Sujet Précédent Sujet Suivant

Arrière plan de bureau bloqué!!!

Résolu/Fermé
elektrikpustul Messages postés 6 Date d'inscription lundi 26 février 2007 Statut Membre Dernière intervention 4 mars 2007 - 26 févr. 2007 à 23:19
 Jeje - 8 déc. 2008 à 17:42
Bonjour à tous!

Voilà, mon problème, comme indiqué dans titre du message, est que je ne parviens plus à changer l'arrière plan de mon bureau dans le menu apparence. Les différents arrières plans sont bien proposés, mais en grisé, et ils sont donc inaccessibles.

Après avoir essayé de bidouiler de mon côté, je jette l'éponge et vous appelle à l'aide.

Jusqu'ici, j'ai fait (après mise à jour, à chaque fois):

CCleaner, Ad Aware, Spybot, a2, ewido, fixewareout, de nouveau ewido en mode sans échec, et pour finir un nouveau petit a2...
c'est déjà ça de fait et mon ordi est déjà sûrement plus propre (c'est toujours ça de gagné!)... Mais mon problème n'est toujours pas réglé... :(
sinon, j'ai avast et kerio sur l'ordi...

Donc, avant de jeter la vilaine bête par la fenêtre (non mais!), je fais quand même appel à une âme charitable...

Donc, voilà mon rapport hjt après tout ce que j'ai fait (voir plus haut). J'ai bien essayé de l'analyser seule, mais je suis pas sûre de moi et je crois que mon intelligence informatique atteint ici ses (basses!) limites...

Logfile of HijackThis v1.99.1
Scan saved at 23:14:15, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fr\msnappau.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Rar$EX00.593\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B791F7D-F0E6-40C6-B2BD-08733FBCFCB7}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEAF50D-C4AC-4BB8-95A5-531BBD8958CC}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFE9A10-0685-48A5-AFAB-E31095DD47A9}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ED0E27-65D8-4147-9C7F-B31CD18535CE}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.121
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.121
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmbim.exe



Voili voilou, merci d'avance.... Et bon courage à celui qui acceptera de m'aider...
A voir également:

12 réponses

Réponse 1 / 12
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
26 févr. 2007 à 23:21
tu as utilisé le fixwareout, mais très mal, il faut recommencer

* Télécharge le FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:


O17 - HKLM\System\CCS\Services\Tcpip\..\{3B791F7D-F0E6-40C6-B2BD-08733FBCFCB7}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEAF50D-C4AC-4BB8-95A5-531BBD8958CC}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DFE9A10-0685-48A5-AFAB-E31095DD47A9}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4ED0E27-65D8-4147-9C7F-B31CD18535CE}: NameServer = 85.255.116.163,85.255.112.121
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.121
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.163 85.255.112.121

Clique sur Fix Checked. Ferme HijackThis et clique sur OK pour continuer la procédure.

A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, poste le contenu du fichier C:\fixwareout\report.txt avec un nouveau rapport HijackThis

----------
Si et seulement si il y a des difficultés de connexion après cette manip:
Démarrer---->Paramètres---->Panneau de configuration---->Connexions réseau
Faire un clic droit sur la connexion par défaut, nommée en général "Connexion au réseau local" ou "Accès à distance" si tuutilise un modem téléphonique, et choisir Propriétés.
Faire un double clic sur l'élément Protocole Internet (TCP/IP) et choisir le bouton-radio Obtenir les adresses des serveurs DNS automatiquement.
Clique deux fois sur OK, et redémarre l'ordinateur.
0
Réponse 2 / 12
elektrikpustul Messages postés 6 Date d'inscription lundi 26 février 2007 Statut Membre Dernière intervention 4 mars 2007
28 févr. 2007 à 20:55
Tout d'abord, philae83, merci d'avoir pris le temps de t'occuper de mon petit problème!!

J'ai donc refait un fix, dont voici le rapport:

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
Service: "Windows Management Service" = C:\WINDOWS\System32\dmbim.exe

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}4105D39AE701-538B-DC84-3E0A-407E48ED{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}FC04959A00E5-D54B-7634-754C-8CB4FFD6{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "mibmd" Deleted
....
»»»»» Misc files.
C:\Documents and Settings\famille\Application Data\Install.dat Deleted
C:\WINDOWS\system32\{012BCA1B-37C4-49AF-B359-4CA5963C58D9}.exe Deleted
C:\WINDOWS\system32\{0411025E-3835-4C0C-81FC-D6DC728C98AA}.exe Deleted
C:\WINDOWS\system32\{0451D783-AE29-47E4-B40D-B657525F9CE4}.exe Deleted
C:\WINDOWS\system32\{049A6114-30EE-42B4-88FD-B954DED224A7}.exe Deleted
C:\WINDOWS\system32\{07BE0906-DF8B-48AF-85F3-1AEED586F9D0}.exe Deleted
C:\WINDOWS\system32\{090FEBAA-EDF4-41F0-8D38-5408F6B671C4}.exe Deleted
C:\WINDOWS\system32\{0AC59A44-9D21-4198-A88B-8152D906AA95}.exe Deleted
C:\WINDOWS\system32\{0B0C58BF-99A0-4BFF-AE56-CAE75CAEBD08}.exe Deleted
C:\WINDOWS\system32\{0B51F08E-708B-4624-A7B3-CC4899FC9CE7}.exe Deleted
C:\WINDOWS\system32\{0B7E7E08-D6B0-4DDA-BDFB-DE79781D1ADE}.exe Deleted
C:\WINDOWS\system32\{0B9E6E01-077F-4EE8-AAB2-6A3B53DA48E9}.exe Deleted
C:\WINDOWS\system32\{0C0AF24D-E157-4675-8737-2C70F22A83E6}.exe Deleted
C:\WINDOWS\system32\{0C7E4511-6F18-4388-9694-BA9C27A01093}.exe Deleted
C:\WINDOWS\system32\{0CDE37AC-29B7-4180-BCA1-BC7D33746E76}.exe Deleted
C:\WINDOWS\system32\{0EEA07F8-8D46-47D8-97BF-14390D778F97}.exe Deleted
C:\WINDOWS\system32\{0F0614EA-CDE0-498D-859A-9B424C6C04D2}.exe Deleted
C:\WINDOWS\system32\{101B4CEC-7566-4277-9775-0EC806783EB9}.exe Deleted
C:\WINDOWS\system32\{114C96F2-F152-481B-B3E1-C1D996CC26D8}.exe Deleted
C:\WINDOWS\system32\{11A453D4-C6DA-4FA9-8A71-2C351DEBB850}.exe Deleted
C:\WINDOWS\system32\{11C5F4A7-D6B2-4B80-87DA-EA17C6073CAB}.exe Deleted
C:\WINDOWS\system32\{131BE717-2386-4153-BA8D-78DA95D76072}.exe Deleted
C:\WINDOWS\system32\{1435237D-78F6-4F01-8EC9-DDEE976B0916}.exe Deleted
C:\WINDOWS\system32\{154677C4-10B9-4D1F-81AE-D702DC3BF30F}.exe Deleted
C:\WINDOWS\system32\{15579B93-E24F-4ECF-BA6B-F69374330EDE}.exe Deleted
C:\WINDOWS\system32\{15715CE2-ECF6-4A05-89DA-45256978873E}.exe Deleted
C:\WINDOWS\system32\{158A0704-2CE7-4599-A461-F5D8CA0DB738}.exe Deleted
C:\WINDOWS\system32\{165532C0-3216-48C6-A9B2-1C2764A1A029}.exe Deleted
C:\WINDOWS\system32\{1769ADD1-D107-497E-842B-75280C2E2CC3}.exe Deleted
C:\WINDOWS\system32\{17B990C6-412C-4F98-BE18-4F8C3B6E8593}.exe Deleted
C:\WINDOWS\system32\{186824B9-D65A-4311-91B6-B9AAABB6413A}.exe Deleted
C:\WINDOWS\system32\{18DE1930-8C3C-4E3F-9A5B-95518D1A9E54}.exe Deleted
C:\WINDOWS\system32\{18F9BE3A-347D-4DB2-B393-D742D75D7C7E}.exe Deleted
C:\WINDOWS\system32\{1924C032-0305-4DC7-8AD5-7A35A0F26A78}.exe Deleted
C:\WINDOWS\system32\{1926D9B5-FFBD-4B6A-AE2D-4606140E7E07}.exe Deleted
C:\WINDOWS\system32\{1956A79A-BF80-40B5-801E-871805BD666F}.exe Deleted
C:\WINDOWS\system32\{1B8352E3-C1BE-403C-8101-8E470FB8AF56}.exe Deleted
C:\WINDOWS\system32\{1D17B731-6CD0-4300-9DB0-E9FF834D90F9}.exe Deleted
C:\WINDOWS\system32\{1D96FA07-AB26-4B88-B82F-5E4AB523D662}.exe Deleted
C:\WINDOWS\system32\{1EFF2875-E68E-441E-8A36-98E80BC0D5DB}.exe Deleted
C:\WINDOWS\system32\{1F48BC4A-B5A2-49AB-AD85-3DD189CD1591}.exe Deleted
C:\WINDOWS\system32\{1F747699-906E-4D73-97F6-4BEAB60A3507}.exe Deleted
C:\WINDOWS\system32\{207B99DE-E853-475B-BF45-7106A465170A}.exe Deleted
C:\WINDOWS\system32\{20C2D7E0-8A00-407E-B411-4185A326C983}.exe Deleted
C:\WINDOWS\system32\{213D811B-D44C-4011-8434-F16FC9E491C3}.exe Deleted
C:\WINDOWS\system32\{2198A78A-98B0-426B-9E3F-B1D4B139645C}.exe Deleted
C:\WINDOWS\system32\{221F740D-41B0-409C-88A7-67FC4411ED17}.exe Deleted
C:\WINDOWS\system32\{2257B430-EA40-4003-A736-E820083E3FCE}.exe Deleted
C:\WINDOWS\system32\{2263A93E-76CD-48E1-AE62-CE1C82173A54}.exe Deleted
C:\WINDOWS\system32\{2478FD1A-8F63-4023-978D-5A849A46D138}.exe Deleted
C:\WINDOWS\system32\{24DD9F8A-A124-4384-A1E2-6E5B55FE963C}.exe Deleted
C:\WINDOWS\system32\{2545152C-859F-48CC-9961-1D1CC5F8DD74}.exe Deleted
C:\WINDOWS\system32\{259943DA-1A99-43F6-AA60-6D7B339E7F18}.exe Deleted
C:\WINDOWS\system32\{26285A43-1D81-470F-889F-4D38E986A9D4}.exe Deleted
C:\WINDOWS\system32\{264509D3-0FF2-425C-95FF-FB642C10C7C4}.exe Deleted
C:\WINDOWS\system32\{26B2486F-20DF-4292-967A-FF5FDE293F49}.exe Deleted
C:\WINDOWS\system32\{275E338E-0235-48A5-B1C2-EC614679A52B}.exe Deleted
C:\WINDOWS\system32\{277520F7-A590-4F57-A52B-EF72D93A58E6}.exe Deleted
C:\WINDOWS\system32\{279F73B7-B44E-46C4-8677-94C3DADE08F6}.exe Deleted
C:\WINDOWS\system32\{289BBC65-9883-4D09-9425-841871F65BBE}.exe Deleted
C:\WINDOWS\system32\{28D28047-2EE7-4EA3-85BC-2A277154DDE3}.exe Deleted
C:\WINDOWS\system32\{28D957F7-D33E-4F7B-98AC-055CBF034304}.exe Deleted
C:\WINDOWS\system32\{296852F1-ADF1-4273-A013-F17962D3AE60}.exe Deleted
C:\WINDOWS\system32\{29A85F68-C6DC-4297-A598-6D7A5E04CF9A}.exe Deleted
C:\WINDOWS\system32\{2A18520F-D5D7-437E-9769-DE372403471F}.exe Deleted
C:\WINDOWS\system32\{2B15D0AA-DDD8-4903-AB44-FB1E3B411658}.exe Deleted
C:\WINDOWS\system32\{2CF6EC08-A035-4276-8257-C23F4CF5E2DD}.exe Deleted
C:\WINDOWS\system32\{2D273A50-D003-44E8-B603-A664E7A00FBF}.exe Deleted
C:\WINDOWS\system32\{2DBA94BF-674D-4DAC-AAAA-DFA13474B49D}.exe Deleted
C:\WINDOWS\system32\{2EA9C639-55A2-47D2-883F-6A01CF6D3B33}.exe Deleted
C:\WINDOWS\system32\{2F1CFD3E-4685-4A59-9492-92F8E558772D}.exe Deleted
C:\WINDOWS\system32\{2F93B7BA-BAAD-42BA-B7AE-AC7830282848}.exe Deleted
C:\WINDOWS\system32\{2FBD0F58-BF22-427A-84E6-C5D2D454F951}.exe Deleted
C:\WINDOWS\system32\{2FC6BCD8-A1F4-4F67-9CA4-A7438E18387A}.exe Deleted
C:\WINDOWS\system32\{3046D020-153C-4101-9D14-973276BB40EE}.exe Deleted
C:\WINDOWS\system32\{31A18776-4592-4D75-9664-54FF5E79D1C3}.exe Deleted
C:\WINDOWS\system32\{327623CC-E4E2-47FA-B37B-975AC0E0127E}.exe Deleted
C:\WINDOWS\system32\{32B6D0EA-CE3C-49B4-97F8-5B3B4E2B0E7B}.exe Deleted
C:\WINDOWS\system32\{34C36FC8-FDA3-4020-A2ED-654069254FC1}.exe Deleted
C:\WINDOWS\system32\{34CE8441-4845-4E24-B62A-B40ABCCDAD63}.exe Deleted
C:\WINDOWS\system32\{34EE8DC7-1C36-4615-A7D5-81A49B70AD27}.exe Deleted
C:\WINDOWS\system32\{365B5F69-84FA-4AC6-B776-F845A0AEE0BB}.exe Deleted
C:\WINDOWS\system32\{3793F6D8-4012-429B-8196-F6A0B91237DA}.exe Deleted
C:\WINDOWS\system32\{379B5180-0AB0-43A7-B690-84CE9D743611}.exe Deleted
C:\WINDOWS\system32\{37B86414-5777-4573-9938-BC9C52C05E0C}.exe Deleted
C:\WINDOWS\system32\{391ECE22-91CB-4150-BCB8-76C23D93CD0C}.exe Deleted
C:\WINDOWS\system32\{39D65B94-5716-45D9-B674-6FCA1FC71FA7}.exe Deleted
C:\WINDOWS\system32\{3A467DCC-BEF9-46AD-A2AB-569207FF3D44}.exe Deleted
C:\WINDOWS\system32\{3AF308E7-F8EE-419A-B7ED-78824A6DF328}.exe Deleted
C:\WINDOWS\system32\{3B3A6EE0-D678-4D7D-8BC0-4D1CD44AE4C7}.exe Deleted
C:\WINDOWS\system32\{3B68241A-56F3-4B4E-8843-C5BF032AA61C}.exe Deleted
C:\WINDOWS\system32\{3B8D1924-7DEE-4CD7-99FA-41D5359463BD}.exe Deleted
C:\WINDOWS\system32\{3BF69529-1382-4E84-AF49-021505C5922F}.exe Deleted
C:\WINDOWS\system32\{3C7A941F-1EEE-4CEC-82C4-D3587215C6D9}.exe Deleted
C:\WINDOWS\system32\{3C8F6137-F6B4-4932-9F1B-D6CC6E5099E9}.exe Deleted
C:\WINDOWS\system32\{3E01839F-CFAC-4C1C-9B13-521627E4B714}.exe Deleted
C:\WINDOWS\system32\{3E5376D3-3163-416B-8411-F16D46073955}.exe Deleted
C:\WINDOWS\system32\{3F72D443-432A-4D8D-98C8-FE929E3396E0}.exe Deleted
C:\WINDOWS\system32\{3FCD4F1D-4586-48A8-9013-AB98C8DBB02D}.exe Deleted
C:\WINDOWS\system32\{432B270D-C2A0-4915-8212-3FE9E4802B32}.exe Deleted
C:\WINDOWS\system32\{436EBB29-E369-4363-B417-29E80CF360CC}.exe Deleted
C:\WINDOWS\system32\{441ED9B0-0E76-4EB3-970D-766ED2523615}.exe Deleted
C:\WINDOWS\system32\{4469AF1E-AADD-46EF-A74F-4377FD2053F2}.exe Deleted
C:\WINDOWS\system32\{447F9B27-20AB-4DFD-84FE-3C760F35FF32}.exe Deleted
C:\WINDOWS\system32\{450C8352-9BEB-4C3B-8FB5-66A6AB36C9A7}.exe Deleted
C:\WINDOWS\system32\{455FDFEF-A0B3-488D-809F-E179C94F0F73}.exe Deleted
C:\WINDOWS\system32\{455FFEE6-B44A-46B0-9C7D-7729CAB8A52D}.exe Deleted
C:\WINDOWS\system32\{4583A983-3C32-4336-8C65-0E11CA91B3F8}.exe Deleted
C:\WINDOWS\system32\{4646F1E2-E315-4441-8C01-FE44B4E86190}.exe Deleted
C:\WINDOWS\system32\{46A1788B-5FA2-41C5-90E6-AA5440296565}.exe Deleted
C:\WINDOWS\system32\{46E628A2-F7D9-44F1-B266-34FB8F5CF99E}.exe Deleted
C:\WINDOWS\system32\{4805F245-6640-40A7-BEF2-772F29F96CF4}.exe Deleted
C:\WINDOWS\system32\{483794B0-21BE-4A36-A8D5-2E3CA04A3C08}.exe Deleted
C:\WINDOWS\system32\{484B92FC-8DD8-484B-8C0D-A6541ACE33C2}.exe Deleted
C:\WINDOWS\system32\{48A085C7-8330-464A-890D-C17FE3A6BD59}.exe Deleted
C:\WINDOWS\system32\{49460B14-C326-42F1-8817-451D456159AA}.exe Deleted
C:\WINDOWS\system32\{49EF55E1-EE26-46C6-A0A9-D36FFCE0E9C1}.exe Deleted
C:\WINDOWS\system32\{4A026211-F246-4A9C-B9C6-C15C444EEC76}.exe Deleted
C:\WINDOWS\system32\{4A9D6DFA-AE8F-4ADB-B52D-157C2554D803}.exe Deleted
C:\WINDOWS\system32\{4B371CCA-FE0E-4FA5-8C3F-DA77BA5F4F8D}.exe Deleted
C:\WINDOWS\system32\{4B643C5D-F167-4F72-958B-F145E27AB17E}.exe Deleted
C:\WINDOWS\system32\{4B745DC5-5D32-4B7F-97BD-CA2BD626128A}.exe Deleted
C:\WINDOWS\system32\{4B86D2C2-1BF9-447D-9AF8-7DBD8990A3E5}.exe Deleted
C:\WINDOWS\system32\{4BC95FA7-2F0C-4B5A-8277-56D02BEFE1DF}.exe Deleted
C:\WINDOWS\system32\{4BE053D2-1002-460D-A317-C296541CB0FF}.exe Deleted
C:\WINDOWS\system32\{4BE9F95A-FEA2-4E13-BF66-D97DE90CCD02}.exe Deleted
C:\WINDOWS\system32\{4C155459-2E2B-4F29-8C57-FB847603A96E}.exe Deleted
C:\WINDOWS\system32\{4C5C58CE-D1A1-4010-BB9E-13CC562C28FD}.exe Deleted
C:\WINDOWS\system32\{4D41FF9B-B065-4503-B3DE-18CBA9ACE799}.exe Deleted
C:\WINDOWS\system32\{4D4BA8AB-E087-45EC-BCC7-B50795E1430C}.exe Deleted
C:\WINDOWS\system32\{4DC4758E-E749-4302-A353-A3AF8BD72206}.exe Deleted
C:\WINDOWS\system32\{4E35AB7D-CF3F-4B91-95F9-34EC6C2ABC84}.exe Deleted
C:\WINDOWS\system32\{4F7E0089-CA82-482D-A065-66F115519085}.exe Deleted
C:\WINDOWS\system32\{4F9A05F1-3F6F-4E44-B3C9-8B2AB29CCE3F}.exe Deleted
C:\WINDOWS\system32\{500E9345-7C71-4415-A72E-BAF3C6F4C4AF}.exe Deleted
C:\WINDOWS\system32\{501F41EE-6487-43B0-9DDB-48FDBE1AC44D}.exe Deleted
C:\WINDOWS\system32\{51AC2890-B841-4298-ACC7-0366C5C33D2F}.exe Deleted
C:\WINDOWS\system32\{530702A9-E099-48CE-AC3E-0E99CB9DEF1F}.exe Deleted
C:\WINDOWS\system32\{55CA7F93-2C75-4B85-9F8A-D8DF84530DB4}.exe Deleted
C:\WINDOWS\system32\{55D09BB8-0089-4953-BE80-EA20974CD314}.exe Deleted
C:\WINDOWS\system32\{55E6466A-FBBA-44CE-8700-A969A7657CAA}.exe Deleted
C:\WINDOWS\system32\{5751CD71-A13C-4F6B-BD28-7BFE9CD71866}.exe Deleted
C:\WINDOWS\system32\{58543E77-0753-45A4-88E0-49577C023F0A}.exe Deleted
C:\WINDOWS\system32\{5892BCDA-42D5-4981-8029-3EDF44A6AFA1}.exe Deleted
C:\WINDOWS\system32\{58E3AA58-EBCB-452A-ADD5-08D80506BE45}.exe Deleted
C:\WINDOWS\system32\{58E98E37-50B8-4312-96C5-2742F7C81487}.exe Deleted
C:\WINDOWS\system32\{595DA992-BF3F-41A7-BCBE-A27CFC42468B}.exe Deleted
C:\WINDOWS\system32\{59852D35-6D41-4880-BAFE-7EA8D38D1E95}.exe Deleted
C:\WINDOWS\system32\{5A31FEE4-7F51-48F5-92F6-539CA160CF3A}.exe Deleted
C:\WINDOWS\system32\{5A400A44-94AA-41DF-8E28-7E17F14C7D3E}.exe Deleted
C:\WINDOWS\system32\{5A8C4D63-D565-4644-97D9-FF14760912C3}.exe Deleted
C:\WINDOWS\system32\{5B9A1EF4-02CC-4F75-B4A5-7AFC0E9949DB}.exe Deleted
C:\WINDOWS\system32\{5C0488CB-CF11-4476-921B-DF63F08968C6}.exe Deleted
C:\WINDOWS\system32\{5CE836BE-ECD7-419F-AAC2-11799D36002A}.exe Deleted
C:\WINDOWS\system32\{5E2E1C23-6D31-48DF-87E5-F838AA807D22}.exe Deleted
C:\WINDOWS\system32\{5EAF8D33-1798-4B67-AA5F-82D21DDF92FE}.exe Deleted
C:\WINDOWS\system32\{608FAAAA-44E0-4AF2-9A4E-CA7B51FD8570}.exe Deleted
C:\WINDOWS\system32\{611F748C-7837-4693-9470-1A2EBFA49CCC}.exe Deleted
C:\WINDOWS\system32\{62A5A14A-7E6A-47C1-8385-D801E96B5E81}.exe Deleted
C:\WINDOWS\system32\{64CA783D-0CD5-41DA-B32B-FE842ACCBE6C}.exe Deleted
C:\WINDOWS\system32\{65FE9705-E3DF-4471-9A01-E11230CDBC11}.exe Deleted
C:\WINDOWS\system32\{668A2769-7B91-470D-B9F7-CAF23A681FB3}.exe Deleted
C:\WINDOWS\system32\{66B679B8-F9EA-440C-A3EF-65CA89CDE44D}.exe Deleted
C:\WINDOWS\system32\{677F4AC4-7193-411D-AF5F-9B4BEAE8375C}.exe Deleted
C:\WINDOWS\system32\{67A02383-8F8D-48FE-BA77-9E2DF7A086E3}.exe Deleted
C:\WINDOWS\system32\{67E00EFE-1141-4F7F-8E4E-03EAD1E1A165}.exe Deleted
C:\WINDOWS\system32\{67F88EF2-3718-45A4-BF81-A22A872917F5}.exe Deleted
C:\WINDOWS\system32\{682C10A7-CB33-4BA6-B523-F18984FD3B09}.exe Deleted
C:\WINDOWS\system32\{6864DAB9-D278-4B0A-92B8-25A517C033F2}.exe Deleted
C:\WINDOWS\system32\{6A0934B3-5F9B-4020-9523-7176BAE1E708}.exe Deleted
C:\WINDOWS\system32\{6AED22A3-11F1-44AB-A772-6A18BB8E12E5}.exe Deleted
C:\WINDOWS\system32\{6B3B5A07-AF59-4AF9-BBEF-9FA8A7FB67B8}.exe Deleted
C:\WINDOWS\system32\{6BB47922-84E5-48CB-9CDE-1BE00F6BDBD7}.exe Deleted
C:\WINDOWS\system32\{6CDD13F2-2F8A-4320-910E-A11B168E026C}.exe Deleted
C:\WINDOWS\system32\{6CF0990C-9CB2-495D-892A-42C1DC4A8B42}.exe Deleted
C:\WINDOWS\system32\{6E5ECAD5-EE88-490E-900B-749A29D40932}.exe Deleted
C:\WINDOWS\system32\{6ED5874E-9036-460F-B76D-40F111A0FFA5}.exe Deleted
C:\WINDOWS\system32\{6EEDFDBA-415D-4BA6-AD73-DB337C20637E}.exe Deleted
C:\WINDOWS\system32\{6F883DEE-2415-44C9-A056-EDC979E2DDE7}.exe Deleted
C:\WINDOWS\system32\{70D17A16-1B24-41C6-B6AC-C1D61E93C88A}.exe Deleted
C:\WINDOWS\system32\{714CA3B8-4199-4048-A226-74F3C08CEC1A}.exe Deleted
C:\WINDOWS\system32\{71CE830F-629C-4F97-B1D6-1FC9B132F6F3}.exe Deleted
C:\WINDOWS\system32\{72FD96D9-C557-4DEB-8D5B-2185F3E86FCF}.exe Deleted
C:\WINDOWS\system32\{73C54794-BE8A-4918-8761-B24F478F30BF}.exe Deleted
C:\WINDOWS\system32\{74C6CD68-CBB2-423A-895C-8A2C070BF48B}.exe Deleted
C:\WINDOWS\system32\{75A470CA-82D9-40C1-8BF2-31C50CE320D6}.exe Deleted
C:\WINDOWS\system32\{77EFD8F2-3BD5-489F-96D6-CC7BAE430488}.exe Deleted
C:\WINDOWS\system32\{7820224B-D83E-42C7-ABED-22EB42D4ACA8}.exe Deleted
C:\WINDOWS\system32\{788237E8-6B9E-483E-9934-4225B187E59C}.exe Deleted
C:\WINDOWS\system32\{78A4527D-4BD8-4976-8F49-E475CB9CF6EF}.exe Deleted
C:\WINDOWS\system32\{79285F66-B63B-443D-8D51-CBA4FAC8AA61}.exe Deleted
C:\WINDOWS\system32\{793F4A03-FE86-48F1-9809-77C17F5E6036}.exe Deleted
C:\WINDOWS\system32\{7A33AEB8-2061-4C7E-AB71-C8DCEBF2443E}.exe Deleted
C:\WINDOWS\system32\{7A7E55DE-9892-4875-A5B0-603A06ABECF7}.exe Deleted
C:\WINDOWS\system32\{7AAF8B40-47EC-4536-977D-9055ECA3480D}.exe Deleted
C:\WINDOWS\system32\{7C791C6A-0106-4100-9B4F-B6A71E7BFB4F}.exe Deleted
C:\WINDOWS\system32\{7C8D452A-DE17-46DD-8A65-372A758EB19F}.exe Deleted
C:\WINDOWS\system32\{7D364D4A-8BE3-47D5-B883-EE864EE7C207}.exe Deleted
C:\WINDOWS\system32\{7E0CEC43-92EA-49A2-A7BE-646F3A1ADE10}.exe Deleted
C:\WINDOWS\system32\{7E1661CD-3E33-4929-8616-BF6306D86BB4}.exe Deleted
C:\WINDOWS\system32\{7E2E24BC-E2D4-42B1-A98E-A0CFD6D51FDB}.exe Deleted
C:\WINDOWS\system32\{7E3AA8D8-6300-4770-A1DE-1ACCE58D97F4}.exe Deleted
C:\WINDOWS\system32\{7F0817B0-9481-4493-A8F7-7093FEB39386}.exe Deleted
C:\WINDOWS\system32\{7F2BD2FC-2C08-458B-98E2-85820875AA9D}.exe Deleted
C:\WINDOWS\system32\{80204C4E-3A99-44E4-9212-BB321CBE0359}.exe Deleted
C:\WINDOWS\system32\{80BC775D-359E-4B79-81A4-277C5A6FFA3C}.exe Deleted
C:\WINDOWS\system32\{81CF6FDB-A632-4BB3-811C-F525EC98CBCF}.exe Deleted
C:\WINDOWS\system32\{82C8B6C0-FFE2-447D-925E-E22E21C44B8B}.exe Deleted
C:\WINDOWS\system32\{838F9E1C-A221-419C-BF0B-C7CD8F6C7FC1}.exe Deleted
C:\WINDOWS\system32\{83AC4D07-CB49-4347-A124-F1EEA3426306}.exe Deleted
C:\WINDOWS\system32\{83AD41B3-79B7-484D-B243-A8128FC231EB}.exe Deleted
C:\WINDOWS\system32\{83B610E7-E4B2-46B7-A592-F46864CD73F9}.exe Deleted
C:\WINDOWS\system32\{83E4EACA-7E3D-4475-97D3-DD84CD3725F9}.exe Deleted
C:\WINDOWS\system32\{843FDC28-4F1C-42CC-8389-7CE74C31D134}.exe Deleted
C:\WINDOWS\system32\{84464844-08E3-4F35-941F-E1DDF723CE2B}.exe Deleted
C:\WINDOWS\system32\{84B0001F-0257-4EAE-8D51-6D69FEC6A940}.exe Deleted
C:\WINDOWS\system32\{85408755-D073-4FA9-9039-F16BE2B6AC2B}.exe Deleted
C:\WINDOWS\system32\{85D0E323-758C-4A9D-81B5-90B9C5A3644A}.exe Deleted
C:\WINDOWS\system32\{85E56E1E-757A-4440-B0A8-79BF3640AB5B}.exe Deleted
C:\WINDOWS\system32\{86C03B75-1AEE-4871-964B-4E99C860E8F6}.exe Deleted
C:\WINDOWS\system32\{87E30E70-F798-45A8-B9A9-DF2D921124AE}.exe Deleted
C:\WINDOWS\system32\{880C6EB0-6B6E-48F3-BBAC-405BA7214674}.exe Deleted
C:\WINDOWS\system32\{88BBB8A6-8130-402B-944C-A93F2D983CDE}.exe Deleted
C:\WINDOWS\system32\{88E256F2-D9E9-4D33-A8D7-3B9920F8F892}.exe Deleted
C:\WINDOWS\system32\{88FB6AD5-1502-44AA-8F1C-9A9923471C7F}.exe Deleted
C:\WINDOWS\system32\{89ED7F46-1D4F-4EAB-9B0D-3667117F0762}.exe Deleted
C:\WINDOWS\system32\{8ABA0F5C-34D9-475B-BC49-8DD5E7F550E4}.exe Deleted
C:\WINDOWS\system32\{8B0EAA6E-1654-4C80-8576-8159E46A7145}.exe Deleted
C:\WINDOWS\system32\{8BBEAD2C-5C0A-4A79-BB54-5D07C350292A}.exe Deleted
C:\WINDOWS\system32\{8C407B3B-C9A4-4930-8CF3-CB2287A5CB53}.exe Deleted
C:\WINDOWS\system32\{8C77397E-CC4B-4AC9-A167-715A3666F4C9}.exe Deleted
C:\WINDOWS\system32\{8C8651DE-38F9-4BC0-AE14-7BC3D582F39F}.exe Deleted
C:\WINDOWS\system32\{8CC90300-BDAA-4E00-8843-C6E23B3E6D52}.exe Deleted
C:\WINDOWS\system32\{8CFE754F-D2D4-44DC-9826-3B27016253CB}.exe Deleted
C:\WINDOWS\system32\{8D9BA0BA-2E95-4A67-8AAF-046CD019D65E}.exe Deleted
C:\WINDOWS\system32\{8DCDCDD2-9AEC-460A-ADBB-64F790B31506}.exe Deleted
C:\WINDOWS\system32\{8DDCEFC8-6CD4-4102-8334-3F7D22FB463D}.exe Deleted
C:\WINDOWS\system32\{8E9926B8-9D7B-44E0-83D0-F745B5EF50F1}.exe Deleted
C:\WINDOWS\system32\{8EAEDFCF-2DF0-4437-AFA3-D3AF44CB3851}.exe Deleted
C:\WINDOWS\system32\{910D67C3-95A1-41DB-83A1-CE9F4A35D815}.exe Deleted
C:\WINDOWS\system32\{91853ADF-C4E9-4D7A-B426-B83DB2633212}.exe Deleted
C:\WINDOWS\system32\{91ABB766-D357-4F0F-8A0F-8CF4ED83AE43}.exe Deleted
C:\WINDOWS\system32\{92788E1E-93C1-4B7C-999A-CB0EEAC05155}.exe Deleted
C:\WINDOWS\system32\{92BDB1A3-197C-4B76-A1C7-0C5128CE97A8}.exe Deleted
C:\WINDOWS\system32\{93EF1C2A-AC0C-4F5A-97A1-53340156D6F4}.exe Deleted
C:\WINDOWS\system32\{944E8516-99C7-46A0-AC60-683B6E0AFCD4}.exe Deleted
C:\WINDOWS\system32\{9456739B-534B-44D7-9AF5-747942B67F1A}.exe Deleted
C:\WINDOWS\system32\{94E54B8C-1C7D-4557-BD25-2EBFB104AAD5}.exe Deleted
C:\WINDOWS\system32\{94FC9A91-31C6-41E0-B4E1-2FC8C5F8C230}.exe Deleted
C:\WINDOWS\system32\{950F1245-C7B1-4BD8-AEFA-3B513B494210}.exe Deleted
C:\WINDOWS\system32\{954CD326-8709-438A-97C8-BC9ADE9B48AE}.exe Deleted
C:\WINDOWS\system32\{976FA90A-3F00-4593-9E12-3BCF962123F7}.exe Deleted
C:\WINDOWS\system32\{979479E6-4E31-4AFE-AE63-68F020CC5955}.exe Deleted
C:\WINDOWS\system32\{97E343F4-29D9-4A4E-94F1-42E95828EBC6}.exe Deleted
C:\WINDOWS\system32\{98D4D0DB-4B82-4882-8F29-E00F5A8E2355}.exe Deleted
C:\WINDOWS\system32\{994088EC-8181-4A05-B9C3-6EE680916AA5}.exe Deleted
C:\WINDOWS\system32\{9A60E396-7046-4140-A589-BA0F5A7EEAE7}.exe Deleted
C:\WINDOWS\system32\{9C8B92B7-D2D4-45EE-9DBF-5FA918C6E9C3}.exe Deleted
C:\WINDOWS\system32\{9D162A84-97DF-4DDA-933D-A74475D5073F}.exe Deleted
C:\WINDOWS\system32\{9D2991F0-AF91-4016-994F-09B89C0B4F01}.exe Deleted
C:\WINDOWS\system32\{9DD9C535-F7B6-48C6-8B6B-C09B37C3023C}.exe Deleted
C:\WINDOWS\system32\{9E76C626-2F77-4C2C-995E-E1DDCAD19A3B}.exe Deleted
C:\WINDOWS\system32\{9E95573D-3B11-4E08-A201-019728FD84AB}.exe Deleted
C:\WINDOWS\system32\{9E9BA459-571E-4842-B3E4-C4B4CBA63F07}.exe Deleted
C:\WINDOWS\system32\{9F592F13-B455-440D-BA3A-729179AD1D0B}.exe Deleted
C:\WINDOWS\system32\{9FCAA2DC-4516-4575-8EFB-ADFCDA32C6EE}.exe Deleted
C:\WINDOWS\system32\{A0AF3A8B-7108-4F10-B69A-8DC60EC508AA}.exe Deleted
C:\WINDOWS\system32\{A1929EC4-B083-482B-9EE5-FA378BF8DABC}.exe Deleted
C:\WINDOWS\system32\{A1EB0638-4E71-4CFA-BC01-6B4C0B27AB3E}.exe Deleted
C:\WINDOWS\system32\{A202A8A7-97E3-4927-AB31-478ABE974982}.exe Deleted
C:\WINDOWS\system32\{A233256D-00AF-4494-9A1B-8AA549898572}.exe Deleted
C:\WINDOWS\system32\{A24EFCD6-7D2C-4B70-B2EF-761CFB388D34}.exe Deleted
C:\WINDOWS\system32\{A26C76CF-AEE0-4028-B681-A43A9FD90924}.exe Deleted
C:\WINDOWS\system32\{A2A01C9C-0BCB-45C1-A2F6-5E963F89542A}.exe Deleted
C:\WINDOWS\system32\{A3664FA6-9DC3-4D78-A1E2-BEFBB72DE9CF}.exe Deleted
C:\WINDOWS\system32\{A46137AF-EEFA-4E55-BDCF-297E8BD67FC3}.exe Deleted
C:\WINDOWS\system32\{A46B0025-1D5F-43EF-A0E0-5FCA1F5908B8}.exe Deleted
C:\WINDOWS\system32\{A54767AD-CDCA-456F-BD12-5799B1EC60B2}.exe Deleted
C:\WINDOWS\system32\{A54F6B9A-7151-4CA4-8858-825DA9C9A926}.exe Deleted
C:\WINDOWS\system32\{A6E931FD-C262-4FAE-9302-E5804E22D139}.exe Deleted
C:\WINDOWS\system32\{A73DDFC0-3DF3-4377-B201-84397C52F8A7}.exe Deleted
C:\WINDOWS\system32\{A7B7B93E-76C6-4E98-9EDC-B70A8F724B36}.exe Deleted
C:\WINDOWS\system32\{A81CD005-81FD-4B30-832B-0A7949B43930}.exe Deleted
C:\WINDOWS\system32\{A82C5B8F-8B9F-4943-BAE0-8B9FA7E99237}.exe Deleted
C:\WINDOWS\system32\{A83D5434-8023-4C74-B122-A28D13D8AE7F}.exe Deleted
C:\WINDOWS\system32\{A89A1420-877B-42B4-AC2C-69A6FA45D9B2}.exe Deleted
C:\WINDOWS\system32\{A8B94ECB-AA0A-49EF-8E41-782FC4AB2B65}.exe Deleted
C:\WINDOWS\system32\{A976709C-3FE4-4CDB-9822-52C13D23A88E}.exe Deleted
C:\WINDOWS\system32\{ABD5C97F-DFE3-4F3A-9A48-C923D81A2AC7}.exe Deleted
C:\WINDOWS\system32\{AC01B1C5-E3C7-4914-85AF-1360CEDD98F7}.exe Deleted
C:\WINDOWS\system32\{AC6369A3-5A74-496D-9D42-74DBECF4117D}.exe Deleted
C:\WINDOWS\system32\{ACEE9DD1-5472-48A2-9C81-5ADF937F128A}.exe Deleted
C:\WINDOWS\system32\{AD834F9C-7D94-4701-B54E-DDF3E36B5234}.exe Deleted
C:\WINDOWS\system32\{AD921070-A86F-4B93-8AD8-AE4C278C1925}.exe Deleted
C:\WINDOWS\system32\{ADA9FA4B-40B2-4018-AC3B-662C49BCC42E}.exe Deleted
C:\WINDOWS\system32\{AE32F41B-B407-4FA4-A2E8-660174AE8761}.exe Deleted
C:\WINDOWS\system32\{B0071C35-F43F-4758-A50E-8E3AE20FDA0C}.exe Deleted
C:\WINDOWS\system32\{B0CEA461-C98C-4CBC-9CE2-98C4FD9BBDA6}.exe Deleted
C:\WINDOWS\system32\{B1944ECB-0527-4695-9238-4C2311D75ED4}.exe Deleted
C:\WINDOWS\system32\{B1FBCA63-1BA9-4D8B-8F6D-EAECB1AE3EC1}.exe Deleted
C:\WINDOWS\system32\{B1FE2BD4-2AE9-46AD-9A05-48C2B9CC7149}.exe Deleted
C:\WINDOWS\system32\{B2F3E680-73A3-44EA-AC12-D8FD04A86AF6}.exe Deleted
C:\WINDOWS\system32\{B314B423-D4B8-4338-9093-5816171FB008}.exe Deleted
C:\WINDOWS\system32\{B3C090AD-66E2-4DF0-BD5D-629112190A94}.exe Deleted
C:\WINDOWS\system32\{B443C0CE-9DB6-4061-9D94-298331A62FEB}.exe Deleted
C:\WINDOWS\system32\{B48C5448-2206-4B4E-8102-D9CCD5CEB7C5}.exe Deleted
C:\WINDOWS\system32\{B52C92D2-FF11-4149-B5BB-B0D256BDFD5D}.exe Deleted
C:\WINDOWS\system32\{B53F294B-2817-4CB0-8BDE-D2C1005967D8}.exe Deleted
C:\WINDOWS\system32\{B566DCC1-44BC-4906-BD6B-9DD481D66048}.exe Deleted
C:\WINDOWS\system32\{B5E7C928-0D87-4FD7-ABC1-6E61F002F8D4}.exe Deleted
C:\WINDOWS\system32\{B7E01F8C-92C3-45AE-924C-E652E6BEE3F0}.exe Deleted
C:\WINDOWS\system32\{B81E5987-57BD-4E24-A48E-DD0DD21FA215}.exe Deleted
C:\WINDOWS\system32\{B840C5E9-2963-4D52-A24E-9C7C0FD70874}.exe Deleted
C:\WINDOWS\system32\{B92FDE7E-779F-491B-857D-7BA7B4CF5AAA}.exe Deleted
C:\WINDOWS\system32\{B9628719-E0D6-4099-AE23-43392C632DA7}.exe Deleted
C:\WINDOWS\system32\{BC320483-FA15-4DA5-BDB9-6C2B4DD4C5C9}.exe Deleted
C:\WINDOWS\system32\{BCA1B5DA-0B86-47ED-85D9-6876287C8D5C}.exe Deleted
C:\WINDOWS\system32\{BCEA266B-F5A9-4934-BF60-ACC0E7503C17}.exe Deleted
C:\WINDOWS\system32\{BCF86100-9F9F-4931-BCB3-2B432886F294}.exe Deleted
C:\WINDOWS\system32\{BD2696BE-892A-40B4-AC59-396CAEBB8533}.exe Deleted
C:\WINDOWS\system32\{BD3799CD-81D2-4C7D-8AAF-CE604114D802}.exe Deleted
C:\WINDOWS\system32\{BE31B029-7A2F-4458-A65E-F670AD06C7AC}.exe Deleted
C:\WINDOWS\system32\{C04408AC-EA9F-4CD5-9983-B2BF006D9832}.exe Deleted
C:\WINDOWS\system32\{C05F77C6-1FF5-481A-9E91-B89D3E6FCFDC}.exe Deleted
C:\WINDOWS\system32\{C077C68C-FBC3-41DD-8735-457020EFFE3D}.exe Deleted
C:\WINDOWS\system32\{C08D2AE0-0BF8-4E15-BDA7-CF47774D5C27}.exe Deleted
C:\WINDOWS\system32\{C0BA6D44-79FE-44F6-804B-E686729235FF}.exe Deleted
C:\WINDOWS\system32\{C0BEF7AE-0DC2-484A-AE87-6B681E6AB152}.exe Deleted
C:\WINDOWS\system32\{C0FEA051-1A16-4744-9A63-0509E0F6D52E}.exe Deleted
C:\WINDOWS\system32\{C15E642F-3803-4401-9458-4B56C3D405EE}.exe Deleted
C:\WINDOWS\system32\{C247F39E-2A1B-4BEA-AAEB-BA41E43E1560}.exe Deleted
C:\WINDOWS\system32\{C2E49689-08FF-4992-80AA-BF44710F27FC}.exe Deleted
C:\WINDOWS\system32\{C38B4574-0F86-4D6E-ADE8-A0D8E63FB701}.exe Deleted
C:\WINDOWS\system32\{C4F2F6AC-D536-4F5B-856E-691B6308AC95}.exe Deleted
C:\WINDOWS\system32\{C56389C2-9793-454F-AF60-2F904638D6EC}.exe Deleted
C:\WINDOWS\system32\{C60E4BC5-E198-472C-8335-1E47A8D34480}.exe Deleted
C:\WINDOWS\system32\{C653BD2D-3846-4696-B835-936E199131F0}.exe Deleted
C:\WINDOWS\system32\{C7374C3E-639B-4A9D-832B-09DB69AE3300}.exe Deleted
C:\WINDOWS\system32\{C7384626-B0A6-477C-A473-7CE5B3F5B781}.exe Deleted
C:\WINDOWS\system32\{C7D9555D-FF93-4797-8980-AADE6B92A2C4}.exe Deleted
C:\WINDOWS\system32\{C84876AE-F160-4147-99F6-92E5A63778B4}.exe Deleted
C:\WINDOWS\system32\{C8B2B55D-D545-4E90-A253-56C7D35AF5DB}.exe Deleted
C:\WINDOWS\system32\{C92B7115-F9E9-44D3-B9A5-90C89A1536D0}.exe Deleted
C:\WINDOWS\system32\{CA7EBDD7-1C41-4AB6-8B66-9AAA1CBFE37A}.exe Deleted
C:\WINDOWS\system32\{CABD0CF4-9727-4B39-A019-E6FA85CCF64A}.exe Deleted
C:\WINDOWS\system32\{CB09FE04-8F1E-45A0-AC34-91C0F5D2C7FB}.exe Deleted
C:\WINDOWS\system32\{CB622B5B-11C1-4B5B-9DE6-DDAB4ECE8815}.exe Deleted
C:\WINDOWS\system32\{CB942382-7B32-4803-A07C-CF60409364A6}.exe Deleted
C:\WINDOWS\system32\{CE189505-2090-45CB-B856-C6D048599A12}.exe Deleted
C:\WINDOWS\system32\{CE45B916-7DBF-40DB-A476-8CAE1B6CB2BE}.exe Deleted
C:\WINDOWS\system32\{CF2A3AC4-AA33-4CFA-9E77-4FC460F253C8}.exe Deleted
C:\WINDOWS\system32\{CF6B69FC-7B71-41D0-8B5F-60AFF584D381}.exe Deleted
C:\WINDOWS\system32\{D0418D85-3C3E-46F6-A694-4E3D2DFC10AB}.exe Deleted
C:\WINDOWS\system32\{D0539814-0405-4549-B2CA-C0EC36511B54}.exe Deleted
C:\WINDOWS\system32\{D16B3C8E-7501-48F2-9E87-6B64921B9935}.exe Deleted
C:\WINDOWS\system32\{D19B7AD3-E417-4EA1-B42B-C81E188716E4}.exe Deleted
C:\WINDOWS\system32\{D246016D-D3B4-437F-A3F5-086B205F2BE7}.exe Deleted
C:\WINDOWS\system32\{D24DE10F-1807-4478-968A-0FB45012AB16}.exe Deleted
C:\WINDOWS\system32\{D27497F2-3ED6-43A1-A39E-7FC036C69445}.exe Deleted
C:\WINDOWS\system32\{D289C2C7-8FD8-4CD8-88F6-1AAC03401124}.exe Deleted
C:\WINDOWS\system32\{D2DAB176-E62E-44BC-99FF-2E346BC64D18}.exe Deleted
C:\WINDOWS\system32\{D30C514D-A24D-4D69-A532-D90CAB3F0C5F}.exe Deleted
C:\WINDOWS\system32\{D36BC78E-5F34-4834-9B22-195A5CE4F2E7}.exe Deleted
C:\WINDOWS\system32\{D3AF370D-FA53-4A16-A05D-622A4D29BAB1}.exe Deleted
C:\WINDOWS\system32\{D42FA6AA-1135-46C3-B732-E973FBF4BA3D}.exe Deleted
C:\WINDOWS\system32\{D59CD9E0-234A-47F1-A30B-907D621487C1}.exe Deleted
C:\WINDOWS\system32\{D5F3B681-F6D9-4B32-96A7-8AE84B6BFB4E}.exe Deleted
C:\WINDOWS\system32\{D671843C-C1E9-40C0-89A1-135818681A7D}.exe Deleted
C:\WINDOWS\system32\{D6753B5F-9252-448C-973A-92DB2B139DC7}.exe Deleted
C:\WINDOWS\system32\{D6E43FA8-E57D-4382-99AF-84A0622309BF}.exe Deleted
C:\WINDOWS\system32\{D8F2587B-E5EC-4BD6-8185-91164898E5C7}.exe Deleted
C:\WINDOWS\system32\{DA2CD825-CE3C-42EF-842B-FA55E5CC4D90}.exe Deleted
C:\WINDOWS\system32\{DA4B5F63-830A-4337-9584-34370B901189}.exe Deleted
C:\WINDOWS\system32\{DA7ED9F0-B05B-4F87-878F-8FA7FD68833A}.exe Deleted
C:\WINDOWS\system32\{DAAE02F8-580C-4628-838B-A5DE8DFA6EA9}.exe Deleted
C:\WINDOWS\system32\{DAAFA753-B981-4D1E-B39B-146828661A7C}.exe Deleted
C:\WINDOWS\system32\{DB4A7E3A-D988-416D-A1C0-66CAB0DF566B}.exe Deleted
C:\WINDOWS\system32\{DBA91EBF-FD9E-487D-9BBA-502DC12FB1F3}.exe Deleted
C:\WINDOWS\system32\{DBF11F06-2CF4-4834-8409-A928320E3D1F}.exe Deleted
C:\WINDOWS\system32\{DD2B4FA8-6994-4710-9DA0-7592C2185066}.exe Deleted
C:\WINDOWS\system32\{DD7177B1-E147-4372-BC3F-9B07C2D79EFD}.exe Deleted
C:\WINDOWS\system32\{DD9519CE-F86B-427D-8A0C-6792CC9734B4}.exe Deleted
C:\WINDOWS\system32\{DDE0F6CC-E69F-4658-B7DF-3528CF427DD5}.exe Deleted
C:\WINDOWS\system32\{DDE63599-D3C5-403B-910A-3B1EE7054DDC}.exe Deleted
C:\WINDOWS\system32\{DE769B04-A4F0-4FA9-9333-54C4633BEEB4}.exe Deleted
C:\WINDOWS\system32\{DEA9F1E7-7CCA-432C-8B23-53F9D0144D7A}.exe Deleted
C:\WINDOWS\system32\{DED9059B-0BA5-408A-8D80-F010B0110A9E}.exe Deleted
C:\WINDOWS\system32\{DEEF671E-F46C-470E-916D-2EBD730166F3}.exe Deleted
C:\WINDOWS\system32\{DEF43C6D-0508-43C0-A7B6-7EB506B088CF}.exe Deleted
C:\WINDOWS\system32\{DFF7EAF8-66FB-4C84-A6A3-2150911C8388}.exe Deleted
C:\WINDOWS\system32\{E09A6DB9-D6AE-4963-99A3-31813B714BF6}.exe Deleted
C:\WINDOWS\system32\{E0F9BACC-FC44-4847-B12A-2A948577408F}.exe Deleted
C:\WINDOWS\system32\{E1A8ED3B-6ED9-4B30-890D-D74997437964}.exe Deleted
C:\WINDOWS\system32\{E2264574-C007-48E5-AD06-CED1B26E44CC}.exe Deleted
C:\WINDOWS\system32\{E356866E-388C-43C9-AAB2-922CE3FF7A25}.exe Deleted
C:\WINDOWS\system32\{E3657333-31BF-4454-8E57-626A5262EB8C}.exe Deleted
C:\WINDOWS\system32\{E37AE19C-39ED-4091-AF9E-8E3AEDEA598B}.exe Deleted
C:\WINDOWS\system32\{E3ADDCBE-7E52-4E8F-B734-FBC2FB441EDE}.exe Deleted
C:\WINDOWS\system32\{E4E1CAEB-66B5-43D6-A00F-54BDAB3DC1B2}.exe Deleted
C:\WINDOWS\system32\{E59E4BCB-E400-4D7E-8CDA-1D0923BBA26A}.exe Deleted
C:\WINDOWS\system32\{E5A6AE5D-246F-4865-9276-204FED64B880}.exe Deleted
C:\WINDOWS\system32\{E5F1D677-973B-4579-B050-A54FBC58B4AB}.exe Deleted
C:\WINDOWS\system32\{E633A108-65F6-457B-AC8F-3D3053CE21FD}.exe Deleted
C:\WINDOWS\system32\{E653A5A3-4711-4CE3-841D-BC6ED17425BF}.exe Deleted
C:\WINDOWS\system32\{E7A9B11A-9AF0-4EE8-84C5-DDD9F62A59A3}.exe Deleted
C:\WINDOWS\system32\{E84BB314-1DA1-4061-9D1A-E40578BAC4A8}.exe Deleted
C:\WINDOWS\system32\{E85C3B88-EC1A-4867-94D0-4AFAA8D36C06}.exe Deleted
C:\WINDOWS\system32\{E9755AFF-A3E6-4FC2-B17E-009E193DF1E3}.exe Deleted
C:\WINDOWS\system32\{EA28F5B0-5F47-4FC2-94ED-ECDC77045A8C}.exe Deleted
C:\WINDOWS\system32\{EA8A50C8-1B87-46C9-94DA-119A87284738}.exe Deleted
C:\WINDOWS\system32\{EAA161F9-5144-4666-84EB-FBCAB718DAD0}.exe Deleted
C:\WINDOWS\system32\{EAE2D9D6-E04C-44FC-A1EC-B97F50199179}.exe Deleted
C:\WINDOWS\system32\{ECA96DDC-6FA7-4D4F-8850-B769C1CA45EA}.exe Deleted
C:\WINDOWS\system32\{ED871528-36B3-4445-9DAB-8BAA18BE3AF6}.exe Deleted
C:\WINDOWS\system32\{EDB2ED37-B5FA-463D-9541-7788773B325A}.exe Deleted
C:\WINDOWS\system32\{EEE73DEB-AE3D-4903-8C05-E8DE9473B677}.exe Deleted
C:\WINDOWS\system32\{EF0C44EA-8CA9-4834-961F-43EF2A0405C3}.exe Deleted
C:\WINDOWS\system32\{EFA98518-0942-45A7-AA4C-3AE786640286}.exe Deleted
C:\WINDOWS\system32\{F0095874-5EA0-4294-BA6F-DCB6A5618CA8}.exe Deleted
C:\WINDOWS\system32\{F01837F1-DD2B-48ED-AEAF-BBD9FC778092}.exe Deleted
C:\WINDOWS\system32\{F03D597C-1D95-4DD6-8FA4-BA4381B5E5EB}.exe Deleted
C:\WINDOWS\system32\{F081094B-0526-4D7C-AB6A-F7BC9BD6FE91}.exe Deleted
C:\WINDOWS\system32\{F18A55BB-461C-4B94-805C-CA8342F1AF0A}.exe Deleted
C:\WINDOWS\system32\{F1AB3CF6-BDBF-482B-A270-A97E6E4BC461}.exe Deleted
C:\WINDOWS\system32\{F2056757-AB06-4DF0-9977-18ADD485982F}.exe Deleted
C:\WINDOWS\system32\{F2AD35CD-C7C7-4E73-8ABD-350A598F89BB}.exe Deleted
C:\WINDOWS\system32\{F3F1A464-7485-4AED-A0C3-58D81FEBA059}.exe Deleted
C:\WINDOWS\system32\{F41CE2EF-332E-49F4-9C2D-0801F8F839F4}.exe Deleted
C:\WINDOWS\system32\{F473422B-FCE8-495F-88EA-D81557730206}.exe Deleted
C:\WINDOWS\system32\{F48D0C2A-E650-4F7F-A6E3-F1C5D0926CAE}.exe Deleted
C:\WINDOWS\system32\{F4DB47E2-A613-494B-B39D-CCA15E7EB9B2}.exe Deleted
C:\WINDOWS\system32\{F5A9C21C-2F69-4C40-814E-108D26FC29F2}.exe Deleted
C:\WINDOWS\system32\{F6184822-D0A0-4932-9C01-A8A06F3A1003}.exe Deleted
C:\WINDOWS\system32\{F72C09ED-48DC-47D3-9820-81FEF9052B8E}.exe Deleted
C:\WINDOWS\system32\{F75462F4-D159-429B-95F5-6CEDE24F74AD}.exe Deleted
C:\WINDOWS\system32\{F9060033-6017-4342-9DA6-04AFA051078A}.exe Deleted
C:\WINDOWS\system32\{F978A7F9-BC47-4E93-8987-10B8E2C9765F}.exe Deleted
C:\WINDOWS\system32\{FAAF82A2-FEC4-4207-A60E-C2DF41974C49}.exe Deleted
C:\WINDOWS\system32\{FB79397D-1BDB-4497-9A71-84A8B5D4C9F1}.exe Deleted
C:\WINDOWS\system32\{FBC7CC41-A899-44B6-BCA4-1902C2E03A18}.exe Deleted
C:\WINDOWS\system32\{FCBD0012-678B-497F-828A-47E4CF378ED9}.exe Deleted
C:\WINDOWS\system32\{FDA99A56-3011-4B85-A0DA-AC42F99EF495}.exe Deleted
C:\WINDOWS\system32\{FDCCF9D3-F918-4774-94E2-5A35B96A671A}.exe Deleted
C:\WINDOWS\system32\{FE4EC818-A556-47F0-9BE8-E6BFBC9DF82F}.exe Deleted
C:\WINDOWS\system32\{FF885C31-FFFE-472C-A5C9-5775A5173C74}.exe Deleted
C:\WINDOWS\system32\{FFC60EA6-D3E1-4BF2-8180-F2AB43286307}.exe Deleted
C:\WINDOWS\System32\kernel32.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

C:\WINDOWS\system32\csgxm.exe 52770 20/02/2007


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or https://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\dmbim.ren 57909 05/08/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"VTTimer"="VTTimer.exe"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\\PROGRA~1\\HELPAN~1\\Presario\\XPHWWRF4\\plugin\\bin\\pchbutton.exe"
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»



Et pour hjt, le 2ème rapport:

Logfile of HijackThis v1.99.1
Scan saved at 20:34:23, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fr\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



A priori, le problème est résolu, mon arrière plan de bureau est de nouveau accessible (et accessoirement, aucun problème de connexion après le fix)....

Donc, un GRAND MERCI, tu viens d'éviter à mon ordi de finir sauvagement écrasé sur le bitume! ;-)

Par contre d'après le rapport du fix, il me reste qqch à faire... Je suis allé sur le 1er lien proposé (virustotal), j'ai selectionné le fichier suspect dans la fenêtre 'parcourir', puis lancé le scan dont voici le rapport:

STATUS: FINISHEDComplete scanning result of "csgxm.exe", received in VirusTotal at 02.28.2007, 20:46:36 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.28.2007 TR/Dldr.DNSChanger.Gen
Authentium 4.93.8 02.28.2007 could be a corrupted executable file
Avast 4.7.936.0 02.28.2007 no virus found
AVG 7.5.0.447 02.28.2007 Downloader.Agent.IXW
BitDefender 7.2 02.28.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 02.28.2007 TrojanDownloader.Agent.uj
ClamAV devel-20060426 02.28.2007 no virus found
DrWeb 4.33 02.28.2007 no virus found
eSafe 7.0.14.0 02.28.2007 Win32.Polipos.sus
eTrust-Vet 30.6.3441 02.28.2007 Win32/Alureon!generic
Ewido 4.0 02.28.2007 Downloader.Agent.uj
FileAdvisor 1 02.28.2007 no virus found
Fortinet 2.85.0.0 02.28.2007 W32/Agent.UJ!tr.dldr
F-Prot 4.3.1.45 02.28.2007 W32/new-malware!Maximus
F-Secure 6.70.13030.0 02.28.2007 Trojan-Downloader.Win32.Agent.uj
Ikarus T3.1.1.3 02.28.2007 no virus found
Kaspersky 4.0.2.24 02.28.2007 Trojan-Downloader.Win32.Agent.uj
McAfee 4973 02.28.2007 Spy-Agent.bc
Microsoft 1.2204 02.28.2007 Win32/Alureon.A
NOD32v2 2085 02.28.2007 a variant of Win32/Small.FB
Norman 5.80.02 02.28.2007 W32/Agent.BCVU
Panda 9.0.0.4 02.28.2007 Suspicious file
Prevx1 V2 02.28.2007 no virus found
Sophos 4.14.0 02.26.2007 Mal/Behav-010
Sunbelt 2.2.907.0 02.24.2007 VIPRE.Suspicious
Symantec 10 02.28.2007 Bloodhound.Packed.7
TheHacker 6.1.6.065 02.26.2007 no virus found
UNA 1.83 02.28.2007 TrojanDownloader.Win32.Agent.A967
VBA32 3.11.2 02.27.2007 MalwareScope.Trojan.DnsChange.1
VirusBuster 4.3.19:9 02.28.2007 no virus found


Aditional Information
File size: 52770 bytes
MD5: 0510c723063e20d894a655e8bda654e0
SHA1: 2440ce3b549ae293ab38fe60ede3d5d08f5a508f
packers: PECRYPT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


Je sais pas si c'est normal, mais j'ai l'impression que c'est le bordel, et je panique un peu... Qu'en est-il? Merci d'avance!
0
Réponse 3 / 12
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
28 févr. 2007 à 22:50 
Donc, un GRAND MERCI, tu viens d'éviter à mon ordi de finir sauvagement écrasé sur le bitume! ;-)


tant que ça ? 

Par contre d'après le rapport du fix, il me reste qqch à faire... Je suis allé sur le 1er lien proposé (virustotal), j'ai selectionné le fichier suspect dans la fenêtre 'parcourir', puis lancé le scan dont voici le rapport:


bonne initiative.
pas terrible ce qu'il dit. tu vas
* Fait un scan antivirus en ligne
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.


(sauvegarder le rapport au format TEXTE svp. merci)
0
Réponse 4 / 12
elektrikpustul Messages postés 6 Date d'inscription lundi 26 février 2007 Statut Membre Dernière intervention 4 mars 2007
3 mars 2007 à 20:09
salut!

J'ai donc scanné avec bitdefender. Un seul petit souci: mon 1er scan a plantè juste à la fin, et je n'ai donc pas pu sauvegarder le rapport.. Il avait trouvé 1 virus implanté dans 10 fichiers, qu'il a tenté de réparer et finallement supprimé.

J'ai relancé un nouveau scan aujourd'hui, 1 virus dans un fichier. Voici le rapport (au format texte, donc):



<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Sat, Mar 03, 2007 - 19:54:05</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">02:55:11</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">995558</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6963</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">15318</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">123604</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">402430</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP207\A0156947.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Peed.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP207\A0156947.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{88F0EC16-5093-454D-BD2D-4DD02919E000}\RP207\A0156947.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>


Voilà.. Merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
3 mars 2007 à 22:06
bonsoir,

localisé dans la restauration système.

Refait un scan avec Hijackthis stp, poste le

0
Réponse 6 / 12
elektrikpustul Messages postés 6 Date d'inscription lundi 26 février 2007 Statut Membre Dernière intervention 4 mars 2007
3 mars 2007 à 23:21
ok, voilà la suite:

Logfile of HijackThis v1.99.1
Scan saved at 23:19:37, on 03/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fr\msnappau.exe
C:\Program Files\Samsung\Digimax Master\DigimaxMaster.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\famille\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


;-)
0
Réponse 7 / 12
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
3 mars 2007 à 23:35
re

as tu encore des problèmes ou non ?
0
Réponse 8 / 12
elektrikpustul Messages postés 6 Date d'inscription lundi 26 février 2007 Statut Membre Dernière intervention 4 mars 2007
4 mars 2007 à 00:10
re..

Ben a priori, plus de soucis! Si ça peut rester comme ça,moi ça me va! Après, j'espère que je n'aurai pas des problèmes récurrents! Mais après tout.. C le jeu!

Donc, on dira que c bueno pour le moment, on verra avec le temps!
Merci encore, et à plus!

;-)
0
Réponse 9 / 12
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
4 mars 2007 à 00:14
ca me parait pas mal maintenant

supprime
fixwareout
et les rapports qui vont avec

désactive ta restauration système, reboote ton pc, et ré active la.

Met ton topic en RESOLU stp. Merci

bon we



0
Réponse 10 / 12
elektrikpustul Messages postés 6 Date d'inscription lundi 26 février 2007 Statut Membre Dernière intervention 4 mars 2007
4 mars 2007 à 13:40
yes, c'est bon!

Merci d'avoir pris le temps de te pencher sur mon problème!
Bon Week End. Salut!
0
Réponse 11 / 12
sam
16 déc. 2007 à 11:03
merci a toi philae83 avec fixwareout j'ai pu corriger mon pb, merci encore ....Sam
0
Réponse 12 / 12
Jeje
8 déc. 2008 à 17:42
Faire une recherche sous regedit.exe et chercher la clé "NoChangingWallpaper"
Changer la valeur "1" en "0" et le tour est joué.
0

Discussions similaires

Open office image arriere plan
NicoFire -
lecon -

14 réponses