Sujet Précédent Sujet Suivant

Infection Tjn Win32 + storageprotector HELP!

PacoE Messages postés 37 Statut Membre -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

Mon PC est infecté par le trojan win32 TratBHO. quand avast touve un fichier infecté je le met en quarantaine mais jai l'impression que cela ne sert a rien.
jai également découvert sur mon bureau 2 noueau raccourcis (liens vers une page web storageprotector)
Jai également plus de 1000 fichiers .tmp qui se sont créé a la racine de mon disque C:
mon pc galère trop. je ne sais plus quoi faire A l'AIDE!!!!

jai lu plsieur sujet sur des pb similaire au mien mai visiblement le process a suivre pour eliminer ces infection n'est pas standardisé. alors vola je créer mon propre sujet en espérant qu'une ame charitable puisse m'aider

ci dessous le dernier rapport d'avast daté d'hier j'espère que ca peut aidé:

16/01/2008 20:45
Analyse de tous les lecteurs locaux
Fichier C:\IBMWORK\Q328345\328345NL.EXE Erreur 42003 {Erreur interne au programme.}
Fichier C:\Program Files\Ahead\CoverDesigner\CoverEdCtrl.ocx Erreur 42003 {Erreur interne au programme.}
Fichier C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\urlmon.dll Erreur 42003 {Erreur interne au programme.}
Fichier C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll Erreur 42003 {Erreur interne au programme.}
Fichier C:\WINDOWS\ServicePackFiles\i386\autofmt.exe Erreur 42003 {Erreur interne au programme.}
Fichier C:\WINDOWS\ServicePackFiles\i386\microsoft.jscript.dll Erreur 42003 {Erreur interne au programme.}
Fichier C:\WINDOWS\system32\cbaww.dll est infecté par Win32:TratBHO [Trj], Mis en quarantaine
Fichier C:\WINDOWS\system32\cbxyv.dll est infecté par Win32:TratBHO [Trj], Mis en quarantaine
Fichier C:\WINDOWS\system32\ddaya.dll est infecté par Win32:TratBHO [Trj], Mis en quarantaine
Fichier C:\WINDOWS\system32\gebyy.dll est infecté par Win32:TratBHO [Trj], Mis en quarantaine
Fichier C:\WINDOWS\system32\oppom.dll est infecté par Win32:TratBHO [Trj], Mis en quarantaine
Fichier C:\WINDOWS\system32\wvwwu.dll est infecté par Win32:TratBHO [Trj], Mis en quarantaine
Fichier C:\WINDOWS\system32\xxyxw.dll est infecté par Win32:TratBHO [Trj], Mis en quarantaine

Nombre de dossiers parcourus : 5892
Nombre de fichiers analysés : 73591
Nombre de fichiers infectés : 7

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
PacoE Messages postés 37 Statut Membre 3
 
rapport combofix suite :

C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6B.tmp
C:\pos6C.tmp
C:\pos6D.tmp
C:\pos6E.tmp
C:\pos6F.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos700.tmp
C:\pos701.tmp
C:\pos702.tmp
C:\pos703.tmp
C:\pos704.tmp
C:\pos705.tmp
C:\pos706.tmp
C:\pos707.tmp
C:\pos708.tmp
C:\pos709.tmp
C:\pos70A.tmp
C:\pos70B.tmp
C:\pos70C.tmp
C:\pos70D.tmp
C:\pos70E.tmp
C:\pos70F.tmp
C:\pos71.tmp
C:\pos710.tmp
C:\pos711.tmp
C:\pos712.tmp
C:\pos713.tmp
C:\pos714.tmp
C:\pos715.tmp
C:\pos716.tmp
C:\pos717.tmp
C:\pos718.tmp
C:\pos719.tmp
C:\pos71A.tmp
C:\pos71B.tmp
C:\pos71C.tmp
C:\pos71D.tmp
C:\pos71E.tmp
C:\pos71F.tmp
C:\pos72.tmp
C:\pos720.tmp
C:\pos721.tmp
C:\pos722.tmp
C:\pos723.tmp
C:\pos724.tmp
C:\pos725.tmp
C:\pos726.tmp
C:\pos727.tmp
C:\pos728.tmp
C:\pos729.tmp
C:\pos72A.tmp
C:\pos72B.tmp
C:\pos72C.tmp
C:\pos72D.tmp
C:\pos72E.tmp
C:\pos72F.tmp
C:\pos73.tmp
C:\pos730.tmp
C:\pos731.tmp
C:\pos732.tmp
C:\pos733.tmp
C:\pos734.tmp
C:\pos735.tmp
C:\pos736.tmp
C:\pos737.tmp
C:\pos738.tmp
C:\pos739.tmp
C:\pos73A.tmp
C:\pos73B.tmp
C:\pos73C.tmp
C:\pos73D.tmp
C:\pos73E.tmp
C:\pos73F.tmp
C:\pos74.tmp
C:\pos740.tmp
C:\pos741.tmp
C:\pos742.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7B.tmp
C:\pos7C.tmp
C:\pos7D.tmp
C:\pos7E.tmp
C:\pos7F.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos800.tmp
C:\pos801.tmp
C:\pos802.tmp
C:\pos803.tmp
C:\pos804.tmp
C:\pos805.tmp
C:\pos806.tmp
C:\pos807.tmp
C:\pos808.tmp
C:\pos809.tmp
C:\pos80A.tmp
C:\pos80B.tmp
C:\pos80C.tmp
C:\pos80D.tmp
C:\pos80E.tmp
C:\pos80F.tmp
C:\pos81.tmp
C:\pos810.tmp
C:\pos811.tmp
C:\pos812.tmp
C:\pos813.tmp
C:\pos814.tmp
C:\pos815.tmp
C:\pos816.tmp
C:\pos817.tmp
C:\pos818.tmp
C:\pos819.tmp
C:\pos81A.tmp
C:\pos81B.tmp
C:\pos81C.tmp
C:\pos81D.tmp
C:\pos81E.tmp
C:\pos81F.tmp
C:\pos82.tmp
C:\pos820.tmp
C:\pos821.tmp
C:\pos822.tmp
C:\pos823.tmp
C:\pos824.tmp
C:\pos825.tmp
C:\pos826.tmp
C:\pos827.tmp
C:\pos828.tmp
C:\pos829.tmp
C:\pos82A.tmp
C:\pos82B.tmp
C:\pos82C.tmp
C:\pos82D.tmp
C:\pos82E.tmp
C:\pos82F.tmp
C:\pos83.tmp
C:\pos830.tmp
C:\pos831.tmp
C:\pos832.tmp
C:\pos833.tmp
C:\pos834.tmp
C:\pos835.tmp
C:\pos836.tmp
C:\pos837.tmp
C:\pos838.tmp
C:\pos839.tmp
C:\pos83A.tmp
C:\pos83B.tmp
C:\pos83C.tmp
C:\pos83D.tmp
C:\pos83E.tmp
C:\pos83F.tmp
C:\pos84.tmp
C:\pos840.tmp
C:\pos841.tmp
C:\pos842.tmp
C:\pos843.tmp
C:\pos844.tmp
C:\pos845.tmp
C:\pos846.tmp
C:\pos847.tmp
C:\pos848.tmp
C:\pos849.tmp
C:\pos84A.tmp
C:\pos84B.tmp
C:\pos84C.tmp
C:\pos84D.tmp
C:\pos84E.tmp
C:\pos84F.tmp
C:\pos85.tmp
C:\pos850.tmp
C:\pos851.tmp
C:\pos852.tmp
C:\pos853.tmp
C:\pos854.tmp
C:\pos855.tmp
C:\pos856.tmp
C:\pos857.tmp
C:\pos858.tmp
C:\pos859.tmp
C:\pos85A.tmp
C:\pos85B.tmp
C:\pos85C.tmp
C:\pos85D.tmp
C:\pos85E.tmp
C:\pos85F.tmp
C:\pos86.tmp
C:\pos860.tmp
C:\pos861.tmp
C:\pos862.tmp
C:\pos863.tmp
C:\pos864.tmp
C:\pos865.tmp
C:\pos866.tmp
C:\pos867.tmp
C:\pos868.tmp
C:\pos869.tmp
C:\pos86A.tmp
C:\pos86B.tmp
C:\pos86C.tmp
C:\pos86D.tmp
C:\pos86E.tmp
C:\pos86F.tmp
C:\pos87.tmp
C:\pos870.tmp
C:\pos871.tmp
C:\pos872.tmp
C:\pos873.tmp
C:\pos874.tmp
C:\pos875.tmp
C:\pos876.tmp
C:\pos877.tmp
C:\pos878.tmp
C:\pos879.tmp
C:\pos87A.tmp
C:\pos87B.tmp
C:\pos87C.tmp
C:\pos87D.tmp
C:\pos87E.tmp
C:\pos87F.tmp
C:\pos88.tmp
C:\pos880.tmp
C:\pos881.tmp
C:\pos882.tmp
C:\pos883.tmp
C:\pos884.tmp
C:\pos885.tmp
C:\pos886.tmp
C:\pos887.tmp
C:\pos888.tmp
C:\pos889.tmp
C:\pos88A.tmp
C:\pos88B.tmp
C:\pos88C.tmp
C:\pos88D.tmp
C:\pos88E.tmp
C:\pos88F.tmp
C:\pos89.tmp
C:\pos890.tmp
C:\pos891.tmp
C:\pos892.tmp
C:\pos893.tmp
C:\pos894.tmp
C:\pos895.tmp
C:\pos896.tmp
C:\pos897.tmp
C:\pos898.tmp
C:\pos899.tmp
C:\pos89A.tmp
C:\pos89B.tmp
C:\pos89C.tmp
C:\pos89D.tmp
C:\pos89E.tmp
C:\pos89F.tmp
C:\pos8A.tmp
C:\pos8B.tmp
C:\pos8C.tmp
C:\pos8D.tmp
C:\pos8E.tmp
C:\pos8F.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp
C:\pos908.tmp
C:\pos909.tmp
C:\pos90A.tmp
C:\pos90B.tmp
C:\pos90C.tmp
C:\pos90D.tmp
C:\pos90E.tmp
C:\pos90F.tmp
C:\pos91.tmp
C:\pos910.tmp
C:\pos911.tmp
C:\pos912.tmp
C:\pos913.tmp
C:\pos914.tmp
C:\pos915.tmp
C:\pos916.tmp
C:\pos917.tmp
C:\pos918.tmp
C:\pos919.tmp
C:\pos91A.tmp
C:\pos91B.tmp
C:\pos91C.tmp
C:\pos91D.tmp
C:\pos91E.tmp
C:\pos91F.tmp
C:\pos92.tmp
C:\pos920.tmp
C:\pos921.tmp
C:\pos922.tmp
C:\pos923.tmp
C:\pos924.tmp
C:\pos925.tmp
C:\pos926.tmp
C:\pos927.tmp
C:\pos928.tmp
C:\pos929.tmp
C:\pos92A.tmp
C:\pos92B.tmp
C:\pos92C.tmp
C:\pos92D.tmp
C:\pos92E.tmp
C:\pos92F.tmp
C:\pos93.tmp
C:\pos930.tmp
C:\pos931.tmp
C:\pos932.tmp
C:\pos933.tmp
C:\pos934.tmp
C:\pos935.tmp
C:\pos936.tmp
C:\pos937.tmp
C:\pos938.tmp
C:\pos939.tmp
C:\pos93A.tmp
C:\pos93B.tmp
C:\pos93C.tmp
C:\pos93D.tmp
C:\pos93E.tmp
C:\pos93F.tmp
C:\pos94.tmp
C:\pos940.tmp
C:\pos941.tmp
C:\pos942.tmp
C:\pos943.tmp
C:\pos944.tmp
C:\pos945.tmp
C:\pos946.tmp
C:\pos947.tmp
C:\pos948.tmp
C:\pos949.tmp
C:\pos94A.tmp
C:\pos94B.tmp
C:\pos94C.tmp
C:\pos94D.tmp
C:\pos94E.tmp
C:\pos94F.tmp
C:\pos95.tmp
C:\pos950.tmp
C:\pos951.tmp
C:\pos952.tmp
C:\pos953.tmp
C:\pos954.tmp
C:\pos955.tmp
C:\pos956.tmp
C:\pos957.tmp
C:\pos958.tmp
C:\pos959.tmp
C:\pos95A.tmp
C:\pos95B.tmp
C:\pos95C.tmp
C:\pos95D.tmp
C:\pos95E.tmp
C:\pos95F.tmp
C:\pos96.tmp
C:\pos960.tmp
C:\pos961.tmp
C:\pos962.tmp
C:\pos963.tmp
C:\pos964.tmp
C:\pos965.tmp
C:\pos966.tmp
C:\pos967.tmp
C:\pos968.tmp
C:\pos969.tmp
C:\pos96A.tmp
C:\pos96B.tmp
C:\pos96C.tmp
C:\pos96D.tmp
C:\pos96E.tmp
C:\pos96F.tmp
C:\pos97.tmp
C:\pos970.tmp
C:\pos971.tmp
C:\pos972.tmp
C:\pos973.tmp
C:\pos974.tmp
C:\pos975.tmp
C:\pos976.tmp
C:\pos977.tmp
C:\pos978.tmp
C:\pos979.tmp
C:\pos97A.tmp
C:\pos97B.tmp
C:\pos97C.tmp
C:\pos97D.tmp
C:\pos97E.tmp
C:\pos97F.tmp
C:\pos98.tmp
C:\pos980.tmp
C:\pos981.tmp
C:\pos982.tmp
C:\pos983.tmp
C:\pos984.tmp
C:\pos985.tmp
C:\pos986.tmp
C:\pos987.tmp
C:\pos988.tmp
C:\pos989.tmp
C:\pos98A.tmp
C:\pos98B.tmp
C:\pos98C.tmp
C:\pos98D.tmp
C:\pos98E.tmp
C:\pos98F.tmp
C:\pos99.tmp
C:\pos990.tmp
C:\pos991.tmp
C:\pos992.tmp
C:\pos993.tmp
C:\pos994.tmp
C:\pos995.tmp
C:\pos996.tmp
C:\pos997.tmp
C:\pos998.tmp
C:\pos999.tmp
C:\pos99A.tmp
C:\pos99B.tmp
C:\pos99C.tmp
C:\pos99D.tmp
C:\pos99E.tmp
C:\pos99F.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA00.tmp
C:\posA01.tmp
C:\posA02.tmp
C:\posA03.tmp
C:\posA04.tmp
C:\posA05.tmp
C:\posA06.tmp
C:\posA07.tmp
C:\posA08.tmp
C:\posA09.tmp
C:\posA0A.tmp
C:\posA0B.tmp
C:\posA0C.tmp
C:\posA0D.tmp
C:\posA0E.tmp
C:\posA0F.tmp
C:\posA1.tmp
C:\posA10.tmp
C:\posA11.tmp
C:\posA12.tmp
C:\posA13.tmp
C:\posA14.tmp
C:\posA15.tmp
C:\posA16.tmp
C:\posA17.tmp
C:\posA18.tmp
C:\posA19.tmp
C:\posA1A.tmp
C:\posA1B.tmp
C:\posA1C.tmp
C:\posA1D.tmp
C:\posA1E.tmp
C:\posA1F.tmp
C:\posA2.tmp
C:\posA20.tmp
C:\posA21.tmp
C:\posA22.tmp
C:\posA23.tmp
C:\posA24.tmp
C:\posA25.tmp
C:\posA26.tmp
C:\posA27.tmp
C:\posA28.tmp
C:\posA29.tmp
C:\posA2A.tmp
C:\posA2B.tmp
C:\posA2C.tmp
C:\posA2D.tmp
C:\posA2E.tmp
C:\posA2F.tmp
C:\posA3.tmp
C:\posA30.tmp
C:\posA31.tmp
C:\posA32.tmp
C:\posA33.tmp
C:\posA34.tmp
C:\posA35.tmp
C:\posA36.tmp
C:\posA37.tmp
C:\posA38.tmp
C:\posA39.tmp
C:\posA3A.tmp
C:\posA3B.tmp
C:\posA3C.tmp
C:\posA3D.tmp
C:\posA3E.tmp
C:\posA3F.tmp
C:\posA4.tmp
C:\posA40.tmp
C:\posA41.tmp
C:\posA42.tmp
C:\posA43.tmp
C:\posA44.tmp
C:\posA45.tmp
C:\posA46.tmp
C:\posA47.tmp
C:\posA48.tmp
C:\posA49.tmp
C:\posA4A.tmp
C:\posA4B.tmp
C:\posA4C.tmp
C:\posA4D.tmp
C:\posA4E.tmp
C:\posA4F.tmp
C:\posA5.tmp
C:\posA50.tmp
C:\posA51.tmp
C:\posA52.tmp
C:\posA53.tmp
C:\posA54.tmp
C:\posA55.tmp
C:\posA56.tmp
C:\posA57.tmp
C:\posA58.tmp
C:\posA59.tmp
C:\posA5A.tmp
C:\posA5B.tmp
C:\posA5C.tmp
C:\posA5D.tmp
C:\posA5E.tmp
C:\posA5F.tmp
C:\posA6.tmp
C:\posA60.tmp
C:\posA61.tmp
C:\posA62.tmp
C:\posA63.tmp
C:\posA64.tmp
C:\posA65.tmp
C:\posA66.tmp
C:\posA67.tmp
C:\posA68.tmp
C:\posA69.tmp
C:\posA6A.tmp
C:\posA6B.tmp
C:\posA6C.tmp
C:\posA6D.tmp
C:\posA6E.tmp
C:\posA6F.tmp
C:\posA7.tmp
C:\posA70.tmp
C:\posA71.tmp
C:\posA72.tmp
C:\posA73.tmp
C:\posA74.tmp
C:\posA75.tmp
C:\posA76.tmp
C:\posA77.tmp
C:\posA78.tmp
C:\posA79.tmp
C:\posA7A.tmp
C:\posA7B.tmp
C:\posA7C.tmp
C:\posA7D.tmp
C:\posA7E.tmp
C:\posA7F.tmp
C:\posA8.tmp
C:\posA80.tmp
C:\posA81.tmp
C:\posA82.tmp
C:\posA83.tmp
C:\posA84.tmp
C:\posA85.tmp
C:\posA86.tmp
C:\posA87.tmp
C:\posA88.tmp
C:\posA89.tmp
C:\posA8A.tmp
C:\posA8B.tmp
C:\posA8C.tmp
C:\posA8D.tmp
C:\posA8E.tmp
C:\posA8F.tmp
C:\posA9.tmp
C:\posA90.tmp
C:\posA91.tmp
C:\posA92.tmp
C:\posA93.tmp
C:\posA94.tmp
C:\posA95.tmp
C:\posA96.tmp
C:\posA97.tmp
C:\posA98.tmp
C:\posA99.tmp
C:\posA9A.tmp
C:\posA9B.tmp
C:\posA9C.tmp
C:\posA9D.tmp
C:\posA9E.tmp
C:\posA9F.tmp
C:\posAA.tmp
C:\posAA0.tmp
C:\posAA1.tmp
C:\posAA2.tmp
C:\posAA3.tmp
C:\posAA4.tmp
C:\posAA5.tmp
C:\posAA6.tmp
C:\posAA7.tmp
C:\posAA8.tmp
C:\posAA9.tmp
C:\posAAA.tmp
C:\posAAB.tmp
C:\posAAC.tmp
C:\posAAD.tmp
C:\posAAE.tmp
C:\posAAF.tmp
C:\posAB.tmp
C:\posAB0.tmp
C:\posAB1.tmp
C:\posAB2.tmp
C:\posAB3.tmp
C:\posAB4.tmp
C:\posAB5.tmp
C:\posAB6.tmp
C:\posAB7.tmp
C:\posAB8.tmp
C:\posAB9.tmp
C:\posABA.tmp
C:\posABB.tmp
C:\posABC.tmp
C:\posABD.tmp
C:\posABE.tmp
C:\posABF.tmp
C:\posAC.tmp
C:\posAC0.tmp
C:\posAC1.tmp
C:\posAC2.tmp
C:\posAC3.tmp
C:\posAC4.tmp
C:\posAC5.tmp
C:\posAC6.tmp
C:\posAC7.tmp
C:\posAC8.tmp
C:\posAC9.tmp
C:\posACA.tmp
C:\posACB.tmp
C:\posACC.tmp
C:\posACD.tmp
C:\posACE.tmp
C:\posACF.tmp
C:\posAD.tmp
C:\posAD0.tmp
C:\posAD1.tmp
C:\posAD2.tmp
C:\posAD3.tmp
C:\posAD4.tmp
C:\posAD5.tmp
C:\posAD6.tmp
C:\posAD7.tmp
C:\posAD8.tmp
C:\posAD9.tmp
C:\posADA.tmp
C:\posADB.tmp
C:\posADC.tmp
C:\posADD.tmp
C:\posADE.tmp
C:\posADF.tmp
C:\posAE.tmp
C:\posAE0.tmp
C:\posAE1.tmp
C:\posAE2.tmp
C:\posAE3.tmp
C:\posAE4.tmp
C:\posAE5.tmp
C:\posAE6.tmp
C:\posAE7.tmp
C:\posAE8.tmp
C:\posAE9.tmp
C:\posAEA.tmp
C:\posAEB.tmp
C:\posAEC.tmp
C:\posAED.tmp
C:\posAEE.tmp
C:\posAEF.tmp
C:\posAF.tmp
C:\posAF0.tmp
C:\posAF1.tmp
C:\posAF2.tmp
C:\posAF3.tmp
C:\posAF4.tmp
C:\posAF5.tmp
C:\posAF6.tmp
C:\posAF7.tmp
C:\posAF8.tmp
C:\posAF9.tmp
C:\posAFA.tmp
C:\posAFB.tmp
C:\posAFC.tmp
C:\posAFD.tmp
C:\posAFE.tmp
C:\posAFF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB00.tmp
C:\posB01.tmp
C:\posB02.tmp
C:\posB03.tmp
C:\posB04.tmp
C:\posB05.tmp
C:\posB06.tmp
C:\posB07.tmp
C:\posB08.tmp
C:\posB09.tmp
C:\posB0A.tmp
C:\posB0B.tmp
C:\posB0C.tmp
C:\posB0D.tmp
C:\posB0E.tmp
C:\posB0F.tmp
C:\posB1.tmp
C:\posB10.tmp
C:\posB11.tmp
C:\posB12.tmp
C:\posB13.tmp
C:\posB14.tmp
C:\posB15.tmp
C:\posB16.tmp
C:\posB17.tmp
C:\posB18.tmp
C:\posB19.tmp
C:\posB1A.tmp
C:\posB1B.tmp
C:\posB1C.tmp
C:\posB1D.tmp
C:\posB1E.tmp
C:\posB1F.tmp
C:\posB2.tmp
C:\posB20.tmp
C:\posB21.tmp
C:\posB22.tmp
C:\posB23.tmp
C:\posB24.tmp
C:\posB25.tmp
C:\posB26.tmp
C:\posB27.tmp
C:\posB28.tmp
C:\posB29.tmp
C:\posB2A.tmp
C:\posB2B.tmp
C:\posB2C.tmp
C:\posB2D.tmp
C:\posB2E.tmp
C:\posB2F.tmp
C:\posB3.tmp
C:\posB30.tmp
C:\posB31.tmp
C:\posB32.tmp
C:\posB33.tmp
C:\posB34.tmp
C:\posB35.tmp
C:\posB36.tmp
C:\posB37.tmp
C:\posB38.tmp
C:\posB39.tmp
C:\posB3A.tmp
C:\posB3B.tmp
C:\posB3C.tmp
C:\posB3D.tmp
C:\posB3E.tmp
C:\posB3F.tmp
C:\posB4.tmp
C:\posB40.tmp
C:\posB41.tmp
C:\posB42.tmp
C:\posB43.tmp
C:\posB44.tmp
C:\posB45.tmp
C:\posB46.tmp
C:\posB47.tmp
C:\posB48.tmp
C:\posB49.tmp
C:\posB4A.tmp
C:\posB4B.tmp
C:\posB4C.tmp
C:\posB4D.tmp
C:\posB4E.tmp
C:\posB4F.tmp
C:\posB5.tmp
C:\posB50.tmp
C:\posB51.tmp
C:\posB52.tmp
C:\posB53.tmp
C:\posB54.tmp
C:\posB55.tmp
C:\posB56.tmp
C:\posB57.tmp
C:\posB58.tmp
C:\posB59.tmp
C:\posB5A.tmp
C:\posB5B.tmp
C:\posB5C.tmp
C:\posB5D.tmp
C:\posB5E.tmp
C:\posB5F.tmp
C:\posB6.tmp
C:\posB60.tmp
C:\posB61.tmp
C:\posB62.tmp
C:\posB63.tmp
C:\posB64.tmp
C:\posB65.tmp
C:\posB66.tmp
C:\posB67.tmp
C:\posB68.tmp
C:\posB69.tmp
C:\posB6A.tmp
C:\posB6B.tmp
C:\posB6C.tmp
C:\posB6D.tmp
C:\posB6E.tmp
C:\posB6F.tmp
C:\posB7.tmp
C:\posB70.tmp
C:\posB71.tmp
C:\posB72.tmp
C:\posB73.tmp
C:\posB74.tmp
C:\posB75.tmp
C:\posB76.tmp
C:\posB77.tmp
C:\posB78.tmp
C:\posB79.tmp
C:\posB7A.tmp
C:\posB7B.tmp
C:\posB7C.tmp
C:\posB7D.tmp
C:\posB7E.tmp
C:\posB7F.tmp
C:\posB8.tmp
C:\posB80.tmp
C:\posB81.tmp
C:\posB82.tmp
C:\posB83.tmp
C:\posB84.tmp
C:\posB85.tmp
C:\posB86.tmp
C:\posB87.tmp
C:\posB88.tmp
C:\posB89.tmp
C:\posB8A.tmp
C:\posB8B.tmp
C:\posB8C.tmp
C:\posB8D.tmp
C:\posB8E.tmp
C:\posB8F.tmp
C:\posB9.tmp
C:\posB90.tmp
C:\posB91.tmp
C:\posB92.tmp
C:\posB93.tmp
C:\posB94.tmp
C:\posB95.tmp
C:\posB96.tmp
C:\posB97.tmp
C:\posB98.tmp
C:\posB99.tmp
C:\posB9A.tmp
C:\posB9B.tmp
C:\posB9C.tmp
C:\posB9D.tmp
C:\posB9E.tmp
C:\posB9F.tmp
C:\posBA.tmp
C:\posBA0.tmp
C:\posBA1.tmp
C:\posBA2.tmp
C:\posBA3.tmp
C:\posBA4.tmp
C:\posBA5.tmp
C:\posBA6.tmp
C:\posBA7.tmp
C:\posBA8.tmp
C:\posBA9.tmp
C:\posBAA.tmp
C:\posBAB.tmp
C:\posBAC.tmp
C:\posBAD.tmp
C:\posBAE.tmp
C:\posBAF.tmp
C:\posBB.tmp
C:\posBB0.tmp
C:\posBB1.tmp
C:\posBB2.tmp
C:\posBB3.tmp
C:\posBB4.tmp
C:\posBB5.tmp
C:\posBB6.tmp
C:\posBB7.tmp
C:\posBB8.tmp
C:\posBB9.tmp
C:\posBBA.tmp
C:\posBBB.tmp
C:\posBBC.tmp
C:\posBBD.tmp
C:\posBBE.tmp
C:\posBBF.tmp
C:\posBC.tmp
C:\posBC0.tmp
C:\posBC1.tmp
C:\posBC2.tmp
C:\posBC3.tmp
C:\posBC4.tmp
C:\posBC5.tmp
C:\posBC6.tmp
C:\posBC7.tmp
C:\posBC8.tmp
C:\posBC9.tmp
C:\posBCA.tmp
C:\posBCB.tmp
C:\posBCC.tmp
C:\posBCD.tmp
C:\posBCE.tmp
C:\posBCF.tmp
C:\posBD.tmp
C:\posBD0.tmp
C:\posBD1.tmp
C:\posBD2.tmp
C:\posBD3.tmp
C:\posBD4.tmp
C:\posBD5.tmp
C:\posBD6.tmp
C:\posBD7.tmp
C:\posBD8.tmp
C:\posBD9.tmp
C:\posBDA.tmp
C:\posBDB.tmp
C:\posBDC.tmp
C:\posBDD.tmp
C:\posBDE.tmp
C:\posBDF.tmp
C:\posBE.tmp
C:\posBE0.tmp
C:\posBE1.tmp
C:\posBE2.tmp
C:\posBE3.tmp
C:\posBE4.tmp
C:\posBE5.tmp
C:\posBE6.tmp
C:\posBE7.tmp
C:\posBE8.tmp
C:\posBE9.tmp
C:\posBEA.tmp
C:\posBEB.tmp
C:\posBEC.tmp
C:\posBED.tmp
C:\posBEE.tmp
C:\posBEF.tmp
C:\posBF.tmp
C:\posBF0.tmp
C:\posBF1.tmp
C:\posBF2.tmp
C:\posBF3.tmp
C:\posBF4.tmp
C:\posBF5.tmp
C:\posBF6.tmp
C:\posBF7.tmp
C:\posBF8.tmp
C:\posBF9.tmp
C:\posBFA.tmp
C:\posBFB.tmp
C:\posBFC.tmp
C:\posBFD.tmp
C:\posBFE.tmp
C:\posBFF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC00.tmp
C:\posC01.tmp
C:\posC02.tmp
C:\posC03.tmp
C:\posC04.tmp
C:\posC05.tmp
C:\posC06.tmp
C:\posC07.tmp
C:\posC08.tmp
C:\posC09.tmp
C:\posC0A.tmp
C:\posC0B.tmp
C:\posC0C.tmp
C:\posC0D.tmp
C:\posC0E.tmp
C:\posC0F.tmp
C:\posC1.tmp
C:\posC10.tmp
C:\posC11.tmp
C:\posC12.tmp
C:\posC13.tmp
C:\posC14.tmp
C:\posC15.tmp
C:\posC16.tmp
C:\posC17.tmp
C:\posC18.tmp
C:\posC19.tmp
C:\posC1A.tmp
C:\posC1B.tmp
C:\posC1C.tmp
C:\posC1D.tmp
C:\posC1E.tmp
C:\posC1F.tmp
C:\posC2.tmp
C:\posC20.tmp
C:\posC21.tmp
C:\posC22.tmp
C:\posC23.tmp
C:\posC24.tmp
C:\posC25.tmp
C:\posC26.tmp
C:\posC27.tmp
C:\posC28.tmp
C:\posC29.tmp
C:\posC2A.tmp
C:\posC2B.tmp
C:\posC2C.tmp
C:\posC2D.tmp
C:\posC2E.tmp
C:\posC2F.tmp
C:\posC3.tmp
C:\posC30.tmp
C:\posC31.tmp
C:\posC32.tmp
C:\posC33.tmp
C:\posC34.tmp
C:\posC35.tmp
C:\posC36.tmp
C:\posC37.tmp
C:\posC38.tmp
C:\posC39.tmp
C:\posC3A.tmp
C:\posC3B.tmp
C:\posC3C.tmp
C:\posC3D.tmp
C:\posC3E.tmp
C:\posC3F.tmp
C:\posC4.tmp
C:\posC40.tmp
C:\posC41.tmp
C:\posC42.tmp
C:\posC43.tmp
C:\posC44.tmp
C:\posC45.tmp
C:\posC46.tmp
C:\posC47.tmp
C:\posC48.tmp
C:\posC49.tmp
C:\posC4A.tmp
C:\posC4B.tmp
C:\posC4C.tmp
C:\posC4D.tmp
C:\posC4E.tmp
C:\posC4F.tmp
C:\posC5.tmp
C:\posC50.tmp
C:\posC51.tmp
C:\posC52.tmp
C:\posC53.tmp
C:\posC54.tmp
C:\posC55.tmp
C:\posC56.tmp
C:\posC57.tmp
C:\posC58.tmp
C:\posC59.tmp
C:\posC5A.tmp
C:\posC5B.tmp
C:\posC5C.tmp
C:\posC5D.tmp
C:\posC5E.tmp
C:\posC5F.tmp
C:\posC6.tmp
C:\posC60.tmp
C:\posC61.tmp
C:\posC62.tmp
C:\posC63.tmp
C:\posC64.tmp
C:\posC65.tmp
C:\posC66.tmp
C:\posC67.tmp
C:\posC68.tmp
C:\posC69.tmp
C:\posC6A.tmp
C:\posC6B.tmp
C:\posC6C.tmp
C:\posC6D.tmp
C:\posC6E.tmp
C:\posC6F.tmp
C:\posC7.tmp
C:\posC70.tmp
C:\posC71.tmp
C:\posC72.tmp
C:\posC73.tmp
C:\posC74.tmp
C:\posC75.tmp
C:\posC76.tmp
C:\posC77.tmp
C:\posC78.tmp
C:\posC79.tmp
C:\posC7A.tmp
C:\posC7B.tmp
C:\posC7C.tmp
C:\posC7D.tmp
C:\posC7E.tmp
C:\posC7F.tmp
C:\posC8.tmp
C:\posC80.tmp
C:\posC81.tmp
C:\posC82.tmp
C:\posC83.tmp
C:\posC84.tmp
C:\posC85.tmp
C:\posC86.tmp
C:\posC87.tmp
C:\posC88.tmp
C:\posC89.tmp
C:\posC8A.tmp
C:\posC8B.tmp
C:\posC8C.tmp
C:\posC8D.tmp
C:\posC8E.tmp
C:\posC8F.tmp
C:\posC9.tmp
C:\posC90.tmp
C:\posC91.tmp
C:\posC92.tmp
C:\posC93.tmp
C:\posC94.tmp
C:\posC95.tmp
C:\posC96.tmp
C:\posC97.tmp
C:\posC98.tmp
C:\posC99.tmp
C:\posC9A.tmp
C:\posC9B.tmp
C:\posC9C.tmp
C:\posC9D.tmp
C:\posC9E.tmp
C:\posC9F.tmp
C:\posCA.tmp
C:\posCA0.tmp
C:\posCA1.tmp
C:\posCA2.tmp
C:\posCA3.tmp
C:\posCA4.tmp
C:\posCA5.tmp
C:\posCA6.tmp
C:\posCA7.tmp
C:\posCA8.tmp
C:\posCA9.tmp
C:\posCAA.tmp
C:\posCAB.tmp
C:\posCAC.tmp
C:\posCAD.tmp
C:\posCAE.tmp
C:\posCAF.tmp
C:\posCB.tmp
C:\posCB0.tmp
C:\posCB1.tmp
C:\posCB2.tmp
C:\posCB3.tmp
C:\posCB4.tmp
C:\posCB5.tmp
C:\posCB6.tmp
C:\posCB7.tmp
C:\posCB8.tmp
C:\posCB9.tmp
C:\posCBA.tmp
C:\posCBB.tmp
C:\posCBC.tmp
C:\posCBD.tmp
C:\posCBE.tmp
C:\posCBF.tmp
C:\posCC.tmp
C:\posCC0.tmp
C:\posCC1.tmp
C:\posCC2.tmp
C:\posCC3.tmp
C:\posCC4.tmp
C:\posCC5.tmp
C:\posCC6.tmp
C:\posCC7.tmp
C:\posCC8.tmp
C:\posCC9.tmp
C:\posCCA.tmp
C:\posCCB.tmp
C:\posCCC.tmp
C:\posCCD.tmp
C:\posCCE.tmp
C:\posCCF.tmp
C:\posCD.tmp
C:\posCD0.tmp
C:\posCD1.tmp
C:\posCD2.tmp
C:\posCD3.tmp
C:\posCD4.tmp
C:\posCD5.tmp
C:\posCD6.tmp
C:\posCD7.tmp
C:\posCD8.tmp
C:\posCD9.tmp
C:\posCDA.tmp
C:\posCDB.tmp
C:\posCDC.tmp
C:\posCDD.tmp
C:\posCDE.tmp
C:\posCDF.tmp
C:\posCE.tmp
C:\posCE0.tmp
C:\posCE1.tmp
C:\posCE2.tmp
C:\posCE3.tmp
C:\posCE4.tmp
C:\posCE5.tmp
C:\posCE6.tmp
C:\posCE7.tmp
C:\posCE8.tmp
C:\posCE9.tmp
C:\posCEA.tmp
C:\posCEB.tmp
C:\posCEC.tmp
C:\posCED.tmp
C:\posCEE.tmp
C:\posCEF.tmp
C:\posCF.tmp
C:\posCF0.tmp
C:\posCF1.tmp
C:\posCF2.tmp
C:\posCF3.tmp
C:\posCF4.tmp
C:\posCF5.tmp
C:\posCF6.tmp
C:\posCF7.tmp
C:\posCF8.tmp
C:\posCF9.tmp
C:\posCFA.tmp
C:\posCFB.tmp
C:\posCFC.tmp
C:\posCFD.tmp
C:\posCFE.tmp
C:\posCFF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD00.tmp
C:\posD01.tmp
C:\posD02.tmp
C:\posD03.tmp
C:\posD04.tmp
C:\posD05.tmp
C:\posD06.tmp
C:\posD07.tmp
C:\posD08.tmp
C:\posD09.tmp
C:\posD0A.tmp
C:\posD0B.tmp
C:\posD0C.tmp
C:\posD0D.tmp
C:\posD0E.tmp
C:\posD0F.tmp
C:\posD1.tmp
C:\posD10.tmp
C:\posD11.tmp
C:\posD12.tmp
C:\posD13.tmp
C:\posD14.tmp
C:\posD15.tmp
C:\posD16.tmp
C:\posD17.tmp
C:\posD18.tmp
C:\posD19.tmp
C:\posD1A.tmp
C:\posD1B.tmp
C:\posD1C.tmp
C:\posD1D.tmp
C:\posD1E.tmp
C:\posD1F.tmp
C:\posD2.tmp
C:\posD20.tmp
C:\posD21.tmp
C:\posD22.tmp
C:\posD23.tmp
C:\posD24.tmp
C:\posD25.tmp
C:\posD26.tmp
C:\posD27.tmp
C:\posD28.tmp
C:\posD29.tmp
C:\posD2A.tmp
C:\posD2B.tmp
C:\posD2C.tmp
C:\posD2D.tmp
C:\posD2E.tmp
C:\posD2F.tmp
C:\posD3.tmp
C:\posD30.tmp
C:\posD31.tmp
C:\posD32.tmp
C:\posD33.tmp
C:\posD34.tmp
C:\posD35.tmp
C:\posD36.tmp
C:\posD37.tmp
C:\posD38.tmp
C:\posD39.tmp
C:\posD3A.tmp
C:\posD3B.tmp
C:\posD3C.tmp
C:\posD3D.tmp
C:\posD3E.tmp
C:\posD3F.tmp
C:\posD4.tmp
C:\posD40.tmp
C:\posD41.tmp
C:\posD42.tmp
C:\posD43.tmp
C:\posD44.tmp
C:\posD45.tmp
C:\posD46.tmp
C:\posD47.tmp
C:\posD48.tmp
C:\posD49.tmp
C:\posD4A.tmp
C:\posD4B.tmp
C:\posD4C.tmp
C:\posD4D.tmp
C:\posD4E.tmp
C:\posD4F.tmp
C:\posD5.tmp
C:\posD50.tmp
C:\posD51.tmp
C:\posD52.tmp
C:\posD53.tmp
C:\posD54.tmp
C:\posD55.tmp
C:\posD56.tmp
C:\posD57.tmp
C:\posD58.tmp
C:\posD59.tmp
C:\posD5A.tmp
C:\posD5B.tmp
C:\posD5C.tmp
C:\posD5D.tmp
C:\posD5E.tmp
C:\posD5F.tmp
C:\posD6.tmp
C:\posD60.tmp
C:\posD61.tmp
C:\posD62.tmp
C:\posD63.tmp
C:\posD64.tmp
C:\posD65.tmp
C:\posD66.tmp
C:\posD67.tmp
C:\posD68.tmp
C:\posD69.tmp
C:\posD6A.tmp
C:\posD6B.tmp
C:\posD6C.tmp
C:\posD6D.tmp
C:\posD6E.tmp
C:\posD6F.tmp
C:\posD7.tmp
C:\posD70.tmp
C:\posD71.tmp
C:\posD72.tmp
C:\posD73.tmp
C:\posD74.tmp
C:\posD75.tmp
C:\posD76.tmp
C:\posD77.tmp
C:\posD78.tmp
C:\posD79.tmp
C:\posD7A.tmp
C:\posD7B.tmp
C:\posD7C.tmp
C:\posD7D.tmp
C:\posD7E.tmp
C:\posD7F.tmp
C:\posD8.tmp
C:\posD80.tmp
C:\posD81.tmp
C:\posD82.tmp
C:\posD83.tmp
C:\posD84.tmp
C:\posD85.tmp
C:\posD86.tmp
C:\posD87.tmp
C:\posD88.tmp
C:\posD89.tmp
C:\posD8A.tmp
C:\posD8B.tmp
C:\posD8C.tmp
C:\posD8D.tmp
C:\posD8E.tmp
C:\posD8F.tmp
C:\posD9.tmp
C:\posD90.tmp
C:\posD91.tmp
C:\posD92.tmp
C:\posD93.tmp
C:\posD94.tmp
C:\posD95.tmp
C:\posD96.tmp
C:\posD97.tmp
C:\posD98.tmp
C:\posD99.tmp
C:\posD9A.tmp
C:\posD9B.tmp
C:\posD9C.tmp
C:\posD9D.tmp
C:\posD9E.tmp
C:\posD9F.tmp
C:\posDA.tmp
C:\posDA0.tmp
C:\posDA1.tmp
C:\posDA2.tmp
C:\posDA3.tmp
C:\posDA4.tmp
C:\posDA5.tmp
C:\posDA6.tmp
C:\posDA7.tmp
C:\posDA8.tmp
C:\posDA9.tmp
C:\posDAA.tmp
C:\posDAB.tmp
C:\posDAC.tmp
C:\posDAD.tmp
C:\posDAE.tmp
C:\posDAF.tmp
C:\posDB.tmp
C:\posDB0.tmp
C:\posDB1.tmp
C:\posDB2.tmp
C:\posDB3.tmp
C:\posDB4.tmp
C:\posDB5.tmp
C:\posDB6.tmp
C:\posDB7.tmp
C:\posDB8.tmp
C:\posDB9.tmp
C:\posDBA.tmp
C:\posDBB.tmp
C:\posDBC.tmp
C:\posDBD.tmp
C:\posDBE.tmp
C:\posDBF.tmp
C:\posDC.tmp
C:\posDC0.tmp
C:\posDC1.tmp
C:\posDC2.tmp
C:\posDC3.tmp
C:\posDC4.tmp
C:\posDC5.tmp
C:\posDC6.tmp
C:\posDC7.tmp
C:\posDC8.tmp
C:\posDC9.tmp
C:\posDCA.tmp
C:\posDCB.tmp
C:\posDCC.tmp
C:\posDCD.tmp
C:\posDCE.tmp
C:\posDCF.tmp
C:\posDD.tmp
C:\posDD0.tmp
C:\posDD1.tmp
C:\posDD2.tmp
C:\posDD3.tmp
C:\posDD4.tmp
C:\posDD5.tmp
C:\posDD6.tmp
C:\posDD7.tmp
C:\posDD8.tmp
C:\posDD9.tmp
C:\posDDA.tmp
C:\posDDB.tmp
C:\posDDC.tmp
C:\posDDD.tmp
C:\posDDE.tmp
C:\posDDF.tmp
C:\posDE.tmp
C:\posDE0.tmp
C:\posDE1.tmp
C:\posDE2.tmp
C:\posDE3.tmp
C:\posDE4.tmp
C:\posDE5.tmp
C:\posDE6.tmp
C:\posDE7.tmp
C:\posDE8.tmp
C:\posDE9.tmp
C:\posDEA.tmp
C:\posDEB.tmp
C:\posDEC.tmp
C:\posDED.tmp
C:\posDEE.tmp
C:\posDEF.tmp
C:\posDF.tmp
C:\posDF0.tmp
C:\posDF1.tmp
C:\posDF2.tmp
C:\posDF3.tmp
C:\posDF4.tmp
C:\posDF5.tmp
C:\posDF6.tmp
C:\posDF7.tmp
C:\posDF8.tmp
C:\posDF9.tmp
C:\posDFA.tmp
C:\posDFB.tmp
C:\posDFC.tmp
C:\posDFD.tmp
C:\posDFE.tmp
C:\posDFF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE00.tmp
C:\posE01.tmp
C:\posE02.tmp
C:\posE03.tmp
C:\posE04.tmp
C:\posE05.tmp
C:\posE06.tmp
C:\posE07.tmp
C:\posE08.tmp
C:\posE09.tmp
C:\posE0A.tmp
C:\posE0B.tmp
C:\posE0C.tmp
C:\posE0D.tmp
C:\posE0E.tmp
C:\posE0F.tmp
C:\posE1.tmp
C:\posE10.tmp
C:\posE11.tmp
C:\posE12.tmp
C:\posE13.tmp
C:\posE14.tmp
C:\posE15.tmp
C:\posE16.tmp
C:\posE17.tmp
C:\posE18.tmp
C:\posE19.tmp
C:\posE1A.tmp
C:\posE1B.tmp
C:\posE1C.tmp
C:\posE1D.tmp
C:\posE1E.tmp
C:\posE1F.tmp
C:\posE2.tmp
C:\posE20.tmp
C:\posE21.tmp
C:\posE22.tmp
C:\posE23.tmp
C:\posE24.tmp
C:\posE25.tmp
C:\posE26.tmp
C:\posE27.tmp
C:\posE28.tmp
C:\posE29.tmp
C:\posE2A.tmp
C:\posE2B.tmp
C:\posE2C.tmp
C:\posE2D.tmp
C:\posE2E.tmp
C:\posE2F.tmp
C:\posE3.tmp
C:\posE30.tmp
C:\posE31.tmp
C:\posE32.tmp
C:\posE33.tmp
C:\posE34.tmp
C:\posE35.tmp
C:\posE36.tmp
C:\posE37.tmp
C:\posE38.tmp
C:\posE39.tmp
C:\posE3A.tmp
C:\posE3B.tmp
C:\posE3C.tmp
C:\posE3D.tmp
C:\posE3E.tmp
C:\posE3F.tmp
C:\posE4.tmp
C:\posE40.tmp
C:\posE41.tmp
C:\posE42.tmp
C:\posE43.tmp
C:\posE44.tmp
C:\posE45.tmp
C:\posE46.tmp
C:\posE47.tmp
C:\posE48.tmp
C:\posE49.tmp
C:\posE4A.tmp
C:\posE4B.tmp
C:\posE4C.tmp
C:\posE4D.tmp
C:\posE4E.tmp
C:\posE4F.tmp
C:\posE5.tmp
C:\posE50.tmp
C:\posE51.tmp
C:\posE52.tmp
C:\posE53.tmp
C:\posE54.tmp
C:\posE55.tmp
C:\posE56.tmp
C:\posE57.tmp
C:\posE58.tmp
C:\posE59.tmp
C:\posE5A.tmp
C:\posE5B.tmp
C:\posE5C.tmp
C:\posE5D.tmp
C:\posE5E.tmp
C:\posE5F.tmp
C:\posE6.tmp
C:\posE60.tmp
C:\posE61.tmp
C:\posE62.tmp
C:\posE63.tmp
C:\posE64.tmp
C:\posE65.tmp
C:\posE66.tmp
C:\posE67.tmp
C:\posE68.tmp
C:\posE69.tmp
C:\posE6A.tmp
C:\posE6B.tmp
C:\posE6C.tmp
C:\posE6D.tmp
C:\posE6E.tmp
C:\posE6F.tmp
C:\posE7.tmp
C:\posE70.tmp
C:\posE71.tmp
C:\posE72.tmp
C:\posE73.tmp
C:\posE74.tmp
C:\posE75.tmp
C:\posE76.tmp
C:\posE77.tmp
C:\posE78.tmp
C:\posE79.tmp
C:\posE7A.tmp
C:\posE7B.tmp
C:\posE7C.tmp
C:\posE7D.tmp
C:\posE7E.tmp
C:\posE7F.tmp
C:\posE8.tmp
C:\posE80.tmp
C:\posE81.tmp
C:\posE82.tmp
C:\posE83.tmp
C:\posE84.tmp
C:\posE85.tmp
C:\posE86.tmp
C:\posE87.tmp
C:\posE88.tmp
C:\posE89.tmp
C:\posE8A.tmp
C:\posE8B.tmp
C:\posE8C.tmp
C:\posE8D.tmp
C:\posE8E.tmp
C:\posE8F.tmp
C:\posE9.tmp
C:\posE90.tmp
C:\posE91.tmp
C:\posE92.tmp
C:\posE93.tmp
C:\posE94.tmp
C:\posE95.tmp
C:\posE96.tmp
C:\posE97.tmp
C:\posE98.tmp
C:\posE99.tmp
C:\posE9A.tmp
C:\posE9B.tmp
C:\posE9C.tmp
C:\posE9D.tmp
C:\posE9E.tmp
C:\posE9F.tmp
C:\posEA.tmp
C:\posEA0.tmp
C:\posEA1.tmp
C:\posEA2.tmp
C:\posEA3.tmp
C:\posEA4.tmp
C:\posEA5.tmp
C:\posEA6.tmp
C:\posEA7.tmp
C:\posEA8.tmp
C:\posEA9.tmp
C:\posEAA.tmp
C:\posEAB.tmp
C:\posEAC.tmp
C:\posEAD.tmp
C:\posEAE.tmp
C:\posEAF.tmp
C:\posEB.tmp
C:\posEB0.tmp
C:\posEB1.tmp
C:\posEB2.tmp
C:\posEB3.tmp
C:\posEB4.tmp
C:\posEB5.tmp
C:\posEB6.tmp
C:\posEB7.tmp
C:\posEB8.tmp
C:\posEB9.tmp
C:\posEBA.tmp
C:\posEBB.tmp
C:\posEBC.tmp
C:\posEBD.tmp
C:\posEBE.tmp
C:\posEBF.tmp
C:\posEC.tmp
C:\posEC0.tmp
C:\posEC1.tmp
C:\posEC2.tmp
C:\posEC3.tmp
C:\posEC4.tmp
C:\posEC5.tmp
C:\posEC6.tmp
C:\posEC7.tmp
C:\posEC8.tmp
C:\posEC9.tmp
C:\posECA.tmp
C:\posECB.tmp
C:\posECC.tmp
C:\posECD.tmp
C:\posECE.tmp
C:\posECF.tmp
C:\posED.tmp
C:\posED0.tmp
C:\posED1.tmp
C:\posED2.tmp
C:\posED3.tmp
C:\posED4.tmp
C:\posED5.tmp
C:\posED6.tmp
C:\posED7.tmp
C:\posED8.tmp
C:\posED9.tmp
C:\posEDA.tmp
C:\posEDB.tmp
C:\posEDC.tmp
C:\posEDD.tmp
C:\posEDE.tmp
C:\posEDF.tmp
C:\posEE.tmp
C:\posEE0.tmp
C:\posEE1.tmp
C:\posEE2.tmp
C:\posEE3.tmp
C:\posEE4.tmp
C:\posEE5.tmp
C:\posEE6.tmp
C:\posEE7.tmp
C:\posEE8.tmp
C:\posEE9.tmp
C:\posEEA.tmp
C:\posEEB.tmp
C:\posEEC.tmp
C:\posEED.tmp
C:\posEEE.tmp
C:\posEEF.tmp
C:\posEF.tmp
C:\posEF0.tmp
C:\posEF1.tmp
C:\posEF2.tmp
C:\posEF3.tmp
C:\posEF4.tmp
C:\posEF5.tmp
C:\posEF6.tmp
C:\posEF7.tmp
C:\posEF8.tmp
C:\posEF9.tmp
C:\posEFA.tmp
C:\posEFB.tmp
C:\posEFC.tmp
C:\posEFD.tmp
C:\posEFE.tmp
C:\posEFF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF00.tmp
C:\posF01.tmp
C:\posF02.tmp
C:\posF03.tmp
C:\posF04.tmp
C:\posF05.tmp
C:\posF06.tmp
C:\posF07.tmp
C:\posF08.tmp
C:\posF09.tmp
C:\posF0A.tmp
C:\posF0B.tmp
C:\posF0C.tmp
C:\posF0D.tmp
C:\posF0E.tmp
C:\posF0F.tmp
C:\posF1.tmp
C:\posF10.tmp
C:\posF11.tmp
C:\posF12.tmp
C:\posF13.tmp
C:\posF14.tmp
C:\posF15.tmp
C:\posF16.tmp
C:\posF17.tmp
C:\posF18.tmp
C:\posF19.tmp
C:\posF1A.tmp
C:\posF1B.tmp
C:\posF1C.tmp
C:\posF1D.tmp
C:\posF1E.tmp
C:\posF1F.tmp
C:\posF2.tmp
C:\posF20.tmp
C:\posF21.tmp
C:\posF22.tmp
C:\posF23.tmp
C:\posF24.tmp
C:\posF25.tmp
C:\posF26.tmp
C:\posF27.tmp
C:\posF28.tmp
C:\posF29.tmp
C:\posF2A.tmp
C:\posF2B.tmp
C:\posF2C.tmp
C:\posF2D.tmp
C:\posF2E.tmp
C:\posF2F.tmp
C:\posF3.tmp
C:\posF30.tmp
C:\posF31.tmp
C:\posF32.tmp
C:\posF33.tmp
C:\posF34.tmp
C:\posF35.tmp
C:\posF36.tmp
C:\posF37.tmp
C:\posF38.tmp
C:\posF39.tmp
C:\posF3A.tmp
C:\posF3B.tmp
C:\posF3C.tmp
C:\posF3D.tmp
C:\posF3E.tmp
C:\posF3F.tmp
C:\posF4.tmp
C:\posF40.tmp
C:\posF41.tmp
C:\posF42.tmp
C:\posF43.tmp
C:\posF44.tmp
C:\posF45.tmp
C:\posF46.tmp
C:\posF47.tmp
C:\posF48.tmp
C:\posF49.tmp
C:\posF4A.tmp
C:\posF4B.tmp
C:\posF4C.tmp
C:\posF4D.tmp
C:\posF4E.tmp
C:\posF4F.tmp
C:\posF5.tmp
C:\posF50.tmp
C:\posF51.tmp
C:\posF52.tmp
C:\posF53.tmp
C:\posF54.tmp
C:\posF55.tmp
C:\posF56.tmp
C:\posF57.tmp
C:\posF58.tmp
C:\posF59.tmp
C:\posF5A.tmp
C:\posF5B.tmp
C:\posF5C.tmp
C:\posF5D.tmp
C:\posF5E.tmp
C:\posF5F.tmp
C:\posF6.tmp
C:\posF60.tmp
C:\posF61.tmp
C:\posF62.tmp
C:\posF63.tmp
C:\posF64.tmp
C:\posF65.tmp
C:\posF66.tmp
C:\posF67.tmp
C:\posF68.tmp
C:\posF69.tmp
C:\posF6A.tmp
C:\posF6B.tmp
C:\posF6C.tmp
C:\posF6D.tmp
C:\posF6E.tmp
C:\posF6F.tmp
C:\posF7.tmp
C:\posF70.tmp
C:\posF71.tmp
C:\posF72.tmp
C:\posF73.tmp
C:\posF74.tmp
C:\posF75.tmp
C:\posF76.tmp
C:\posF77.tmp
C:\posF78.tmp
C:\posF79.tmp
C:\posF7A.tmp
C:\posF7B.tmp
C:\posF7C.tmp
C:\posF7D.tmp
C:\posF7E.tmp
C:\posF7F.tmp
C:\posF8.tmp
C:\posF80.tmp
C:\posF81.tmp
C:\posF82.tmp
C:\posF83.tmp
C:\posF84.tmp
C:\posF85.tmp
C:\posF86.tmp
C:\posF87.tmp
C:\posF88.tmp
C:\posF89.tmp
C:\posF8A.tmp
C:\posF8B.tmp
C:\posF8C.tmp
C:\posF8D.tmp
C:\posF8E.tmp
C:\posF8F.tmp
C:\posF9.tmp
C:\posF90.tmp
C:\posF91.tmp
C:\posF92.tmp
C:\posF93.tmp
C:\posF94.tmp
C:\posF95.tmp
C:\posF96.tmp
C:\posF97.tmp
C:\posF98.tmp
C:\posF99.tmp
C:\posF9A.tmp
C:\posF9B.tmp
C:\posF9C.tmp
C:\posF9D.tmp
C:\posF9E.tmp
C:\posF9F.tmp
C:\posFA.tmp
C:\posFA0.tmp
C:\posFA1.tmp
C:\posFA2.tmp
C:\posFA3.tmp
C:\posFA4.tmp
C:\posFA5.tmp
C:\posFA6.tmp
C:\posFA7.tmp
C:\posFA8.tmp
C:\posFA9.tmp
C:\posFAA.tmp
C:\posFAB.tmp
C:\posFAC.tmp
C:\posFAD.tmp
C:\posFAE.tmp
C:\posFAF.tmp
C:\posFB.tmp
C:\posFB0.tmp
C:\posFB1.tmp
C:\posFB2.tmp
C:\posFB3.tmp
C:\posFB4.tmp
C:\posFB5.tmp
C:\posFB6.tmp
C:\posFB7.tmp
C:\posFB8.tmp
C:\posFB9.tmp
C:\posFBA.tmp
C:\posFBB.tmp
C:\posFBC.tmp
C:\posFBD.tmp
C:\posFBE.tmp
C:\posFBF.tmp
C:\posFC.tmp
C:\posFC0.tmp
C:\posFC1.tmp
C:\posFC2.tmp
C:\posFC3.tmp
C:\posFC4.tmp
C:\posFC5.tmp
C:\posFC6.tmp
C:\posFC7.tmp
C:\posFC8.tmp
C:\posFC9.tmp
C:\posFCA.tmp
C:\posFCB.tmp
C:\posFCC.tmp
C:\posFCD.tmp
C:\posFCE.tmp
C:\posFCF.tmp
C:\posFD.tmp
C:\posFD0.tmp
C:\posFD1.tmp
C:\posFD2.tmp
C:\posFD3.tmp
C:\posFD4.tmp
C:\posFD5.tmp
C:\posFD6.tmp
C:\posFD7.tmp
C:\posFD8.tmp
C:\posFD9.tmp
C:\posFDA.tmp
C:\posFDB.tmp
C:\posFDC.tmp
C:\posFDD.tmp
C:\posFDE.tmp
C:\posFDF.tmp
C:\posFE.tmp
C:\posFE0.tmp
C:\posFE1.tmp
C:\posFE2.tmp
C:\posFE3.tmp
C:\posFE4.tmp
C:\posFE5.tmp
C:\posFE6.tmp
C:\posFE7.tmp
C:\posFE8.tmp
C:\posFE9.tmp
C:\posFEA.tmp
C:\posFEB.tmp
C:\posFEC.tmp
C:\posFED.tmp
C:\posFEE.tmp
C:\posFEF.tmp
C:\posFF.tmp
C:\posFF0.tmp
C:\posFF1.tmp
C:\posFF2.tmp
C:\posFF3.tmp
C:\posFF4.tmp
C:\posFF5.tmp
C:\posFF6.tmp
C:\posFF7.tmp
C:\posFF8.tmp
C:\posFF9.tmp
C:\posFFA.tmp
C:\posFFB.tmp
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Common Files\dowoxt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm .exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater .exe
C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe
C:\Program Files\SuperCopier\SuperCopier .exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON .EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR .exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\BMMLREF .EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\EzEjMnAp .Exe
C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Utilities\TpKmapAp .exe
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
C:\recycler\mActiveXe.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\Downloaded Program Files.\bdhelper.dll
C:\WINDOWS\Downloaded Program Files.\bdplugin.dll
C:\WINDOWS\Downloaded Program Files.\bdsrhook.dll
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D13M1007NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\awtronn.dll
C:\WINDOWS\system32\awtrrqq.dll
C:\WINDOWS\system32\awtrssr.dll
C:\WINDOWS\system32\awttqrr.dll
C:\WINDOWS\system32\awtttss.dll
C:\WINDOWS\system32\byxuvtt.dll
C:\WINDOWS\system32\byxwvvs.dll
C:\WINDOWS\system32\cbxxusp.dll
C:\WINDOWS\system32\ddcbccy.dll
C:\WINDOWS\system32\ddcbxut.dll
C:\WINDOWS\system32\ddcdbay.dll
C:\WINDOWS\system32\ddcdcyy.dll
C:\WINDOWS\system32\ddcyawv.dll
C:\WINDOWS\system32\ddcywxx.dll
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\drivers\paraudio.sys
C:\WINDOWS\system32\efccbyv.dll
C:\WINDOWS\system32\efccyxu.dll
C:\WINDOWS\system32\efcdbxv.dll
C:\WINDOWS\system32\efcdedc.dll
C:\WINDOWS\system32\fccaxuv.dll
C:\WINDOWS\system32\fccayyw.dll
C:\WINDOWS\system32\fcccyxy.dll
C:\WINDOWS\system32\fwopijuo.dll
C:\WINDOWS\system32\fzzknjzu.dll
C:\WINDOWS\system32\fzzknjzu.dllbox
C:\WINDOWS\system32\gebawxw.dll
C:\WINDOWS\system32\gebxyww.dll
C:\WINDOWS\system32\hggddda.dll
C:\WINDOWS\system32\hggdebb.dll
C:\WINDOWS\system32\hggedax.dll
C:\WINDOWS\system32\hggedby.dll
C:\WINDOWS\system32\hggfdcd.dll
C:\WINDOWS\system32\hgggeef.dll
C:\WINDOWS\system32\hgggfed.dll
C:\WINDOWS\system32\hggghgd.dll
C:\WINDOWS\system32\iifdcay.dll
C:\WINDOWS\system32\iiffc.dll
C:\WINDOWS\system32\jkklihf.dll
C:\WINDOWS\system32\jkklkhh.dll
C:\WINDOWS\system32\khfcbxy.dll
C:\WINDOWS\system32\khfccax.dll
C:\WINDOWS\system32\khfdbaa.dll
C:\WINDOWS\system32\khfdcbx.dll
C:\WINDOWS\system32\khfdcdc.dll
C:\WINDOWS\system32\khffeca.dll
C:\WINDOWS\system32\lgwicxmp.dll
C:\WINDOWS\system32\ljjgfdd.dll
C:\WINDOWS\system32\ljjhhgd.dll
C:\WINDOWS\system32\ljjiigg.dll
c:\WINDOWS\system32\lsifpua.dat
C:\WINDOWS\system32\lsifpua.exe
c:\WINDOWS\system32\lsifpua_nav.dat
C:\WINDOWS\system32\lsifpua_navps.dat
C:\WINDOWS\system32\mljgfeb.dll
C:\WINDOWS\system32\mljghhi.dll
C:\WINDOWS\system32\mljheed.dll
C:\WINDOWS\system32\mljifca.dll
C:\WINDOWS\system32\mljjijh.dll
C:\WINDOWS\system32\nnnnllj.dll
C:\WINDOWS\system32\nnnnmjk.dll
C:\WINDOWS\system32\nnnnnkj.dll
C:\WINDOWS\system32\nnnoppn.dll
C:\WINDOWS\system32\nt.sys
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opnklmk.dll
C:\WINDOWS\system32\opnljjh.dll
C:\WINDOWS\system32\opnmmji.dll
C:\WINDOWS\system32\pdguhfvt.ini
C:\WINDOWS\system32\pmnmkjk.dll
C:\WINDOWS\system32\PSDrvCheck .exe
C:\WINDOWS\system32\PSDrvCheck.exe
C:\WINDOWS\system32\qomljji.dll
C:\WINDOWS\system32\qommlih.dll
C:\WINDOWS\system32\qommmjj.dll
C:\WINDOWS\system32\rqrolkj.dll
C:\WINDOWS\system32\rqrpnmj.dll
C:\WINDOWS\system32\rqrpqol.dll
C:\WINDOWS\system32\rqrronl.dll
C:\WINDOWS\system32\rqrrsss.dll
C:\WINDOWS\system32\rqrspop.dll
C:\WINDOWS\system32\score.txt
C:\WINDOWS\system32\sm.exe
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpqon.dll
C:\WINDOWS\system32\ssqroop.dll
C:\WINDOWS\system32\tuvsqnn.dll
C:\WINDOWS\system32\tuvsrqo.dll
C:\WINDOWS\system32\tuvurol.dll
C:\WINDOWS\system32\tuvwwxw.dll
C:\WINDOWS\system32\tvfhugdp.dll
C:\WINDOWS\system32\urqnlmk.dll
C:\WINDOWS\system32\urqonmm.dll
C:\WINDOWS\system32\urqpoli.dll
C:\WINDOWS\system32\urqpoom.dll
C:\WINDOWS\system32\urqropn.dll
C:\WINDOWS\system32\urqrpoo.dll
C:\WINDOWS\system32\urqrstr.dll
C:\WINDOWS\system32\uwwvw.ini
C:\WINDOWS\system32\uwwvw.ini2
C:\WINDOWS\system32\wbem\ocmor.dat
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wvutuvu.dll
C:\WINDOWS\system32\wvwwu.dll
C:\WINDOWS\system32\wvwwu.exe
C:\WINDOWS\system32\xxyayaw.dll
C:\WINDOWS\system32\xxyayvt.dll
C:\WINDOWS\system32\xxyayvu.dll
C:\WINDOWS\system32\xxywvvw.dll
C:\WINDOWS\system32\xxyxuur.dll
C:\WINDOWS\system32\yabaxxu.dll
C:\WINDOWS\system32\yayayaa.dll
C:\WINDOWS\system32\yayvssq.dll
C:\WINDOWS\system32\yayvstr.dll
C:\WINDOWS\system32\yayvwvu.dll
C:\WINDOWS\system32\yayvwwv.dll
C:\WINDOWS\system32\yaywxwx.dll
C:\WINDOWS\system32\yayxvst.dll
E:\Autorun.inf

[code] <pre>
C:\IBMTOOLS\Updater\ucstartup .exe ---> QooBox
C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe ---> QooBox
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe ---> QooBox
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm .exe ---> QooBox
C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater .exe ---> QooBox
C:\Program Files\SuperCopier\SuperCopier .exe ---> QooBox
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON .EXE ---> QooBox
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR .exe ---> QooBox
C:\Program Files\ThinkPad\Utilities\BMMLREF .EXE ---> QooBox
C:\Program Files\ThinkPad\Utilities\EzEjMnAp .Exe ---> QooBox
C:\Program Files\ThinkPad\Utilities\TpKmapAp .exe ---> QooBox
C:\WINDOWS\system32\PSDrvCheck .exe ---> QooBox
C:\WINDOWS\system32\dla\tfswctrl .exe ---> QooBox
</pre> [/code]
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CNSMINKP
-------\LEGACY_DIRVIN
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_MSDIRECTX
-------\LEGACY_PARAUDIO
-------\CnsMinKP
-------\DiRVIn
-------\nm
-------\paraudio

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 23:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:41 . 2008-01-17 19:41 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 08:55 . 2008-01-17 08:55 <REP> d----c--- C:\VundoFix Backups
2008-01-16 20:18 . 2008-01-16 20:18 131,072 --a------ C:\WINDOWS\system32\hxk.exe
2008-01-16 19:40 . 2008-01-16 19:40 131,072 --a------ C:\WINDOWS\system32\arkbvrf.exe
2008-01-15 18:39 . 2008-01-15 18:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-13 12:14 . 2008-01-13 12:14 <REP> d----c--- C:\Documents and Settings\Antoine\Application Data\eMule
2008-01-12 13:52 . 2008-01-12 13:52 <REP> d-------- C:\Program Files\VIA Technologies, Inc
2008-01-12 13:52 . 2002-12-18 11:57 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-01-12 13:52 . 2002-11-13 10:34 10,496 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-01-12 13:52 . 2002-10-24 09:07 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-01-04 20:00 . 2008-01-04 18:58 72,192 -r-hs---- C:\WINDOWS\system32\usnshare.exe
2007-12-30 16:22 . 2007-12-30 16:22 <REP> d-------- C:\Program Files\Alwil Software
2007-12-30 16:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-30 16:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-30 16:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-30 16:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 16:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 16:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 16:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 16:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 11:47 . 2007-12-23 12:11 <REP> d-------- C:\Program Files\Windows Live
2007-12-23 11:47 . 2007-12-23 12:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-23 11:46 . 2008-01-11 21:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 23:49 --------- d-----w C:\Program Files\SuperCopier
2008-01-18 23:49 --------- d-----w C:\Program Files\Common Files
2008-01-17 19:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 11:15 --------- d-----w C:\Program Files\eMule
2008-01-04 19:13 --------- d-----w C:\Program Files\Symantec
2008-01-04 19:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-02 17:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-30 16:25 --------- d-----w C:\Program Files\Winad Client
2007-12-30 15:58 --------- d-----w C:\Program Files\Dopewars
2007-12-30 15:58 --------- d-----w C:\Program Files\DeskAd Service
2007-12-17 18:29 --------- d-----w C:\Program Files\DivX
2007-12-15 10:55 --------- dc----w C:\Documents and Settings\Antoine\Application Data\LimeWire
2007-12-02 13:38 --------- dc----w C:\Documents and Settings\Antoine\Application Data\U3
2004-11-15 16:35 230,237 -c--a-w C:\Documents and Settings\Antoine\Application Data\tvmknwrd.dll
2005-06-03 07:57 475 --sh--w C:\WINDOWS\system32\zdnyb.dll
.
[code]<pre>
----a-w 307,200 2008-01-17 19:16:29 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
</pre>[/code]

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MSN Messanger"="msnmsng.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 00:10 380928 C:\WINDOWS\system32\irprops.cpl]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [ ]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [ ]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [ ]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 00:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [ ]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON .exe" [ ]
"DeskAd Service"="C:\Program Files\DeskAd Service\DeskAdServ.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [ ]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-07-11 09:34 94208]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [ ]
"dowoxt"="C:\Program Files\Common Files\dowoxt.exe" [ ]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"User Sharing Wizard"="usnshare.exe" [2008-01-04 18:58 72192 C:\WINDOWS\system32\usnshare.exe]
"sm"="C:\WINDOWS\system32\sm.exe" [ ]
"arkbvrf"="C:\WINDOWS\system32\arkbvrf.exe" [2008-01-16 19:40 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Remote Procedure Call For Windows 32bit."="rpc.exe" []
"Windows media service"="crsss.exe" []
"MSN Messanger"="msnmsng.exe" []
"Sepate Security Firewall"="sepate.exe" []
"DNS Service"="dnsresolver.exe" []
"Windows Dialup Service"="dialup.exe" []
"Microsoft Update"="wuampd.exe" []
"Windows Registry Server"="spoolsvc.exe" []
"sm"="C:\WINDOWS\system32\sm.exe" [ ]
"arkbvrf"="C:\WINDOWS\system32\arkbvrf.exe" [2008-01-16 19:40 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 00:09 15360]
"MSN Messanger"="msnmsng.exe" []
"Sepate Security Firewall"="sepate.exe" []
"wvsvc"="wvsvc.exe" [2004-11-30 18:20 0 C:\WINDOWS\system32\wvsvc.exe]
"Windows Update"="e.exe" []
"Windows Dialup Service"="dialup.exe" []
"Microsoft Update"="wuampd.exe" []
"WindowsRegKey upd4te2d4te"="itdnahgal.exe" []
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2005-01-27 14:59 263776]
"Microsoft Update Machine"="explorer.exe" [2007-06-13 14:22 1037312 C:\WINDOWS\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MSN Messanger"="msnmsng.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3SAHCS#4MABT@T]
C:\WINDOWS\system32\UbgrXPno.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7s6X34X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\93pcgofe]
C:\Program Files\93pcgofe\93pcgofe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9M]
C:\documents and settings\antoine\local settings\temp\9M.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-06-27 16:53 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-09-12 05:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blah service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-20 00:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service]
C:\Program Files\DeskAd Service\DeskAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farmmext]
C:\WINDOWS\farmmext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBM RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBp7RQb5i]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mqum]
C:\PROGRA~1\COMMON~1\mqum\mqumm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Messanger]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\fr\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osaboci]
c:\windows\system32\zmlgeh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Procedure Call For Windows 32bit.]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
--a------ 2001-10-12 06:32 69632 C:\WINDOWS\system32\S3Tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sepate Security Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-08-28 19:10 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-08-28 19:11 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 09:05 53248 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2003-09-04 07:03 77824 C:\WINDOWS\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_SMB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wGQfIQE]
C:\windows\system32\wGQfIQE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Dialup Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows media service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Server]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsRegKey upd4te2d4te]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLogon]
C:\WINDOWS\logon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvsvc]
--a------ 2004-11-30 18:20 0 C:\WINDOWS\system32\wvsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zdnyb.exe]
c:\windows\system32\zdnyb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸K0Ô*ÀaîžaaîžaaøYC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸K0Ô*ÀaîžaaîžaaøYC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸K0Ô*Àaîžaaîžaaø
0
Réponse 22 / 35
PacoE Messages postés 37 Statut Membre 3
 
rapport combofix fin :

C:\WINDOWS\system32\wvwwu.dll
C:\WINDOWS\system32\wvwwu.exe
C:\WINDOWS\system32\xxyayaw.dll
C:\WINDOWS\system32\xxyayvt.dll
C:\WINDOWS\system32\xxyayvu.dll
C:\WINDOWS\system32\xxywvvw.dll
C:\WINDOWS\system32\xxyxuur.dll
C:\WINDOWS\system32\yabaxxu.dll
C:\WINDOWS\system32\yayayaa.dll
C:\WINDOWS\system32\yayvssq.dll
C:\WINDOWS\system32\yayvstr.dll
C:\WINDOWS\system32\yayvwvu.dll
C:\WINDOWS\system32\yayvwwv.dll
C:\WINDOWS\system32\yaywxwx.dll
C:\WINDOWS\system32\yayxvst.dll
E:\Autorun.inf

[code] <pre>
C:\IBMTOOLS\Updater\ucstartup .exe ---> QooBox
C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox
C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe ---> QooBox
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe ---> QooBox
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm .exe ---> QooBox
C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater .exe ---> QooBox
C:\Program Files\SuperCopier\SuperCopier .exe ---> QooBox
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON .EXE ---> QooBox
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR .exe ---> QooBox
C:\Program Files\ThinkPad\Utilities\BMMLREF .EXE ---> QooBox
C:\Program Files\ThinkPad\Utilities\EzEjMnAp .Exe ---> QooBox
C:\Program Files\ThinkPad\Utilities\TpKmapAp .exe ---> QooBox
C:\WINDOWS\system32\PSDrvCheck .exe ---> QooBox
C:\WINDOWS\system32\dla\tfswctrl .exe ---> QooBox
</pre> [/code]
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CNSMINKP
-------\LEGACY_DIRVIN
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_MSDIRECTX
-------\LEGACY_PARAUDIO
-------\CnsMinKP
-------\DiRVIn
-------\nm
-------\paraudio

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 23:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:41 . 2008-01-17 19:41 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 08:55 . 2008-01-17 08:55 <REP> d----c--- C:\VundoFix Backups
2008-01-16 20:18 . 2008-01-16 20:18 131,072 --a------ C:\WINDOWS\system32\hxk.exe
2008-01-16 19:40 . 2008-01-16 19:40 131,072 --a------ C:\WINDOWS\system32\arkbvrf.exe
2008-01-15 18:39 . 2008-01-15 18:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-13 12:14 . 2008-01-13 12:14 <REP> d----c--- C:\Documents and Settings\Antoine\Application Data\eMule
2008-01-12 13:52 . 2008-01-12 13:52 <REP> d-------- C:\Program Files\VIA Technologies, Inc
2008-01-12 13:52 . 2002-12-18 11:57 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-01-12 13:52 . 2002-11-13 10:34 10,496 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-01-12 13:52 . 2002-10-24 09:07 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-01-04 20:00 . 2008-01-04 18:58 72,192 -r-hs---- C:\WINDOWS\system32\usnshare.exe
2007-12-30 16:22 . 2007-12-30 16:22 <REP> d-------- C:\Program Files\Alwil Software
2007-12-30 16:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-30 16:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-30 16:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-30 16:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 16:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 16:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 16:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 16:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 11:47 . 2007-12-23 12:11 <REP> d-------- C:\Program Files\Windows Live
2007-12-23 11:47 . 2007-12-23 12:03 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-23 11:46 . 2008-01-11 21:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 23:49 --------- d-----w C:\Program Files\SuperCopier
2008-01-18 23:49 --------- d-----w C:\Program Files\Common Files
2008-01-17 19:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 11:15 --------- d-----w C:\Program Files\eMule
2008-01-04 19:13 --------- d-----w C:\Program Files\Symantec
2008-01-04 19:13 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-02 17:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-30 16:25 --------- d-----w C:\Program Files\Winad Client
2007-12-30 15:58 --------- d-----w C:\Program Files\Dopewars
2007-12-30 15:58 --------- d-----w C:\Program Files\DeskAd Service
2007-12-17 18:29 --------- d-----w C:\Program Files\DivX
2007-12-15 10:55 --------- dc----w C:\Documents and Settings\Antoine\Application Data\LimeWire
2007-12-02 13:38 --------- dc----w C:\Documents and Settings\Antoine\Application Data\U3
2004-11-15 16:35 230,237 -c--a-w C:\Documents and Settings\Antoine\Application Data\tvmknwrd.dll
2005-06-03 07:57 475 --sh--w C:\WINDOWS\system32\zdnyb.dll
.
[code]<pre>
----a-w 307,200 2008-01-17 19:16:29 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
</pre>[/code]

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MSN Messanger"="msnmsng.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 00:10 380928 C:\WINDOWS\system32\irprops.cpl]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [ ]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [ ]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [ ]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 00:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [ ]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON .exe" [ ]
"DeskAd Service"="C:\Program Files\DeskAd Service\DeskAdServ.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [ ]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-07-11 09:34 94208]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 18:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [ ]
"dowoxt"="C:\Program Files\Common Files\dowoxt.exe" [ ]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"User Sharing Wizard"="usnshare.exe" [2008-01-04 18:58 72192 C:\WINDOWS\system32\usnshare.exe]
"sm"="C:\WINDOWS\system32\sm.exe" [ ]
"arkbvrf"="C:\WINDOWS\system32\arkbvrf.exe" [2008-01-16 19:40 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Remote Procedure Call For Windows 32bit."="rpc.exe" []
"Windows media service"="crsss.exe" []
"MSN Messanger"="msnmsng.exe" []
"Sepate Security Firewall"="sepate.exe" []
"DNS Service"="dnsresolver.exe" []
"Windows Dialup Service"="dialup.exe" []
"Microsoft Update"="wuampd.exe" []
"Windows Registry Server"="spoolsvc.exe" []
"sm"="C:\WINDOWS\system32\sm.exe" [ ]
"arkbvrf"="C:\WINDOWS\system32\arkbvrf.exe" [2008-01-16 19:40 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 00:09 15360]
"MSN Messanger"="msnmsng.exe" []
"Sepate Security Firewall"="sepate.exe" []
"wvsvc"="wvsvc.exe" [2004-11-30 18:20 0 C:\WINDOWS\system32\wvsvc.exe]
"Windows Update"="e.exe" []
"Windows Dialup Service"="dialup.exe" []
"Microsoft Update"="wuampd.exe" []
"WindowsRegKey upd4te2d4te"="itdnahgal.exe" []
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2005-01-27 14:59 263776]
"Microsoft Update Machine"="explorer.exe" [2007-06-13 14:22 1037312 C:\WINDOWS\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"MSN Messanger"="msnmsng.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3SAHCS#4MABT@T]
C:\WINDOWS\system32\UbgrXPno.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7s6X34X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\93pcgofe]
C:\Program Files\93pcgofe\93pcgofe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9M]
C:\documents and settings\antoine\local settings\temp\9M.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-06-27 16:53 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-09-12 05:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blah service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-20 00:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskAd Service]
C:\Program Files\DeskAd Service\DeskAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farmmext]
C:\WINDOWS\farmmext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBM RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBp7RQb5i]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mqum]
C:\PROGRA~1\COMMON~1\mqum\mqumm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Messanger]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.3000.1001\fr\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osaboci]
c:\windows\system32\zmlgeh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Procedure Call For Windows 32bit.]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
--a------ 2001-10-12 06:32 69632 C:\WINDOWS\system32\S3Tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sepate Security Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2003-08-28 19:10 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2003-08-28 19:11 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 09:05 53248 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2003-09-04 07:03 77824 C:\WINDOWS\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_SMB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wGQfIQE]
C:\windows\system32\wGQfIQE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Dialup Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows media service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Server]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsRegKey upd4te2d4te]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLogon]
C:\WINDOWS\logon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvsvc]
--a------ 2004-11-30 18:20 0 C:\WINDOWS\system32\wvsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zdnyb.exe]
c:\windows\system32\zdnyb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸K0Ô*ÀaîžaaîžaaøYC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸K0Ô*ÀaîžaaîžaaøYC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸K0Ô*ÀaîžaaîžaaøYC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸K0Ô*ÀaîžaaîžaaøYC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ofitmfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0–4C]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0–4C]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0–4C]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0–4C]
C:\WINDOWS\ofitmfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\ofitmfy.exe

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2003-09-11 18:03]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2003-10-11 10:07]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-07-11 09:34]
R2 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2003-07-24 21:26]
R3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 18:04]
R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 18:04]
S0 170621220;170621220;C:\WINDOWS\system32\drivers\170621220.sys []
S2 eougueyukpiyy;Print Spooler Service;C:\WINDOWS\system32\arkbvrf.exe [2008-01-16 19:40]
S2 ServiceF2;Computer Browsereser;c:\windows\system\FilMsg.exe []
S2 Windows Dialup Service;Windows Dialup Service;"C:\WINDOWS\System32\dialup.exe" []
S3 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2003-10-11 10:07]
S3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2001-08-18 05:28]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4c98039-c916-11db-90b4-000d608cfda5}]
\Shell\AutoRun\command - G:\euromed.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6462e00-a0db-11dc-9112-000cf135604f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{926A036A-158B-047A-E269-D148B0369C14}]
C:\WINDOWS\system32\install.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-10-14 19:06:34 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
"2008-01-17 20:24:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 01:00:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 1:11:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 00:11:44
.
2008-01-10 02:10:44 --- E O F ---
0
Réponse 23 / 35
PacoE Messages postés 37 Statut Membre 3
 
A bientot :)
0
Réponse 24 / 35
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
salut

OUUullaaa ! tu détiens le triste du rapport combo le plus infecté que ne j'ai jamais vu ! :))

Télécharge RenV.exe sur ton Bureau:

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Double-clique sur RenV.exe pour le lancer, et patiente.

Un rapport, log.txt, sera crée, et s'ouvrira à la fin du scan, poste le stp

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
PacoE Messages postés 37 Statut Membre 3
 
Cool, j'ai gagné un truc pour ce record?

je suis au boulot la, je ferai ca ce soir. si t'as d'autres truc a me faire faire dis le moi.

sinon hier jai lancer Spybot, il a trouver 8 fichiers infecté kil a supprimé (sauf 1) et avant de partir au taf jai relancer VundoFix, jte posterai le rapport ce soir également.

Voila...

++
0
Réponse 26 / 35
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ben t'as gagné le droit de te faire désinfecter ! :))

rassure toi, il va y avoir une série de manip à faire après celle-ci !

@+
0
Réponse 27 / 35
PacoE Messages postés 37 Statut Membre 3
 
salut,

vundofix n'a rien trouvé (surement suprimer par combofix)

je lancerai RenV.exe plus tard, jai un train a prendre.

++
0
Réponse 28 / 35
PacoE Messages postés 37 Statut Membre 3
 
Salut, désolé pour ma réponse atardive javai des probleme de connexion avec mon wifi mai c réglé maintenan.

voila mon rapport RenV.exe :

[code]
Ran on 20/01/2008 - 14:19:08,42

----a-w 307,200 2008-01-17 19:16:29 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 307,200 Blocks: 600
[/code]

Entre tps jai installé AntiVir qui ma viré pa mal de trucs je crois. jte reposte tt de suite un rapport Hijackthis pour voir si on a bien avancé ou pas...
0
Réponse 29 / 35
PacoE Messages postés 37 Statut Membre 3
 
et voila...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:41, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\arkbvrf.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.sfr.fr/offres-numericable.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON .exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [dowoxt] C:\Program Files\Common Files\dowoxt.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [User Sharing Wizard] usnshare.exe
O4 - HKLM\..\Run: [sm] C:\WINDOWS\system32\sm.exe
O4 - HKLM\..\Run: [arkbvrf] C:\WINDOWS\system32\arkbvrf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Remote Procedure Call For Windows 32bit.] rpc.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [DNS Service] dnsresolver.exe
O4 - HKLM\..\RunServices: [Windows Dialup Service] dialup.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuampd.exe
O4 - HKLM\..\RunServices: [Windows Registry Server] spoolsvc.exe
O4 - HKLM\..\RunServices: [sm] C:\WINDOWS\system32\sm.exe
O4 - HKLM\..\RunServices: [arkbvrf] C:\WINDOWS\system32\arkbvrf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wvsvc] wvsvc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Update] e.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Dialup Service] dialup.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] wuampd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsRegKey upd4te2d4te] itdnahgal.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] explorer.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messanger] msnmsng.exe (User 'Default user')
O8 - Extra context menu item: &¡ï½«Á´½ÓÌí¼Óµ½MSN RSSƵµÀ - C:\Program Files\MsnOK\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://1982jenny2005.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://16755.dialer.lincassa.com/ParisVoyeur.exe
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/default.cab?uid=7&id=31259&ex&1s&ppd=3&country=ww
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {ABB08127-7417-11D4-8566-00500448008D} (Chat Class) - http://downloads.winwise.fr/Common/npchatlax.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} - http://advnt01.com/dialer/internazionale_ver11.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Print Spooler Service (eougueyukpiyy) - Unknown owner - C:\WINDOWS\system32\arkbvrf.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Computer Browsereser (ServiceF2) - Unknown owner - c:\windows\system\FilMsg.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Dialup Service - Unknown owner - C:\WINDOWS\System32\dialup.exe (file missing)
0
Réponse 30 / 35
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

* Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
* Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
* Faire un clic droit sur navilog1.zip et choisir "tout extraire"
* Double-cliquez sur navilog1.exe
* Arriver au menu principal, choisir l'option 1 et valider.
* Patientez jusqu'au message : Analyse Termine le ...
* Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt)

==> poste le rapport stp

++
0
Réponse 31 / 35
PacoE Messages postés 37 Statut Membre 3
 
salut, voila le rapport demandé :

Search Navipromo version 3.4.1 commencé le 20/01/2008 à 18:33:26,46

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 20.01.2008 à 14h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Antoine\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\Antoine\local settings\application data" ***

*** Recherche dossiers dans "C:\Documents and Settings\Antoine\MENUDM~1\PROGRA~1" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD?~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers trouvés :

ndjdol.exe trouvé !

* Recherche dans "C:\Documents and Settings\Antoine\local settings\application data" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

* Dans "C:\Documents and Settings\Antoine\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup absent !

4)Recherche fichiers connus :

*** Analyse terminée le 20/01/2008 à 18:49:34,43 ***
0
Réponse 32 / 35
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

@+
0
Réponse 33 / 35
PacoE Messages postés 37 Statut Membre 3
 
voila le rapport sdfix :

SDFix: Version 1.129

Run by Antoine on 20/01/2008 at 23:15

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Antoine\Bureau\NOUVEA~1\SDFix

Safe Mode:
Checking Services:

Name:
eougueyukpiyy

Path:
C:\WINDOWS\system32\arkbvrf.exe /service

eougueyukpiyy - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\MSNMSGRR.EXE - Deleted
C:\WINDOWS\SYSTEM32\WVSVC.EXE - Deleted
C:\WINDOWS\SYSTEM32\NSPRS.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH2.DLL - Deleted
C:\WINDOWS\SYSTEM32\SSPRS.DLL - Deleted
C:\LOG75.TMP - Deleted
C:\WINDOWS\system32\TFTP???? - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 23:29:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\+}IQ\x00fcb\xf3\x2014\x201c\x008feQ\xd5l ]
"Order"=hex:08,00,00,00,02,00,00,00,2a,03,00,00,01,00,00,00,07,00,00,00,72,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F3107898-F8DD-2C03-B962-3FB9AE15867E}]
"dbcibloefeielmfioalmhbghchbhmoopbcdepcbf"=hex:6b,61,65,63,6b,67,62,64,6b,6e,6a,70,6f,69,69,67,69,65,64,6d,6a,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\hQ\x00fcb]
"\xcd\x2039\xed\x2039T\x20ac\xf3`"=dword:00000001
"\xcd\x2039\xed\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20n\x00d0c:y"=dword:00000001
"\26Y\1x\x00d0c:y"=dword:00000001
"\x00d2czz<h"=dword:00000000
"IQ\ah\xdf\x8d\x8f\x2013"=dword:00000001
"<SPACE>"=dword:00000001
"<ENTER>"=dword:00000000
"FC Input"=dword:00000001
"FC aid"=dword:00000001
"GB/GBK"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\\xccS\x00fcb]
"\xcd\x2039\xed\x2039T\x20ac\xf3`"=dword:00000001
"\xcd\x2039\xed\x2039\x201c\x008feQ"=dword:00000001
"\20\x90\20n\x00d0c:y"=dword:00000001
"\26Y\1x\x00d0c:y"=dword:00000001
"\x00d2czz<h"=dword:00000000
"IQ\ah\xdf\x8d\x8f\x2013"=dword:00000001
"<SPACE>"=dword:00000001
"<ENTER>"=dword:00000000
"FC Input"=dword:00000000
"FC aid"=dword:00000000
"GB/GBK"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"="C:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher"
"C:\\Program Files\\Support.com\\Bin\\tgcmd.exe"="C:\\Program Files\\Support.com\\Bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Antoine\Bureau\NOUVEA~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 26 Apr 2005 106 A..H. --- "C:\WINDOWS\system32\wgqfiqe.dll"
Fri 3 Jun 2005 475 ..SH. --- "C:\WINDOWS\system32\zdnyb.dll"
Fri 2 Jul 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 20 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 5 Dec 2006 120,832 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL0004.tmp"
Fri 7 Jan 2005 21,504 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL0149.tmp"
Fri 7 Jan 2005 23,552 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL0155.tmp"
Fri 7 Jan 2005 19,968 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL0988.tmp"
Thu 6 Jan 2005 19,456 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL1002.tmp"
Fri 7 Jan 2005 22,528 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL1298.tmp"
Fri 7 Jan 2005 23,552 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL1585.tmp"
Fri 7 Jan 2005 19,968 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL2286.tmp"
Thu 6 Jan 2005 19,456 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL2542.tmp"
Fri 7 Jan 2005 19,456 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL3590.tmp"
Fri 7 Jan 2005 21,504 ...H. --- "C:\Documents and Settings\Antoine\Application Data\Microsoft\Word\~WRL3869.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Antoine\Application Data\U3\temp\Launchpad Removal.exe"

Finished!
0
Réponse 34 / 35
PacoE Messages postés 37 Statut Membre 3
 
et voila le log hijckthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:57, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\arkbvrf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.sfr.fr/offres-numericable.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON .exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [dowoxt] C:\Program Files\Common Files\dowoxt.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [User Sharing Wizard] usnshare.exe
O4 - HKLM\..\Run: [sm] C:\WINDOWS\system32\sm.exe
O4 - HKLM\..\Run: [arkbvrf] C:\WINDOWS\system32\arkbvrf.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [Remote Procedure Call For Windows 32bit.] rpc.exe
O4 - HKLM\..\RunServices: [Sepate Security Firewall] sepate.exe
O4 - HKLM\..\RunServices: [DNS Service] dnsresolver.exe
O4 - HKLM\..\RunServices: [Windows Dialup Service] dialup.exe
O4 - HKLM\..\RunServices: [Windows Registry Server] spoolsvc.exe
O4 - HKLM\..\RunServices: [sm] C:\WINDOWS\system32\sm.exe
O4 - HKLM\..\RunServices: [arkbvrf] C:\WINDOWS\system32\arkbvrf.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [MSN Messanger] msnmsng.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wvsvc] wvsvc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Update] e.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Dialup Service] dialup.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WindowsRegKey upd4te2d4te] itdnahgal.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update Machine] explorer.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [MSN Messanger] msnmsng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [MSN Messanger] msnmsng.exe (User 'Default user')
O8 - Extra context menu item: &¡ï½«Á´½ÓÌí¼Óµ½MSN RSSƵµÀ - C:\Program Files\MsnOK\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_nos.exe
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int5.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://1982jenny2005.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://16755.dialer.lincassa.com/ParisVoyeur.exe
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/default.cab?uid=7&id=31259&ex&1s&ppd=3&country=ww
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {ABB08127-7417-11D4-8566-00500448008D} (Chat Class) - http://downloads.winwise.fr/Common/npchatlax.cab
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} - http://advnt01.com/dialer/internazionale_ver11.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Computer Browsereser (ServiceF2) - Unknown owner - c:\windows\system\FilMsg.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Dialup Service - Unknown owner - C:\WINDOWS\System32\dialup.exe (file missing)
O23 - Service: Print Spooler Service (yqyoe8p9jm) - Unknown owner - C:\WINDOWS\system32\arkbvrf.exe
0
Réponse 35 / 35
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses