22 01:06 552 ----a-w- c:\users\Schizoprenic\AppData\Local\d3d8caps.dat
2010-02-21 23:48 . 2010-02-21 23:48 -------- d-----w- c:\users\Schizoprenic\AppData\Local\Microsoft Corporation
2010-02-19 02:57 . 2010-02-19 02:57 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-19 02:53 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-19 02:52 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-19 02:52 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-19 02:52 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-19 02:28 . 2010-02-19 02:34 -------- d-----w- c:\windows\system32\ca-ES
2010-02-19 02:28 . 2010-02-19 02:34 -------- d-----w- c:\windows\system32\eu-ES
2010-02-19 02:28 . 2010-02-19 02:34 -------- d-----w- c:\windows\system32\vi-VN
2010-02-19 01:43 . 2010-02-19 01:43 -------- d-----w- c:\windows\system32\EventProviders
2010-02-19 01:42 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-02-19 01:42 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-02-19 01:42 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-02-19 01:42 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-02-19 01:42 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-02-19 01:42 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-02-19 01:42 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-02-19 01:40 . 2009-04-11 06:28 499712 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-02-19 01:39 . 2009-04-11 06:32 50664 ----a-w- c:\windows\system32\PSHED.DLL
2010-02-19 01:38 . 2009-04-11 06:28 1123840 ----a-w- c:\windows\system32\usercpl.dll
2010-02-19 01:37 . 2009-04-11 04:43 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-02-19 01:36 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-02-19 01:36 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-02-19 01:36 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-02-19 01:36 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-02-19 01:36 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-02-19 01:36 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-02-19 01:36 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-02-19 01:36 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-02-19 01:36 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-02-19 01:36 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-02-19 01:35 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-02-18 00:05 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 00:05 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 13:25 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-17 13:16 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-17 13:16 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-17 13:16 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-17 13:15 . 2010-02-17 13:16 -------- d-----w- c:\users\Schizoprenic\AppData\Local\ApplicationHistory
2010-02-17 13:15 . 2010-02-17 13:15 100 ----a-w- c:\users\Schizoprenic\AppData\Local\fusioncache.dat
2010-02-17 12:30 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-02-17 12:30 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-02-17 12:13 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-17 12:13 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-17 12:12 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-02-17 12:08 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-17 12:06 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-02-17 12:06 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-02-17 12:06 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-02-17 12:05 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-02-17 12:05 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2010-02-17 12:05 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-17 12:05 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-17 12:05 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-17 12:05 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-17 12:05 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-17 12:05 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-17 12:05 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-17 12:05 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-17 12:05 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-17 12:05 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-02-17 12:04 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-02-17 12:04 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-17 12:04 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-17 12:03 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-02-17 12:03 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-02-17 12:02 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-02-17 12:01 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-17 12:01 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 11:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-02-17 11:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-02-17 11:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-02-17 11:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-02-17 11:22 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-02-17 11:22 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-02-17 11:22 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-02-17 11:22 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-02-17 11:22 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-02-13 12:20 . 1999-07-06 14:13 40960 ----a-w- c:\windows\system32\eax.dll
2010-02-13 12:20 . 2010-02-13 12:20 -------- d-----w- c:\program files\Creative Labs
2010-02-12 14:28 . 1997-05-29 16:26 316416 ----a-w- c:\windows\IsUn040c.exe
2010-02-11 23:03 . 2010-02-11 23:20 -------- d-----w- c:\program files\Nero
2010-02-11 23:02 . 2010-02-11 23:11 -------- d-----w- c:\programdata\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 06:27 . 2009-10-11 22:43 -------- d-----w- c:\programdata\avg8
2010-03-13 06:27 . 2006-11-02 15:48 713542 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-13 06:27 . 2006-11-02 15:48 143542 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-13 06:25 . 2009-10-11 22:43 -------- d-----w- c:\program files\AVG
2010-03-13 06:19 . 2007-07-20 16:20 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-13 06:09 . 2008-08-19 22:47 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\Skype
2010-03-13 06:07 . 2008-08-28 09:09 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\BSplayer
2010-03-13 01:39 . 2008-08-19 23:53 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\MiniLyrics
2010-03-13 00:36 . 2008-11-02 23:59 -------- d-----w- c:\program files\Steam
2010-03-12 23:45 . 2008-08-19 22:19 79480 ----a-w- c:\users\Schizoprenic\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 22:12 . 2009-01-17 16:36 -------- d-----w- c:\program files\Tennis Elbow Manager
2010-03-12 17:15 . 2010-03-12 15:50 691 ----a-w- c:\users\Schizoprenic\AppData\Roaming\GetValue.vbs
2010-03-12 17:02 . 2009-12-31 08:29 -------- d-----w- c:\program files\trend micro
2010-03-12 16:32 . 2007-07-23 08:45 -------- d-----w- c:\program files\Google
2010-03-12 16:21 . 2009-05-19 18:14 -------- d-----w- c:\program files\CCleaner
2010-03-12 16:20 . 2008-08-28 09:09 -------- d-----w- c:\program files\Webteh
2010-03-12 14:51 . 2008-08-19 22:53 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\uTorrent
2010-03-09 15:19 . 2008-09-15 10:59 -------- d-----w- c:\program files\Common Files\Real
2010-03-09 15:18 . 2010-01-19 01:34 -------- d-----w- c:\program files\Real
2010-03-09 01:24 . 2008-08-19 22:19 28000 ----a-w- c:\users\Schizoprenic\AppData\Roaming\nvModes.dat
2010-03-08 16:30 . 2008-08-19 22:19 2032 ----a-w- c:\users\Schizoprenic\AppData\Local\d3d9caps.dat
2010-03-07 20:42 . 2008-08-19 23:38 -------- d-----w- c:\program files\Minilyrics
2010-03-06 01:19 . 2008-08-19 22:53 -------- d-----w- c:\program files\uTorrent
2010-03-05 01:37 . 2008-11-02 23:59 -------- d-----w- c:\program files\Common Files\Steam
2010-02-22 02:05 . 2009-12-20 20:57 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\DiskAid
2010-02-22 02:03 . 2009-12-18 21:42 -------- d-----w- c:\programdata\NVIDIA
2010-02-21 23:33 . 2009-06-06 04:16 -------- d-----w- c:\program files\PacificPoker
2010-02-21 23:31 . 2009-06-11 22:00 -------- d-----w- c:\program files\PokerStars
2010-02-19 02:57 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-19 02:57 . 2010-02-19 02:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-19 02:56 . 2010-02-19 02:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-19 02:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-19 02:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-19 02:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-19 02:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-19 02:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-19 02:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-19 02:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-19 00:08 . 2009-12-18 01:09 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\Winamp
2010-02-18 10:38 . 2008-10-08 02:48 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\dvdcss
2010-02-16 08:52 . 2008-10-08 17:53 -------- d-----w- c:\programdata\Lx_cats
2010-02-12 12:51 . 2009-05-08 01:01 -------- d-----w- c:\program files\Tennis Elbow 2009
2010-02-11 23:38 . 2009-02-27 15:29 -------- d-----w- c:\program files\Common Files\Nero
2010-02-05 11:41 . 2010-02-05 11:40 -------- d-----w- c:\program files\iTunes
2010-02-05 11:40 . 2010-02-05 11:40 -------- d-----w- c:\program files\iPod
2010-02-05 11:40 . 2008-09-20 13:30 -------- d-----w- c:\program files\Common Files\Apple
2010-02-05 11:35 . 2010-02-05 11:35 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-05 10:44 . 2010-02-05 10:44 -------- d-----w- c:\program files\QuickTime
2010-02-02 22:08 . 2008-08-28 11:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 05:16 . 2010-01-29 05:16 -------- d-----w- c:\users\Schizoprenic\AppData\Roaming\2K Sports
2010-01-22 15:20 . 2008-08-19 23:35 -------- d-----w- c:\program files\Winamp
2010-01-22 15:13 . 2010-01-22 15:13 -------- d-----w- c:\program files\Winamp Detect
2010-01-20 00:21 . 2007-07-23 08:59 -------- d-----w- c:\program files\Sony
2010-01-20 00:21 . 2007-07-20 16:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-20 00:19 . 2007-07-23 08:48 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-01-20 00:17 . 2007-07-23 09:07 -------- d-----w- c:\programdata\Sony Corporation
2010-01-16 14:16 . 2009-11-27 13:56 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-16 13:51 . 2008-08-23 05:46 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-14 10:12 . 2009-10-04 04:16 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 18:00 . 2010-01-10 07:12 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-02 06:38 . 2010-02-17 12:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-17 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-17 12:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-17 12:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-09-13 22:10 . 2009-10-07 15:37 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-02-24 1771320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2009-01-29 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2009-01-29 16040]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-09 202256]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-25 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 06:33 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 08:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-09 15:17 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e8,f0,42,19,0d,b1,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-09-15 721904]
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\system32\regedt32.exe [2006-11-02 9216]
R2 gupdate1ca2cd22c28197e;Service Google Update (gupdate1ca2cd22c28197e);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 133104]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-07-03 28464]
R3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\Drivers\CyUsbNT.sys [2005-02-16 28800]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmvmdm.sys [2007-09-04 101504]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-06-05 17408]
R3 UsbEvdoAtc;LGE EVDO USB Serial Port;c:\windows\system32\DRIVERS\lgevdoatc.sys [x]
R3 usbevdobus;LGE EVDO Composite USB Device;c:\windows\system32\DRIVERS\lgevdobus.sys [x]
R3 UsbEvdoDiag;LGE EVDO USB Serial DM Port;c:\windows\system32\DRIVERS\lgevdodiag.sys [x]
R3 USBEVDOModem;LGE EVDO USB Modem;c:\windows\system32\DRIVERS\lgevdomodem.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-09-08 83312]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\w
0
Réponse 6 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
doucement, ce n'est pas fini...je n'ai encore jamais vu un rapport comme le tien !!!

d'ailleurs il n'est pas complet

1)

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport C:\ComboFix.txt

Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message

.........................

2)

Téléchargez USBFIX de El Desaparecido, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur le bureau .

Choisir l'option2 suppression
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

Il est enregistré sur ton bureau.

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

........................

3)

Relances MalwareByte's Anti-Malware
Mets le à jour cette fois ci
Examen complet
supprimer ce qu'il trouve
poster le rapport

0
Réponse 7 / 26
Marvolo Messages postés 16 Statut Membre
 
Arf,je suis allé trop vite en besogne...

http://www.cijoint.fr/cjlink.php?file=cj201003/cijwIDiaf1.txt
Le lien du fichier.
0
Réponse 8 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
le plus gros est fait...

apres usbfix et mbam, on y verra plus clair
0
Réponse 9 / 26
Marvolo Messages postés 16 Statut Membre
 
J'ai envoye le rapport d'usbfix et la je lance mbam.

Merci encore et la phrase "J'AI JAMAIS VU UN TRUC PAREIL" meme si c'etait sensé etre alarmant,ca m''a fait rigoler comme un con
0
Réponse 10 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
(sourire)

le rapport usbfix doit êtrte posté ici pour que je le vérifie ( C:\UsbFix.txt )

quant au fichier que tu as envoyé au créateur de l'outil, tu peux le supprimer
0
Réponse 11 / 26
Marvolo Messages postés 16 Statut Membre
 
Sinon,tu m'as pas repondu:
tu me conseilles quel antivirus?J'ai AVG actuellement mais vu tout le boxon,vvaut mieux passser a un truc plus performant.

Le rapport usbfix:

############################## | UsbFix V6.099 |

User : Schizoprenic (Administrateurs) # SCHYZOPHRENIC
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 07:43:10 | 13/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 158,7 Go (39,64 Go free) [Shaka] # NTFS
D:\ -> Disque fixe local # 17,53 Go (13,58 Go free) [Ikki] # NTFS
E:\ -> Disque amovible
F:\ -> Disque amovible # 1,9 Go (17,75 Mo free) [XTINCTION] # FAT
G:\ -> Disque CD-ROM # 7,36 Go (0 Mo free) [PES2010] # UDF
H:\ -> Disque CD-ROM

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-21-3242307328-3026939525-2831412068-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-1453738194-2990717095-2334957809-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-1453738194-2990717095-2334957809-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3242307328-3026939525-2831412068-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-3242307328-3026939525-2831412068-500
(!) Non supprimé ! G:\autorun.inf
Supprimé ! J:\winamp_cache_0001.xml

################## | Registre |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{c5c6f980-ec1c-11de-986a-806e6f6e6963}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[13/12/2009 01:32|--a------|1024] C:\.rnd
[13/12/2009 15:34|--a------|220] C:\aaw7boot.log
[01/02/2010 14:43|--a------|319021] C:\AnalysisLog.sr0
[18/09/2006 21:43|--a------|24] C:\autoexec.bat
[11/04/2009 06:36|-rahs----|333257] C:\bootmgr
[21/07/2007 01:27|-ra-s----|8192] C:\BOOTSECT.BAK
[13/03/2010 06:49|--a------|116716] C:\ComboFix.txt
[18/09/2006 21:43|--a------|10] C:\config.sys
[10/07/2009 11:53|-rahs----|0] C:\IO.SYS
[27/08/2008 18:14|--a------|2688] C:\LGSInst.Log
[17/09/2009 13:45|--a------|78] C:\lxdi.log
[10/07/2009 11:53|-rahs----|0] C:\MSDOS.SYS
[29/02/2004 15:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[12/03/2010 17:16|--a------|4384] C:\rapport.txt
[04/11/2008 14:02|--a------|11] C:\RPT23432
[13/03/2010 07:47|--a------|2504] C:\UsbFix.txt
[25/11/2009 23:20|--ah-----|305] D:\.iTunes Preferences.plist
[?|?|?] D:\pagefile.sys
[04/09/2009 06:11|-ra------|212480] G:\1031.mst
[04/09/2009 06:11|-ra------|522752] G:\1034.mst
[04/09/2009 06:11|-ra------|523264] G:\1036.mst
[04/09/2009 06:11|-ra------|522240] G:\1040.mst
[04/09/2009 06:11|-ra------|93696] G:\2070.mst
[04/09/2009 06:10|-ra------|214408] G:\autorun.exe
[04/09/2009 06:10|-ra------|47] G:\Autorun.inf
[04/09/2009 06:11|-ra------|1696256] G:\Pro Evolution Soccer 2010.msi
[04/09/2009 06:10|-ra------|1086] G:\readme.html
[04/09/2009 06:10|-ra------|64] G:\region.inf
[04/09/2009 06:10|-ra------|112008] G:\Setup.exe
[29/03/2006 14:08|--ah-----|82] J:\._System Volume Information
[02/07/2009 20:58|--ah-----|4096] J:\._.Trashes
[13/03/2010 03:15|--a------|41] J:\pmp_usb.ini

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# J:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_SCHYZOPHRENIC.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.099 ! |
0
Réponse 12 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
j'ai bien vu ta question...on voit ca à la fin

si j'oublie, reparles m'en
0
Réponse 13 / 26
Marvolo Messages postés 16 Statut Membre
 
Rapport MBAM

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3862
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

13/03/2010 11:43:26
mbam-log-2010-03-13 (11-43-26).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|J:\|)
Eléments examinés: 395020
Temps écoulé: 3 hour(s), 45 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\$RECYCLE.BIN\S-1-5-21-3242307328-3026939525-2831412068-1000\$RDUFHSE.Keymaker-CORE\keymaker.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
0
Réponse 14 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

tu peux vider la quarantaine

fais ceci stp pour vérifier que tu es tranquille

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\

▶ Télécharge : Gmer (by Przemyslaw Gmerek)

http://www.gmer.net/

▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
0
Réponse 15 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

comment va le pc ?

je postes pour toi le rapport

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-16 11:57:57
Windows 6.0.6002 Service Pack 2
Running: 7rf1gwo0.exe; Driver: C:\Users\SCHIZO~1\AppData\Local\Temp\kwroiaog.sys

---- System - GMER 1.0.15 ----

INT 0x51 ? 87B48F00
INT 0x62 ? 87B48F00
INT 0x72 ? 86324BF8
INT 0x82 ? 85590BF8
INT 0x92 ? 85590BF8
INT 0xA2 ? 87B48F00
INT 0xA2 ? 87B48F00
INT 0xA2 ? 87B48F00
INT 0xB3 ? 87B48F00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spnc.sys Le chemin d'accès spécifié est introuvable. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8FC03340, 0x3441C7, 0xE8000020]
.text USBPORT.SYS!DllUnload 903B541B 5 Bytes JMP 87B484E0
.text am81opkz.SYS 8B37A000 22 Bytes [82, A3, A1, 82, 6C, A2, A1, ...]
.text am81opkz.SYS 8B37A017 181 Bytes [00, 32, 07, DA, 8A, 3D, 05, ...]
.text am81opkz.SYS 8B37A0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text am81opkz.SYS 8B37A0DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text am81opkz.SYS 8B37A0E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA14DF300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1522300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!CreateWindowExW 76141305 5 Bytes JMP 7108D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxParamW 761610B0 5 Bytes JMP 70FB5689 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxIndirectParamW 76162EF5 5 Bytes JMP 711843F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxParamA 76178152 5 Bytes JMP 71184394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!DialogBoxIndirectParamA 7617847D 5 Bytes JMP 7118445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxIndirectA 7618D4D9 5 Bytes JMP 71184329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxIndirectW 7618D5D3 5 Bytes JMP 711842BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxExA 7618D639 5 Bytes JMP 7118425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2216] USER32.dll!MessageBoxExW 7618D65D 5 Bytes JMP 711841FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!SetWindowsHookExW 761387AD 5 Bytes JMP 71089B29 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!CallNextHookEx 76138E3B 5 Bytes JMP 7107D171 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!UnhookWindowsHookEx 761398DB 5 Bytes JMP 70FF486E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!CreateWindowExW 76141305 5 Bytes JMP 7108D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxParamW 761610B0 5 Bytes JMP 70FB5689 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxIndirectParamW 76162EF5 5 Bytes JMP 711843F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxParamA 76178152 5 Bytes JMP 71184394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!DialogBoxIndirectParamA 7617847D 5 Bytes JMP 7118445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxIndirectA 7618D4D9 5 Bytes JMP 71184329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxIndirectW 7618D5D3 5 Bytes JMP 711842BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxExA 7618D639 5 Bytes JMP 7118425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] USER32.dll!MessageBoxExW 7618D65D 5 Bytes JMP 711841FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ole32.dll!OleLoadFromStream 76981E12 5 Bytes JMP 71184778 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4280] ole32.dll!CoCreateInstance 769B9EA6 5 Bytes JMP 7108DA18 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!FindResourceExA 76C72575 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!FindResourceA 76C72653 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!CreateEventA 76C944C0 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!LockResource 76C968DF 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!FindResourceExW 76C969FD 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!LoadResource 76C96ADB 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!FindResourceW 76C97FA1 5 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] kernel32.dll!SizeofResource 76C97FBF 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] ADVAPI32.dll!CryptDeriveKey 77B6FCAE 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] ADVAPI32.dll!CryptDecrypt 77B6FE91 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!CreateDialogParamW 761372A2 5 Bytes JMP 28006090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!SetWindowPlacement 76137963 5 Bytes JMP 28005E10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!SetWindowRgn 7613A221 7 Bytes JMP 28005F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!LoadImageW 7613C9E5 5 Bytes JMP 280066E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!LoadIconW 7613DA9F 5 Bytes JMP 280068D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!CreateWindowExW 76141305 5 Bytes JMP 28003C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!GetWindowLongW 7614F8BF 7 Bytes JMP 28006A70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!PeekMessageW 7615045A 5 Bytes JMP 28004630 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!TrackPopupMenuEx 76160CE7 5 Bytes JMP 28004F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] USER32.dll!MessageBoxIndirectW 7618D5D3 5 Bytes JMP 28006280 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] SHELL32.dll!Shell_NotifyIconW 76F18626 5 Bytes JMP 280033B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] ole32.dll!CoRegisterClassObject 76977DB6 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] ole32.dll!CoCreateInstance 769B9EA6 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] ole32.dll!CoInitializeEx 769BAD63 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] WININET.dll!InternetReadFile 7685654B 5 Bytes JMP 2800A090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] WININET.dll!InternetCloseHandle 76859088 5 Bytes JMP 2800A240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[5012] WININET.dll!HttpOpenRequestA
0
Réponse 16 / 26
Marvolo Messages postés 16 Statut Membre
 
Ouais,depuis combofix,plus de soucis et pas de lignes rouges dans le rapport
0
Réponse 17 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
bien

relances RSIT et postes le rapport log stp
0
Réponse 18 / 26
Marvolo Messages postés 16 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Schizoprenic at 2010-03-17 03:45:02
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 28 GB (17%) free of 163 GB
Total RAM: 3070 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:45:10, on 17/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
c:\program files\steam\steamapps\common\football manager 2010\fm.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\Schizoprenic\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Schizoprenic.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.www.m6.fr
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {61FA0CB0-0806-46EA-B784-0F843285BA23} (TuentiFotoUploader Control) - http://estaticosak1.tuenti.com/client_apps/TuentiPhotoUploader.24936.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DCF4499-04F7-4B72-A782-DB77FA010C94}: NameServer = 85.255.112.189;85.255.112.113
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service Google Update (gupdate1ca2cd22c28197e) (gupdate1ca2cd22c28197e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 19 / 26
moment de grace Messages postés 30049 Statut Contributeur sécurité 2 274
 
ok

encore plusieurs choses...

1)

Télécharge WareOut Removal Tool (par dj QUIOU & la team sécurité MH) ici :

http://pc-system.fr/

Lance le fichier WareOut_Removal_Tool.bat et choisis l'option n°1
Patiente (une à deux minutes maximum) pendant que le programme sauvegarde le registre
Lis bien attentivement les instructions qui te seront données
A la fin de l'analyse, un rapport va s'ouvrir, poste le dans ta prochaine réponse.

...................

2)

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :

C:\Windows\system32\aiXDKcoJh.dll
C:\Windows\system32\aadmvrqas.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers :

Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

0
Réponse 20 / 26
Marvolo Messages postés 16 Statut Membre
 
===== Rapport WareOut Removal Tool =====

version 3.6.2

analyse effectuée le 18/03/2010 à 2:21:48,70

Résultats de l'analyse :
========================

~~~~ Recherche d'infections dans C:\ ~~~~

C:\autorun.inf trouvé!
C:\autorun.inf suppression impossible

~~~~ Recherche d'infections dans C:\Program Files\ ~~~~

~~~~ Recherche d'infections dans C:\Windows\system\ ~~~~

~~~~ Recherche d'infections dans C:\Windows\system32\ ~~~~

~~~~ Recherche d'infections dans C:\Windows\system32\drivers\ ~~~~

~~~~ Recherche d'infections dans C:\Users\Schizoprenic\AppData\Roaming\ ~~~~

~~~~ Recherche d'infections dans C:\Users\Schizoprenic\Bureau\ ~~~~

~~~~ Recherche de détournement de DNS ~~~~

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1DCF4499-04F7-4B72-A782-DB77FA010C94}]
NameServer REG_SZ 85.255.112.189;85.255.112.113
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{722C9BED-6214-4B55-8533-104D7BFC01B1}]
NameServer REG_SZ 85.255.112.189;85.255.112.113
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C4FF0844-4CEF-4130-BC06-070FEE20DF66}]
NameServer REG_SZ 85.255.112.189;85.255.112.113

~~~~ Recherche de Rootkits ~~~~

_______________________________________________________________________

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 02:21:54
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully
hidden files: 0

_______________________________________________________________________

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ

~~~~ Recherche d'infections dans C:\Users\SCHIZO~1\AppData\Local\Temp\ ~~~~

~~~~ Recherche d'infections dans C:\Users\Schizoprenic\Start Menu\Programs\ ~~~~

~~~~ Nettoyage du registre ~~~~

~~~~ Tentative de réparation des entrées suivantes: ~~~~

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"

[HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]

~~~~ Vérification: ~~~~

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
System REG_SZ

_________________________________

développé par http://pc-system.fr
_________________________________
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses