Votre question

Pc infecté de pub, PC rame...

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Juillet 2008 16:25:36

Bonjour,

Je reviens vers vous pour un nouveau soucis qui touche le pc de ma copine. Comme les pros sont ici, je vous expose mon soucis:

elle utilise Mozilla. A chaque fois qu'elle ouvre et qu'elle click pour réduire, Mozilla se ferme...
des pubs par dizaine arrive toutes les 5 min environs,

son pc rame comme c'est pas permis.

Voici un rapport HIJACKTHIS, en espérant que cela vous parle!

****************************************************

Logfile of HijackThis v1.99.1
Scan saved at 16:12, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\system32\vbfodkshc.exe
C:\WINDOWS\mrofinu1001186.exe
C:\Program Files\Mojicon\Mojicon\mojiim.exe
C:\Program Files\Mojicon\Mojicon\mojiwin.exe
C:\Program Files\Mojicon\Mojicon\mojiversion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Documents and Settings\Administrateur\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\otaby.exe
C:\PROGRA~1\TSKS~1\spoolsv.exe
C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
C:\Program Files\Svconr\Svconr.exe
C:\WINDOWS\F?nts\??plorer.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\GetPack\GetPack20.exe
C:\Program Files\GetModule\GetModule20.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Boonty\BoontyBox\BoontyBoxEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v2.0-delta.exe
j:\721fe062eca8f6a215386e\mrtstub.exe

O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Administrateur\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\otaby.exe
O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe"
O4 - HKCU\..\Run: [GetModule20] "C:\Program Files\GetModule\GetModule20.exe"
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_bigcityadventuresa/onl...
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_dinerdashfloontheg/onl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

*****************************************************


Merci!!

Autres pages sur : infecte pub rame

28 Juillet 2008 16:58:37

:hello:  Bonjour,

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux lorsque tu seras en mode sans échec.

Ton infection utilise le social engineering comme vecteur de propagation.
Pour en savoir plus sur les infections se propageant via MSN, clique **ICI**.

Télécharge MSNFix (de !aur3n7) sur ton Bureau :

Dézippe-le sur C:\ et redémarre en mode sans échec :
Redémarre l'ordinateur et dès qu'il commence à charger appuie continuellement sur la touche F8. Un menu devrait apparaitre où tu auras la possibilité de choisir le mode sans échec.

Note 1 : Si tu es sous Windows Vista, fais un clic droit sur le programme et choisis Exécuter en tant qu'Administrateur.

  • Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat (L’extension bat peut ne pas apparaître).
  • Exécute l'option R.
  • Si l'infection est détectée, presse une touche pour lancer le nettoyage (N).
  • Si tu dois redémarrer l’ordinateur fais le manuellement.
  • Poste le rapport situé dans le dossier MSNFix.

    Note 2 :
    Le nom du rapport correspond à l'heure de sa création : date_heure.log

    Note 3 : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci.

    Aide : Comment utiliser MSNFix.
    28 Juillet 2008 18:17:07

    alors voici le résultat du log de MSNFIX:

    *********************************************************

    MSNFix 1.736

    C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\MSNFix
    Fix exécuté le 28/07/2008 - 18:00:25,92 By Administrateur
    mode sans échec

    ************************ Recherche les fichiers présents

    ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    ... C:\Program Files\svconr\svconr.exe
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
    ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    ... C:\Program Files\JavaCore\JavaCore.exe
    ... C:\Program Files\JavaCore\UnInstall.exe
    ... C:\Program Files\outerinfo\FF\chrome.manifest
    ... C:\Program Files\outerinfo\FF\components\FF.dll
    ... C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    ... C:\Program Files\outerinfo\FF\install.rdf
    ... C:\Program Files\outerinfo\Terms.rtf
    ... C:\WINDOWS\b153.exe
    ... C:\WINDOWS\b156.exe
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\config.cfg
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\SRUninstall.exe
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
    ... C:\Program Files\Temporary\InsiDERInst.exe
    ... C:\??????.exe
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
    ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    ... C:\Program Files\JavaCore\JavaCore.exe
    ... C:\Program Files\JavaCore\UnInstall.exe
    ... C:\Program Files\Temporary\InsiDERInst.exe
    ... C:\autorun.inf
    ... C:\Autorun.inf
    ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    ... C:\WINDOWS\b???.exe
    ... C:\WINDOWS\mrofinu*.exe
    ... C:\WINDOWS\mrofinu*.exe.tmp

    ************************ Recherche les dossiers présents

    ... C:\Program Files\Spcron\
    ... C:\Program Files\Svconr\
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\
    ... C:\Program Files\outerinfo\
    ... C:\Program Files\Temporary\
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\
    ... C:\Program Files\Inet_Get_2\
    ... C:\Program Files\InetGet2\
    ... C:\Program Files\ISM\
    ... C:\Program Files\QdrPack\
    ... C:\Program Files\Temporary\
    ... C:\Install\
    ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\




    ************************ Suppression des fichiers

    .. OK ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    .. OK ... C:\Program Files\svconr\svconr.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
    .. OK ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    .. OK ... C:\Program Files\JavaCore\JavaCore.exe
    .. OK ... C:\Program Files\JavaCore\UnInstall.exe
    .. OK ... C:\Program Files\outerinfo\FF\chrome.manifest
    .. OK ... C:\Program Files\outerinfo\FF\components\FF.dll
    .. OK ... C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    .. OK ... C:\Program Files\outerinfo\FF\install.rdf
    .. OK ... C:\Program Files\outerinfo\Terms.rtf
    .. OK ... C:\WINDOWS\b153.exe
    .. OK ... C:\WINDOWS\b156.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\config.cfg
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\SRUninstall.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
    /!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
    .. OK ... C:\Program Files\Temporary\InsiDERInst.exe
    .. OK ... C:\??????.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\wintouch.cfg
    /!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WTUninstaller.exe
    .. OK ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
    .. OK ... C:\Program Files\JavaCore\JavaCore.exe
    .. OK ... C:\Program Files\JavaCore\UnInstall.exe
    .. OK ... C:\Program Files\Temporary\InsiDERInst.exe
    .. OK ... C:\autorun.inf
    .. OK ... C:\Autorun.inf
    .. OK ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
    /!\ ... C:\WINDOWS\b???.exe
    .. OK ... C:\WINDOWS\mrofinu*.exe
    .. OK ... C:\WINDOWS\mrofinu*.exe.tmp


    ************************ Suppression des dossiers

    /!\ ... C:\Program Files\Spcron\
    /!\ ... C:\Program Files\Svconr\
    /!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\
    /!\ ... C:\Program Files\outerinfo\
    /!\ ... C:\Program Files\Temporary\
    /!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\SpeedRunner\
    .. OK ... C:\Program Files\Inet_Get_2\
    .. OK ... C:\Program Files\InetGet2\
    /!\ ... C:\Program Files\ISM\
    /!\ ... C:\Program Files\QdrPack\
    /!\ ... C:\Program Files\Temporary\
    .. OK ... C:\Install\
    /!\ ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\


    ************************ Nettoyage du registre



    Les fichiers encore présents seront supprimés au prochain redémarrage


    ************************ Suppression des fichiers

    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
    .. OK ... C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch\WinTouch.exe
    .. OK ... C:\WINDOWS\b???.exe



    ************************ Fichiers suspects

    Aucun Fichier trouvé


    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28072008_18040648.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,

    Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    ********************************************************

    sinon, j'ai 2 messages qui arrivent, 2 messages d'erreur:

    Erreur, C:\programfiles\avira\antivir...

    et Erreur: C:\windows\sytem32\ndaTqsVqrX.dll est introuvable...

    Je remets un petit HIJACKTHIS réactualisé suite au MSNFIX:

    ******************************************************

    Logfile of HijackThis v1.99.1
    Scan saved at 18:11, on 28/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\vbfodkshc.exe
    C:\Program Files\Mojicon\Mojicon\mojiim.exe
    C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\PROGRA~1\TSKS~1\spoolsv.exe
    C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
    C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
    C:\WINDOWS\F?nts\??plorer.exe
    C:\Program Files\mjc\mjc.exe
    C:\Program Files\AdVantage\AdVantage.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\GetPack\GetPack20.exe
    C:\Program Files\GetModule\GetModule20.exe
    C:\Program Files\Antipub\antipub.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HijackThis.exe

    O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
    O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
    O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
    O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
    O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
    O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
    O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
    O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe
    O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\ipobmh.exe
    O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
    O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKCU\..\Run: [GetPack20] "C:\Program Files\GetPack\GetPack20.exe"
    O4 - HKCU\..\Run: [GetModule20] "C:\Program Files\GetModule\GetModule20.exe"
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_bigcityadventuresa/onl...
    O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_dinerdashfloontheg/onl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    *****************************************************


    Sinon, Mozilla foire toujours.


    Un grand merci en tout cas de te pencher sur mon ptit soucis

    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    28 Juillet 2008 18:32:27

    Re,

    Tu as utilisé une mauvaise version d'hijackthis. Désinstalle-la.

    Télécharge et installe la celle que je t'ai donnée dans mon lien ( à lire ! ).
    Hijackthis

    ***

    1) Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

    Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    Citation :
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.

    2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    30 Juillet 2008 00:20:42

    voilà tous les rapports,

    on commence par SDFix:



    SDFix: Version 1.209
    Run by Administrateur on 29/07/2008 at 22:54

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File
    Resetting SecurityProviders Value
    Resetting AppInit_DLLs value


    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\ABQCNP~1.EXE - Deleted
    C:\AEOJCM~1.EXE - Deleted
    C:\AHIZMF~1.EXE - Deleted
    C:\AILBCO~1.EXE - Deleted
    C:\AINPXV~1.EXE - Deleted
    C:\AJDQDE~1.EXE - Deleted
    C:\AJFOKX~1.EXE - Deleted
    C:\ANCDWH~1.EXE - Deleted
    C:\ANWTOQ~1.EXE - Deleted
    C:\AOBUKF~1.EXE - Deleted
    C:\AOTBQH~1.EXE - Deleted
    C:\APXHOX~1.EXE - Deleted
    C:\ATTIHH~1.EXE - Deleted
    C:\ATXLNE~1.EXE - Deleted
    C:\AUMONJ~1.EXE - Deleted
    C:\AWYUTP~1.EXE - Deleted
    C:\AXGVGS~1.EXE - Deleted
    C:\AXSFFJ~1.EXE - Deleted
    C:\AYYTVK~1.EXE - Deleted
    C:\AZWMUM~1.EXE - Deleted
    C:\BABHDK~1.EXE - Deleted
    C:\BACLQR~1.EXE - Deleted
    C:\BAFYMU~1.EXE - Deleted
    C:\BBDQKW~1.EXE - Deleted
    C:\BESYPA~1.EXE - Deleted
    C:\BFXBLH~1.EXE - Deleted
    C:\BGGNUT~1.EXE - Deleted
    C:\BHGSMW~1.EXE - Deleted
    C:\BHLIYU~1.EXE - Deleted
    C:\BHLZRH~1.EXE - Deleted
    C:\BHNCLE~1.EXE - Deleted
    C:\BHNRIO~1.EXE - Deleted
    C:\BIFYJO~1.EXE - Deleted
    C:\BIHLKV~1.EXE - Deleted
    C:\BJECPA~1.EXE - Deleted
    C:\BJLZHI~1.EXE - Deleted
    C:\BJOFZJ~1.EXE - Deleted
    C:\BKLFJW~1.EXE - Deleted
    C:\BKRRDZ~1.EXE - Deleted
    C:\BKYWJG~1.EXE - Deleted
    C:\BLJJLA~1.EXE - Deleted
    C:\BOSHER~1.EXE - Deleted
    C:\BPZGZT~1.EXE - Deleted
    C:\BRKPAU~1.EXE - Deleted
    C:\BSVKRM~1.EXE - Deleted
    C:\BUOGCF~1.EXE - Deleted
    C:\BVFDGJ~1.EXE - Deleted
    C:\BVKMZU~1.EXE - Deleted
    C:\BVZPGS~1.EXE - Deleted
    C:\BWTBEX~1.EXE - Deleted
    C:\BWTZKH~1.EXE - Deleted
    C:\BYMCTZ~1.EXE - Deleted
    C:\BZVBHS~1.EXE - Deleted
    C:\BZZQVA~1.EXE - Deleted
    C:\CAMUFX~1.EXE - Deleted
    C:\CBKOEW~1.EXE - Deleted
    C:\CCHSVS~1.EXE - Deleted
    C:\CCIURI~1.EXE - Deleted
    C:\CCWALN~1.EXE - Deleted
    C:\CDADQL~1.EXE - Deleted
    C:\CDUDMV~1.EXE - Deleted
    C:\CDWEXF~1.EXE - Deleted
    C:\CEDQUR~1.EXE - Deleted
    C:\CEQYBA~1.EXE - Deleted
    C:\CFPGNW~1.EXE - Deleted
    C:\CFPGRY~1.EXE - Deleted
    C:\CFTDKC~1.EXE - Deleted
    C:\CGPFEW~1.EXE - Deleted
    C:\CKQEYF~1.EXE - Deleted
    C:\CLMPXS~1.EXE - Deleted
    C:\CMKRTY~1.EXE - Deleted
    C:\CNWQQV~1.EXE - Deleted
    C:\COIHMJ~1.EXE - Deleted
    C:\CRCEAJ~1.EXE - Deleted
    C:\CRITFS~1.EXE - Deleted
    C:\CSAQUZ~1.EXE - Deleted
    C:\CTHINO~1.EXE - Deleted
    C:\CTQVRZ~1.EXE - Deleted
    C:\CUBQTW~1.EXE - Deleted
    C:\CUXJGG~1.EXE - Deleted
    C:\CVOMJB~1.EXE - Deleted
    C:\CVQVTG~1.EXE - Deleted
    C:\CXFARL~1.EXE - Deleted
    C:\CYFYEF~1.EXE - Deleted
    C:\CZBTQV~1.EXE - Deleted
    C:\CZWHZY~1.EXE - Deleted
    C:\DARDHY~1.EXE - Deleted
    C:\DBQFDY~1.EXE - Deleted
    C:\DCBNGI~1.EXE - Deleted
    C:\DCLHRS~1.EXE - Deleted
    C:\DDBPUE~1.EXE - Deleted
    C:\DHDRTS~1.EXE - Deleted
    C:\DHQVSX~1.EXE - Deleted
    C:\DIYKEA~1.EXE - Deleted
    C:\DJIEBV~1.EXE - Deleted
    C:\DJMPVS~1.EXE - Deleted
    C:\DLBUWZ~1.EXE - Deleted
    C:\DMLFPT~1.EXE - Deleted
    C:\DNTXCW~1.EXE - Deleted
    C:\DOXJBA~1.EXE - Deleted
    C:\DPIIJX~1.EXE - Deleted
    C:\DPTOWD~1.EXE - Deleted
    C:\DQAEPE~1.EXE - Deleted
    C:\DSKBJU~1.EXE - Deleted
    C:\DTCHFN~1.EXE - Deleted
    C:\DUMPLN~1.EXE - Deleted
    C:\DUPANE~1.EXE - Deleted
    C:\DVOTPC~1.EXE - Deleted
    C:\DVVJQX~1.EXE - Deleted
    C:\DVYSWQ~1.EXE - Deleted
    C:\DYLLFS~1.EXE - Deleted
    C:\DYMZUB~1.EXE - Deleted
    C:\DYPREE~1.EXE - Deleted
    C:\DYQURI~1.EXE - Deleted
    C:\DYRTSH~1.EXE - Deleted
    C:\DZJTNA~1.EXE - Deleted
    C:\EAFHCS~1.EXE - Deleted
    C:\ECFODL~1.EXE - Deleted
    C:\ECKMLS~1.EXE - Deleted
    C:\ECMUNN~1.EXE - Deleted
    C:\EDARGT~1.EXE - Deleted
    C:\EEWUYQ~1.EXE - Deleted
    C:\EHAQAL~1.EXE - Deleted
    C:\EHIYGQ~1.EXE - Deleted
    C:\EICNPZ~1.EXE - Deleted
    C:\EJHQIY~1.EXE - Deleted
    C:\EJSPRZ~1.EXE - Deleted
    C:\EJVJGO~1.EXE - Deleted
    C:\EKADSW~1.EXE - Deleted
    C:\EKEUBR~1.EXE - Deleted
    C:\EMVIFN~1.EXE - Deleted
    C:\ENLHBP~1.EXE - Deleted
    C:\ENQYSK~1.EXE - Deleted
    C:\EOGRXU~1.EXE - Deleted
    C:\EOXRHW~1.EXE - Deleted
    C:\EPPQBC~1.EXE - Deleted
    C:\EPPSKC~1.EXE - Deleted
    C:\EQUXRG~1.EXE - Deleted
    C:\ERPBEN~1.EXE - Deleted
    C:\ERYMOX~1.EXE - Deleted
    C:\EWEKPX~1.EXE - Deleted
    C:\EWKFLG~1.EXE - Deleted
    C:\EWLIOW~1.EXE - Deleted
    C:\EXLFYA~1.EXE - Deleted
    C:\EYMZYM~1.EXE - Deleted
    C:\FCDMQX~1.EXE - Deleted
    C:\FDAZAF~1.EXE - Deleted
    C:\FEAOJA~1.EXE - Deleted
    C:\FELGPP~1.EXE - Deleted
    C:\FFZUTA~1.EXE - Deleted
    C:\FGVQWA~1.EXE - Deleted
    C:\FJIPEK~1.EXE - Deleted
    C:\FJXLDD~1.EXE - Deleted
    C:\FMKLAK~1.EXE - Deleted
    C:\FMMPDS~1.EXE - Deleted
    C:\FNVDDX~1.EXE - Deleted
    C:\FPFZYM~1.EXE - Deleted
    C:\FPGQQB~1.EXE - Deleted
    C:\FRCVHR~1.EXE - Deleted
    C:\FRJVYI~1.EXE - Deleted
    C:\FRKONJ~1.EXE - Deleted
    C:\FRREKT~1.EXE - Deleted
    C:\FSCIKM~1.EXE - Deleted
    C:\FSHCLI~1.EXE - Deleted
    C:\FUUZVI~1.EXE - Deleted
    C:\FUVTHJ~1.EXE - Deleted
    C:\FVCCBK~1.EXE - Deleted
    C:\FVDXQJ~1.EXE - Deleted
    C:\FZMHTA~1.EXE - Deleted
    C:\GACXCF~1.EXE - Deleted
    C:\GBBSKU~1.EXE - Deleted
    C:\GBFJJT~1.EXE - Deleted
    C:\GBFWCK~1.EXE - Deleted
    C:\GBGRUK~1.EXE - Deleted
    C:\GBKVYF~1.EXE - Deleted
    C:\GBXXBY~1.EXE - Deleted
    C:\GCLOPP~1.EXE - Deleted
    C:\GCLTDJ~1.EXE - Deleted
    C:\GDXXAX~1.EXE - Deleted
    C:\GEDDUD~1.EXE - Deleted
    C:\GEQSHR~1.EXE - Deleted
    C:\GEWMXT~1.EXE - Deleted
    C:\GFBHEW~1.EXE - Deleted
    C:\GGAQJL~1.EXE - Deleted
    C:\GGLTAI~1.EXE - Deleted
    C:\GGRQHR~1.EXE - Deleted
    C:\GHJJYE~1.EXE - Deleted
    C:\GHQGSI~1.EXE - Deleted
    C:\GJWYUI~1.EXE - Deleted
    C:\GKPGEZ~1.EXE - Deleted
    C:\GMWXOO~1.EXE - Deleted
    C:\GNHZQC~1.EXE - Deleted
    C:\GPHLXG~1.EXE - Deleted
    C:\GPULVO~1.EXE - Deleted
    C:\GQPPIX~1.EXE - Deleted
    C:\GRUOGM~1.EXE - Deleted
    C:\GSRWZT~1.EXE - Deleted
    C:\GTPXBM~1.EXE - Deleted
    C:\GUXXPY~1.EXE - Deleted
    C:\GVEHEZ~1.EXE - Deleted
    C:\GVGHXR~1.EXE - Deleted
    C:\GVXPCW~1.EXE - Deleted
    C:\GWMEZA~1.EXE - Deleted
    C:\GYIVHS~1.EXE - Deleted
    C:\GZIGVP~1.EXE - Deleted
    C:\GZMPEY~1.EXE - Deleted
    C:\HAEQIG~1.EXE - Deleted
    C:\HAQKKK~1.EXE - Deleted
    C:\HBERJN~1.EXE - Deleted
    C:\HDBKIL~1.EXE - Deleted
    C:\HDVDIP~1.EXE - Deleted
    C:\HFCYUM~1.EXE - Deleted
    C:\HGZJBA~1.EXE - Deleted
    C:\HHRUPB~1.EXE - Deleted
    C:\HIHUZI~1.EXE - Deleted
    C:\HKNPAX~1.EXE - Deleted
    C:\HKZZBE~1.EXE - Deleted
    C:\HLYMCV~1.EXE - Deleted
    C:\HMEFKA~1.EXE - Deleted
    C:\HMYRAK~1.EXE - Deleted
    C:\HNGUQC~1.EXE - Deleted
    C:\HOZNFU~1.EXE - Deleted
    C:\HPUYXH~1.EXE - Deleted
    C:\HQRIGP~1.EXE - Deleted
    C:\HSOCOT~1.EXE - Deleted
    C:\HSOVNW~1.EXE - Deleted
    C:\HSQNPY~1.EXE - Deleted
    C:\HVYZBU~1.EXE - Deleted
    C:\HWNHGX~1.EXE - Deleted
    C:\HWPZGH~1.EXE - Deleted
    C:\HWQZAF~1.EXE - Deleted
    C:\HYWLQR~1.EXE - Deleted
    C:\HZEICS~1.EXE - Deleted
    C:\HZFDXR~1.EXE - Deleted
    C:\HZINQK~1.EXE - Deleted
    C:\IAFGEY~1.EXE - Deleted
    C:\IBBTLK~1.EXE - Deleted
    C:\ICIVSN~1.EXE - Deleted
    C:\ICWVSR~1.EXE - Deleted
    C:\IEJGCL~1.EXE - Deleted
    C:\IFEHFM~1.EXE - Deleted
    C:\IFXBBZ~1.EXE - Deleted
    C:\IGBXDC~1.EXE - Deleted
    C:\IHYIGS~1.EXE - Deleted
    C:\IKDVPJ~1.EXE - Deleted
    C:\IKDXUM~1.EXE - Deleted
    C:\IKTYKA~1.EXE - Deleted
    C:\ILJQPI~1.EXE - Deleted
    C:\IMEBBP~1.EXE - Deleted
    C:\IMZHDY~1.EXE - Deleted
    C:\IPAOHR~1.EXE - Deleted
    C:\IPXMTY~1.EXE - Deleted
    C:\IQTLQP~1.EXE - Deleted
    C:\ISBFBY~1.EXE - Deleted
    C:\ISWPXS~1.EXE - Deleted
    C:\IWJOHA~1.EXE - Deleted
    C:\IWLUOR~1.EXE - Deleted
    C:\IXYYIL~1.EXE - Deleted
    C:\IYZJGI~1.EXE - Deleted
    C:\IZAFTO~1.EXE - Deleted
    C:\IZDVHT~1.EXE - Deleted
    C:\JARYNE~1.EXE - Deleted
    C:\JCICXH~1.EXE - Deleted
    C:\JEGQQZ~1.EXE - Deleted
    C:\JESWHM~1.EXE - Deleted
    C:\JFLEOB~1.EXE - Deleted
    C:\JFYOUM~1.EXE - Deleted
    C:\JGASSS~1.EXE - Deleted
    C:\JHSOHB~1.EXE - Deleted
    C:\JICXTT~1.EXE - Deleted
    C:\JKCHEY~1.EXE - Deleted
    C:\JLSFFF~1.EXE - Deleted
    C:\JMLVSI~1.EXE - Deleted
    C:\JMNZWI~1.EXE - Deleted
    C:\JOORQN~1.EXE - Deleted
    C:\JPJLBF~1.EXE - Deleted
    C:\JPRURW~1.EXE - Deleted
    C:\JRHNTU~1.EXE - Deleted
    C:\JSCAUN~1.EXE - Deleted
    C:\JSKHSK~1.EXE - Deleted
    C:\JSSVQS~1.EXE - Deleted
    C:\JTIDUS~1.EXE - Deleted
    C:\JTKXFT~1.EXE - Deleted
    C:\JULIXY~1.EXE - Deleted
    C:\JVGABA~1.EXE - Deleted
    C:\JWPXJJ~1.EXE - Deleted
    C:\JXFVNS~1.EXE - Deleted
    C:\JXYFYF~1.EXE - Deleted
    C:\JYHIUG~1.EXE - Deleted
    C:\JZDAND~1.EXE - Deleted
    C:\KABTKT~1.EXE - Deleted
    C:\KADTRA~1.EXE - Deleted
    C:\KBRVOD~1.EXE - Deleted
    C:\KCHKGJ~1.EXE - Deleted
    C:\KEAIMA~1.EXE - Deleted
    C:\KEUYWN~1.EXE - Deleted
    C:\KEVFBI~1.EXE - Deleted
    C:\KFTCWX~1.EXE - Deleted
    C:\KFWUMM~1.EXE - Deleted
    C:\KHQZZH~1.EXE - Deleted
    C:\KHSPKR~1.EXE - Deleted
    C:\KHUEZR~1.EXE - Deleted
    C:\KJGEBX~1.EXE - Deleted
    C:\KKRETR~1.EXE - Deleted
    C:\KLACEG~1.EXE - Deleted
    C:\KLBQVS~1.EXE - Deleted
    C:\KNNXCX~1.EXE - Deleted
    C:\KQOBJE~1.EXE - Deleted
    C:\KRXEYK~1.EXE - Deleted
    C:\KSVESS~1.EXE - Deleted
    C:\KTELES~1.EXE - Deleted
    C:\KTEXKB~1.EXE - Deleted
    C:\KTYJAX~1.EXE - Deleted
    C:\KUDMNI~1.EXE - Deleted
    C:\KWVTJZ~1.EXE - Deleted
    C:\KXEQUF~1.EXE - Deleted
    C:\KXNYED~1.EXE - Deleted
    C:\KXVDLV~1.EXE - Deleted
    C:\KYMDBH~1.EXE - Deleted
    C:\KZJUYA~1.EXE - Deleted
    C:\LBDIXJ~1.EXE - Deleted
    C:\LCDOFX~1.EXE - Deleted
    C:\LDUYEO~1.EXE - Deleted
    C:\LEXCJS~1.EXE - Deleted
    C:\LFBDWH~1.EXE - Deleted
    C:\LGGSEL~1.EXE - Deleted
    C:\LGGTWE~1.EXE - Deleted
    C:\LGKDEE~1.EXE - Deleted
    C:\LIZEFS~1.EXE - Deleted
    C:\LJWRHP~1.EXE - Deleted
    C:\LKITEA~1.EXE - Deleted
    C:\LLWSHC~1.EXE - Deleted
    C:\LMLNBU~1.EXE - Deleted
    C:\LPDLFI~1.EXE - Deleted
    C:\LPYTVH~1.EXE - Deleted
    C:\LQSDND~1.EXE - Deleted
    C:\LSNRVF~1.EXE - Deleted
    C:\LSRXRZ~1.EXE - Deleted
    C:\LTEEQC~1.EXE - Deleted
    C:\LUDZTH~1.EXE - Deleted
    C:\LUWXZM~1.EXE - Deleted
    C:\LXGRQJ~1.EXE - Deleted
    C:\LYDLPN~1.EXE - Deleted
    C:\LYUJNL~1.EXE - Deleted
    C:\LYZSJI~1.EXE - Deleted
    C:\MBLZIY~1.EXE - Deleted
    C:\MBMUAT~1.EXE - Deleted
    C:\MDWSDN~1.EXE - Deleted
    C:\MEFLHP~1.EXE - Deleted
    C:\MFMPCP~1.EXE - Deleted
    C:\MFPVHU~1.EXE - Deleted
    C:\MFXCAU~1.EXE - Deleted
    C:\MGUSBW~1.EXE - Deleted
    C:\MILLHH~1.EXE - Deleted
    C:\MIQSFP~1.EXE - Deleted
    C:\MJPMFH~1.EXE - Deleted
    C:\MKDZQO~1.EXE - Deleted
    C:\MKJQCM~1.EXE - Deleted
    C:\MLNTMU~1.EXE - Deleted
    C:\MLYUZX~1.EXE - Deleted
    C:\MLZOIK~1.EXE - Deleted
    C:\MMNSQJ~1.EXE - Deleted
    C:\MMOLRX~1.EXE - Deleted
    C:\MNHMNO~1.EXE - Deleted
    C:\MNNFDO~1.EXE - Deleted
    C:\MNNWQR~1.EXE - Deleted
    C:\MQFPOJ~1.EXE - Deleted
    C:\MQTTWB~1.EXE - Deleted
    C:\MQVEUP~1.EXE - Deleted
    C:\MSDTNX~1.EXE - Deleted
    C:\MTKSUA~1.EXE - Deleted
    C:\MTLZAP~1.EXE - Deleted
    C:\MUMZUT~1.EXE - Deleted
    C:\MUPIBF~1.EXE - Deleted
    C:\MUTGQC~1.EXE - Deleted
    C:\MUTJEW~1.EXE - Deleted
    C:\MVJGNW~1.EXE - Deleted
    C:\MVWTQK~1.EXE - Deleted
    C:\MVZCBF~1.EXE - Deleted
    C:\MWAVPD~1.EXE - Deleted
    C:\MWGVDY~1.EXE - Deleted
    C:\MYCXVH~1.EXE - Deleted
    C:\MZDYDI~1.EXE - Deleted
    C:\MZMGTD~1.EXE - Deleted
    C:\MZPVEJ~1.EXE - Deleted
    C:\MZSRQM~1.EXE - Deleted
    C:\NBJALV~1.EXE - Deleted
    C:\NEWYNP~1.EXE - Deleted
    C:\NFWXDI~1.EXE - Deleted
    C:\NGNBPT~1.EXE - Deleted
    C:\NJSJAQ~1.EXE - Deleted
    C:\NMOIPX~1.EXE - Deleted
    C:\NMURJP~1.EXE - Deleted
    C:\NNDRFM~1.EXE - Deleted
    C:\NOZXSZ~1.EXE - Deleted
    C:\NPPGRW~1.EXE - Deleted
    C:\NPSRGA~1.EXE - Deleted
    C:\NQDEIN~1.EXE - Deleted
    C:\NQZSBR~1.EXE - Deleted
    C:\NSOARN~1.EXE - Deleted
    C:\NSRCQK~1.EXE - Deleted
    C:\NUYJQA~1.EXE - Deleted
    C:\NWPNGK~1.EXE - Deleted
    C:\NYIZNB~1.EXE - Deleted
    C:\NYWFMQ~1.EXE - Deleted
    C:\OAAUNE~1.EXE - Deleted
    C:\OBHRCW~1.EXE - Deleted
    C:\OBPMIY~1.EXE - Deleted
    C:\OBSFZT~1.EXE - Deleted
    C:\ODCOOS~1.EXE - Deleted
    C:\ODJWUG~1.EXE - Deleted
    C:\ODKUKM~1.EXE - Deleted
    C:\OFBLJP~1.EXE - Deleted
    C:\OFEKTB~1.EXE - Deleted
    C:\OFWNIO~1.EXE - Deleted
    C:\OHZTHX~1.EXE - Deleted
    C:\OJOQWU~1.EXE - Deleted
    C:\OJUEWJ~1.EXE - Deleted
    C:\OJWKCN~1.EXE - Deleted
    C:\OLCRQK~1.EXE - Deleted
    C:\OMFANJ~1.EXE - Deleted
    C:\OMRSRK~1.EXE - Deleted
    C:\ONHWOE~1.EXE - Deleted
    C:\ONMMMW~1.EXE - Deleted
    C:\ONSDYD~1.EXE - Deleted
    C:\OOHCTS~1.EXE - Deleted
    C:\OOHQTA~1.EXE - Deleted
    C:\OOHXQL~1.EXE - Deleted
    C:\OOYLJH~1.EXE - Deleted
    C:\OPQSBM~1.EXE - Deleted
    C:\ORGDCQ~1.EXE - Deleted
    C:\ORTTRB~1.EXE - Deleted
    C:\OSMCSR~1.EXE - Deleted
    C:\OTXSSW~1.EXE - Deleted
    C:\OUTJYQ~1.EXE - Deleted
    C:\OUZPSB~1.EXE - Deleted
    C:\OVFGLO~1.EXE - Deleted
    C:\OVLYQZ~1.EXE - Deleted
    C:\OWBMJS~1.EXE - Deleted
    C:\OWSUAO~1.EXE - Deleted
    C:\OXNWSL~1.EXE - Deleted
    C:\OYGAPM~1.EXE - Deleted
    C:\OYKTCM~1.EXE - Deleted
    C:\OYUNEK~1.EXE - Deleted
    C:\OYVBVE~1.EXE - Deleted
    C:\OZHFJJ~1.EXE - Deleted
    C:\OZIHCV~1.EXE - Deleted
    C:\OZPKFX~1.EXE - Deleted
    C:\PAPMOU~1.EXE - Deleted
    C:\PAYBEP~1.EXE - Deleted
    C:\PDNVYN~1.EXE - Deleted
    C:\PFJGRC~1.EXE - Deleted
    C:\PHTPHR~1.EXE - Deleted
    C:\PIIBKO~1.EXE - Deleted
    C:\PINUFD~1.EXE - Deleted
    C:\PIWPAS~1.EXE - Deleted
    C:\PJEXKO~1.EXE - Deleted
    C:\PKLJXP~1.EXE - Deleted
    C:\PKTOAL~1.EXE - Deleted
    C:\PKVEUX~1.EXE - Deleted
    C:\PMFRJI~1.EXE - Deleted
    C:\PMQWMW~1.EXE - Deleted
    C:\PNUNRA~1.EXE - Deleted
    C:\PPSXOQ~1.EXE - Deleted
    C:\PPZXCT~1.EXE - Deleted
    C:\PQRVSP~1.EXE - Deleted
    C:\PSJNSU~1.EXE - Deleted
    C:\PTPRCH~1.EXE - Deleted
    C:\PTRTZM~1.EXE - Deleted
    C:\PTTGFK~1.EXE - Deleted
    C:\PTWEZE~1.EXE - Deleted
    C:\PVLILX~1.EXE - Deleted
    C:\PWXIXD~1.EXE - Deleted
    C:\PXSRYR~1.EXE - Deleted
    C:\PXWMQC~1.EXE - Deleted
    C:\PYOWSG~1.EXE - Deleted
    C:\PYVEIS~1.EXE - Deleted
    C:\PZBPJR~1.EXE - Deleted
    C:\PZDKBH~1.EXE - Deleted
    C:\PZOCED~1.EXE - Deleted
    C:\QARZZL~1.EXE - Deleted
    C:\QBRDMS~1.EXE - Deleted
    C:\QCBWAL~1.EXE - Deleted
    C:\QCGFUA~1.EXE - Deleted
    C:\QCOEAA~1.EXE - Deleted
    C:\QDDHZZ~1.EXE - Deleted
    C:\QDPAKK~1.EXE - Deleted
    C:\QDWNPJ~1.EXE - Deleted
    C:\QEHJWK~1.EXE - Deleted
    C:\QFSOIP~1.EXE - Deleted
    C:\QFTVWD~1.EXE - Deleted
    C:\QGSQWA~1.EXE - Deleted
    C:\QGTMFE~1.EXE - Deleted
    C:\QHEKGJ~1.EXE - Deleted
    C:\QHGVQK~1.EXE - Deleted
    C:\QIDSSZ~1.EXE - Deleted
    C:\QIJLWM~1.EXE - Deleted
    C:\QITDJN~1.EXE - Deleted
    C:\QJROBJ~1.EXE - Deleted
    C:\QKOCTG~1.EXE - Deleted
    C:\QMCMKV~1.EXE - Deleted
    C:\QMLVIO~1.EXE - Deleted
    C:\QNHRKA~1.EXE - Deleted
    C:\QNIOJQ~1.EXE - Deleted
    C:\QNXOWF~1.EXE - Deleted
    C:\QQXGOF~1.EXE - Deleted
    C:\QRRPPC~1.EXE - Deleted
    C:\QSGDPI~1.EXE - Deleted
    C:\QSIQFQ~1.EXE - Deleted
    C:\QSPNPC~1.EXE - Deleted
    C:\QSPORN~1.EXE - Deleted
    C:\QSWWKH~1.EXE - Deleted
    C:\QTRXEM~1.EXE - Deleted
    C:\QTTPNA~1.EXE - Deleted
    C:\QUDXMX~1.EXE - Deleted
    C:\QULFVN~1.EXE - Deleted
    C:\QVKDSU~1.EXE - Deleted
    C:\QVKLWZ~1.EXE - Deleted
    C:\QVLMDW~1.EXE - Deleted
    C:\QWZGDB~1.EXE - Deleted
    C:\QYSUJG~1.EXE - Deleted
    C:\QZKYMF~1.EXE - Deleted
    C:\QZTMLC~1.EXE - Deleted
    C:\RAYYRT~1.EXE - Deleted
    C:\RBCRHB~1.EXE - Deleted
    C:\RBZFIQ~1.EXE - Deleted
    C:\RCZRAL~1.EXE - Deleted
    C:\RDPPFE~1.EXE - Deleted
    C:\REJWPE~1.EXE - Deleted
    C:\RFCZZG~1.EXE - Deleted
    C:\RFKLMS~1.EXE - Deleted
    C:\RFQFPJ~1.EXE - Deleted
    C:\RGSZXU~1.EXE - Deleted
    C:\RHIJGA~1.EXE - Deleted
    C:\RHIQUH~1.EXE - Deleted
    C:\RHPFYY~1.EXE - Deleted
    C:\RICMUF~1.EXE - Deleted
    C:\RIVGDL~1.EXE - Deleted
    C:\RIVUZF~1.EXE - Deleted
    C:\RJDTGX~1.EXE - Deleted
    C:\RJGLHR~1.EXE - Deleted
    C:\RJSNBJ~1.EXE - Deleted
    C:\RJZYSU~1.EXE - Deleted
    C:\RKCLXO~1.EXE - Deleted
    C:\RLJZAG~1.EXE - Deleted
    C:\RLUUNC~1.EXE - Deleted
    C:\RMYVHE~1.EXE - Deleted
    C:\ROCGJJ~1.EXE - Deleted
    C:\RPCURR~1.EXE - Deleted
    C:\RQSTQW~1.EXE - Deleted
    C:\RRPBTP~1.EXE - Deleted
    C:\RRVERZ~1.EXE - Deleted
    C:\RSXDLI~1.EXE - Deleted
    C:\RTFEMZ~1.EXE - Deleted
    C:\RTMTRE~1.EXE - Deleted
    C:\RTZXMI~1.EXE - Deleted
    C:\RWEWEW~1.EXE - Deleted
    C:\RWJMMC~1.EXE - Deleted
    C:\RWKXNG~1.EXE - Deleted
    C:\RWUZHI~1.EXE - Deleted
    C:\RWWAIT~1.EXE - Deleted
    C:\RWWGPS~1.EXE - Deleted
    C:\RWZEQA~1.EXE - Deleted
    C:\RXLEKB~1.EXE - Deleted
    C:\RXNORA~1.EXE - Deleted
    C:\RXVHHU~1.EXE - Deleted
    C:\RXZISB~1.EXE - Deleted
    C:\RYAKIY~1.EXE - Deleted
    C:\RYPZKS~1.EXE - Deleted
    C:\RZALPY~1.EXE - Deleted
    C:\RZPGSI~1.EXE - Deleted
    C:\SBCJBL~1.EXE - Deleted
    C:\SBKOED~1.EXE - Deleted
    C:\SCANVD~1.EXE - Deleted
    C:\SCEEFY~1.EXE - Deleted
    C:\SCINTU~1.EXE - Deleted
    C:\SCMOGI~1.EXE - Deleted
    C:\SESYWH~1.EXE - Deleted
    C:\SEVEDC~1.EXE - Deleted
    C:\SFMECH~1.EXE - Deleted
    C:\SHJRVG~1.EXE - Deleted
    C:\SJFAGW~1.EXE - Deleted
    C:\SNACNO~1.EXE - Deleted
    C:\SOCYZH~1.EXE - Deleted
    C:\SQLCIU~1.EXE - Deleted
    C:\SSLRWI~1.EXE - Deleted
    C:\SSZITS~1.EXE - Deleted
    C:\STLXYJ~1.EXE - Deleted
    C:\SVRHBK~1.EXE - Deleted
    C:\SWQFPB~1.EXE - Deleted
    C:\SXMJKP~1.EXE - Deleted
    C:\SYYCKV~1.EXE - Deleted
    C:\TAJHHR~1.EXE - Deleted
    C:\TBPDUO~1.EXE - Deleted
    C:\TDYSBQ~1.EXE - Deleted
    C:\TECMDB~1.EXE - Deleted
    C:\TEZONB~1.EXE - Deleted
    C:\TFHFPK~1.EXE - Deleted
    C:\TFJRRL~1.EXE - Deleted
    C:\TGCYND~1.EXE - Deleted
    C:\TGVZEV~1.EXE - Deleted
    C:\THOKHX~1.EXE - Deleted
    C:\TIKDWU~1.EXE - Deleted
    C:\TIUUTT~1.EXE - Deleted
    C:\TJLUHP~1.EXE - Deleted
    C:\TKIXNG~1.EXE - Deleted
    C:\TLBILC~1.EXE - Deleted
    C:\TNSLHZ~1.EXE - Deleted
    C:\TNSUFE~1.EXE - Deleted
    C:\TORILY~1.EXE - Deleted
    C:\TQEFBE~1.EXE - Deleted
    C:\TQMUPV~1.EXE - Deleted
    C:\TRCOPF~1.EXE - Deleted
    C:\TRUUFZ~1.EXE - Deleted
    C:\TRWBGG~1.EXE - Deleted
    C:\TRYKYU~1.EXE - Deleted
    C:\TTNJDU~1.EXE - Deleted
    C:\TUGGUC~1.EXE - Deleted
    C:\TUIHHB~1.EXE - Deleted
    C:\TURZPA~1.EXE - Deleted
    C:\TVMTEW~1.EXE - Deleted
    C:\TVOQHK~1.EXE - Deleted
    C:\TVUSBN~1.EXE - Deleted
    C:\TWRSTS~1.EXE - Deleted
    C:\TWTTEC~1.EXE - Deleted
    C:\TWVBLQ~1.EXE - Deleted
    C:\TWVPOC~1.EXE - Deleted
    C:\TXJZJY~1.EXE - Deleted
    C:\TXLZXS~1.EXE - Deleted
    C:\TXUILP~1.EXE - Deleted
    C:\TYPZNB~1.EXE - Deleted
    C:\TYQBJM~1.EXE - Deleted
    C:\TZKMBC~1.EXE - Deleted
    C:\TZMYLS~1.EXE - Deleted
    C:\UAYACZ~1.EXE - Deleted
    C:\UBXPVA~1.EXE - Deleted
    C:\UCOWYC~1.EXE - Deleted
    C:\UDNFFL~1.EXE - Deleted
    C:\UEHSPU~1.EXE - Deleted
    C:\UEJTOD~1.EXE - Deleted
    C:\UEMHKH~1.EXE - Deleted
    C:\UGICDU~1.EXE - Deleted
    C:\UHSQFO~1.EXE - Deleted
    C:\UINHMN~1.EXE - Deleted
    C:\UJRMAJ~1.EXE - Deleted
    C:\UJYNTK~1.EXE - Deleted
    C:\UKNYRV~1.EXE - Deleted
    C:\UNBILZ~1.EXE - Deleted
    C:\UNELXR~1.EXE - Deleted
    C:\UNHZSM~1.EXE - Deleted
    C:\UNLYGB~1.EXE - Deleted
    C:\UNZJDJ~1.EXE - Deleted
    C:\UOODQB~1.EXE - Deleted
    C:\UPQPXX~1.EXE - Deleted
    C:\UPQRAQ~1.EXE - Deleted
    C:\UPWFFX~1.EXE - Deleted
    C:\UQHILQ~1.EXE - Deleted
    C:\USOFAQ~1.EXE - Deleted
    C:\USSAJK~1.EXE - Deleted
    C:\UTLORX~1.EXE - Deleted
    C:\UUNWGX~1.EXE - Deleted
    C:\UUUHRJ~1.EXE - Deleted
    C:\UWRESB~1.EXE - Deleted
    C:\UXVUSP~1.EXE - Deleted
    C:\UYKSWK~1.EXE - Deleted
    C:\UZBVQQ~1.EXE - Deleted
    C:\UZQNMA~1.EXE - Deleted
    C:\VADEGO~1.EXE - Deleted
    C:\VAEVFB~1.EXE - Deleted
    C:\VBKTTD~1.EXE - Deleted
    C:\VCZGOA~1.EXE - Deleted
    C:\VDQNIV~1.EXE - Deleted
    C:\VEZADI~1.EXE - Deleted
    C:\VFDMER~1.EXE - Deleted
    C:\VFJJSB~1.EXE - Deleted
    C:\VGEQFY~1.EXE - Deleted
    C:\VGJBTQ~1.EXE - Deleted
    C:\VGTDGD~1.EXE - Deleted
    C:\VHVQON~1.EXE - Deleted
    C:\VHVVWN~1.EXE - Deleted
    C:\VICGHY~1.EXE - Deleted
    C:\VIHWUM~1.EXE - Deleted
    C:\VKKWFM~1.EXE - Deleted
    C:\VLVHQY~1.EXE - Deleted
    C:\VMZENE~1.EXE - Deleted
    C:\VNHMNQ~1.EXE - Deleted
    C:\VNVFUI~1.EXE - Deleted
    C:\VOFNRX~1.EXE - Deleted
    C:\VRKGOU~1.EXE - Deleted
    C:\VSGOKS~1.EXE - Deleted
    C:\VVULHZ~1.EXE - Deleted
    C:\VWEYFO~1.EXE - Deleted
    C:\VWIIUN~1.EXE - Deleted
    C:\VWUROY~1.EXE - Deleted
    C:\VXFQFQ~1.EXE - Deleted
    C:\VXVYSI~1.EXE - Deleted
    C:\VXXXMK~1.EXE - Deleted
    C:\VZNYJC~1.EXE - Deleted
    C:\VZYUCQ~1.EXE - Deleted
    C:\WAFOUB~1.EXE - Deleted
    C:\WAJCVP~1.EXE - Deleted
    C:\WAPBUY~1.EXE - Deleted
    C:\WBEOJM~1.EXE - Deleted
    C:\WCASOV~1.EXE - Deleted
    C:\WCBXPF~1.EXE - Deleted
    C:\WCCGXO~1.EXE - Deleted
    C:\WEZBGN~1.EXE - Deleted
    C:\WGFUUV~1.EXE - Deleted
    C:\WGUXQC~1.EXE - Deleted
    C:\WIDZUR~1.EXE - Deleted
    C:\WIHZZP~1.EXE - Deleted
    C:\WIVIZJ~1.EXE - Deleted
    C:\WJYQMS~1.EXE - Deleted
    C:\WKDKLK~1.EXE - Deleted
    C:\WKDNSU~1.EXE - Deleted
    C:\WKSPBI~1.EXE - Deleted
    C:\WLGKCP~1.EXE - Deleted
    C:\WLTCZO~1.EXE - Deleted
    C:\WNNYVK~1.EXE - Deleted
    C:\WNYCYG~1.EXE - Deleted
    C:\WODEPF~1.EXE - Deleted
    C:\WOVHWP~1.EXE - Deleted
    C:\WQHEGJ~1.EXE - Deleted
    C:\WSFTYF~1.EXE - Deleted
    C:\WSWQPS~1.EXE - Deleted
    C:\WTMLPG~1.EXE - Deleted
    C:\WTVEEL~1.EXE - Deleted
    C:\WVVVYB~1.EXE - Deleted
    C:\WWAXTK~1.EXE - Deleted
    C:\WXOMQR~1.EXE - Deleted
    C:\WYRSFR~1.EXE - Deleted
    C:\WZJZRQ~1.EXE - Deleted
    C:\XCRMCJ~1.EXE - Deleted
    C:\XCTASV~1.EXE - Deleted
    C:\XCVYOL~1.EXE - Deleted
    C:\XDORSW~1.EXE - Deleted
    C:\XEZMCS~1.EXE - Deleted
    C:\XGENWJ~1.EXE - Deleted
    C:\XGWBDU~1.EXE - Deleted
    C:\XHBKNP~1.EXE - Deleted
    C:\XIMUIH~1.EXE - Deleted
    C:\XKWKHG~1.EXE - Deleted
    C:\XKWQBE~1.EXE - Deleted
    C:\XLOVJZ~1.EXE - Deleted
    C:\XLSYQQ~1.EXE - Deleted
    C:\XMIXBZ~1.EXE - Deleted
    C:\XMNTIX~1.EXE - Deleted
    C:\XNAGEJ~1.EXE - Deleted
    C:\XPVEEE~1.EXE - Deleted
    C:\XRXSDS~1.EXE - Deleted
    C:\XSNOFE~1.EXE - Deleted
    C:\XTEMZN~1.EXE - Deleted
    C:\XUVEFO~1.EXE - Deleted
    C:\XVATZB~1.EXE - Deleted
    C:\XXWDHA~1.EXE - Deleted
    C:\XZCAMI~1.EXE - Deleted
    C:\XZNAQG~1.EXE - Deleted
    C:\XZPTHT~1.EXE - Deleted
    C:\XZTNKK~1.EXE - Deleted
    C:\XZXAUO~1.EXE - Deleted
    C:\YBCIHB~1.EXE - Deleted
    C:\YBHVWQ~1.EXE - Deleted
    C:\YBTOZZ~1.EXE - Deleted
    C:\YCHEVW~1.EXE - Deleted
    C:\YDVAYT~1.EXE - Deleted
    C:\YECIFL~1.EXE - Deleted
    C:\YEGAXF~1.EXE - Deleted
    C:\YEVFUB~1.EXE - Deleted
    C:\YEVLCI~1.EXE - Deleted
    C:\YFIKRX~1.EXE - Deleted
    C:\YGDXPN~1.EXE - Deleted
    C:\YHVQEH~1.EXE - Deleted
    C:\YIACEU~1.EXE - Deleted
    C:\YIVAOE~1.EXE - Deleted
    C:\YIZYZM~1.EXE - Deleted
    C:\YKWQXW~1.EXE - Deleted
    C:\YODSEX~1.EXE - Deleted
    C:\YOJAZB~1.EXE - Deleted
    C:\YPQXEH~1.EXE - Deleted
    C:\YQBJPB~1.EXE - Deleted
    C:\YQBSWF~1.EXE - Deleted
    C:\YSFIAN~1.EXE - Deleted
    C:\YSIVDX~1.EXE - Deleted
    C:\YSWFKG~1.EXE - Deleted
    C:\YTUBEE~1.EXE - Deleted
    C:\YVPJTI~1.EXE - Deleted
    C:\YWCQRU~1.EXE - Deleted
    C:\YZIOVV~1.EXE - Deleted
    C:\ZFBQHI~1.EXE - Deleted
    C:\ZGJRUT~1.EXE - Deleted
    C:\ZHCOWS~1.EXE - Deleted
    C:\ZIGIBL~1.EXE - Deleted
    C:\ZJPVHG~1.EXE - Deleted
    C:\ZKBACY~1.EXE - Deleted
    C:\ZLKMRP~1.EXE - Deleted
    C:\ZLZMVA~1.EXE - Deleted
    C:\ZMKLIA~1.EXE - Deleted
    C:\ZNDPGF~1.EXE - Deleted
    C:\ZONULW~1.EXE - Deleted
    C:\ZPENOF~1.EXE - Deleted
    C:\ZQVEZF~1.EXE - Deleted
    C:\ZRDYPJ~1.EXE - Deleted
    C:\ZTBEJD~1.EXE - Deleted
    C:\ZUPYTF~1.EXE - Deleted
    C:\ZUVXIR~1.EXE - Deleted
    C:\ZVAGHO~1.EXE - Deleted
    C:\ZWGAXN~1.EXE - Deleted
    C:\ZYJGYR~1.EXE - Deleted
    C:\ZYSRPK~1.EXE - Deleted
    C:\ZYYQLK~1.EXE - Deleted
    C:\ZZIOGH~1.EXE - Deleted
    C:\autorun.inf - Deleted
    C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\config.cfg - Deleted
    C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\config.MSNFix - Deleted
    C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SpeedRunner.exe - Deleted
    C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SRUninstall.exe - Deleted
    C:\Documents and Settings\Administrateur\Application Data\SpeedRunner\SRUninstall.MSNFix - Deleted
    C:\Documents and Settings\Administrateur\Application Data\WinTouch\wintouch.MSNFix - Deleted
    C:\Documents and Settings\Administrateur\Application Data\WinTouch\WTUninstaller.MSNFix - Deleted
    C:\Program Files\GetModule\dicik.gz - Deleted
    C:\Program Files\GetModule\GetModule18.exe - Deleted
    C:\Program Files\GetModule\GetModule19.exe - Deleted
    C:\Program Files\GetModule\GetModule20.exe - Deleted
    C:\Program Files\GetModule\kwdik.gz - Deleted
    C:\Program Files\GetModule\sonetupd.exe - Deleted
    C:\Program Files\GetModule\zolnupdate.exe - Deleted
    C:\Program Files\GetPack\dianeadupd.exe - Deleted
    C:\Program Files\GetPack\dictame.gz - Deleted
    C:\Program Files\GetPack\GetPack18.exe - Deleted
    C:\Program Files\GetPack\GetPack19.exe - Deleted
    C:\Program Files\GetPack\GetPack20.exe - Deleted
    C:\Program Files\GetPack\trgtame.gz - Deleted
    C:\Program Files\iCheck\iCheck.exe - Deleted
    C:\Program Files\iCheck\Uninstall.exe - Deleted
    C:\Program Files\ISM\ism.exe - Deleted
    C:\Program Files\ISM\Uninstall.exe - Deleted
    C:\Program Files\JavaCore\JavaCore.MSNFix - Deleted
    C:\Program Files\JavaCore\UnInstall.MSNFix - Deleted
    C:\Program Files\mjc\mjc.exe - Deleted
    C:\Program Files\QdrPack\bostrupd.exe - Deleted
    C:\Program Files\QdrPack\QdrPack16.exe - Deleted
    C:\Program Files\QdrPack\QdrPack17.exe - Deleted
    C:\Program Files\QdrPack\wadsvupd.exe - Deleted
    C:\Program Files\Spcron\Spc.dll - Deleted
    C:\Program Files\Svconr\Svconr.exe - Deleted
    C:\Program Files\Svconr\Svconr.MSNFix - Deleted
    C:\Program Files\Temporary\InsiDERInst.MSNFix - Deleted
    C:\Program Files\Webtools\webtools.dll - Deleted
    C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.MSNFix - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa118.exe - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa119.exe - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa219.exe - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gettpa220.exe - Deleted
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ismtpa17.exe - Deleted
    C:\WINDOWS\17PHolmes1001186.exe - Deleted
    C:\WINDOWS\b128.exe - Deleted
    C:\WINDOWS\b152.exe - Deleted
    C:\WINDOWS\b155.exe - Deleted
    C:\WINDOWS\b156.exe - Deleted
    C:\WINDOWS\b157.exe - Deleted
    C:\WINDOWS\mrofinu1001186.exe - Deleted
    C:\WINDOWS\mrofinu1001186.exe.tmp - Deleted
    C:\Program Files\.autoreg - Deleted
    C:\WINDOWS\AutoUpdateWin31.dll - Deleted
    C:\WINDOWS\AutoUpdateWin32.exe - Deleted
    C:\WINDOWS\system32\wowfx.dll - Deleted



    Folder C:\Documents and Settings\Administrateur\Application Data\SpeedRunner - Removed
    Folder C:\Documents and Settings\Administrateur\Application Data\WinTouch - Removed
    Folder C:\Program Files\GetModule - Removed
    Folder C:\Program Files\GetPack - Removed
    Folder C:\Program Files\iCheck - Removed
    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\Program Files\ISM - Removed
    Folder C:\Program Files\JavaCore - Removed
    Folder C:\Program Files\mjc - Removed
    Folder C:\Program Files\QdrPack - Removed
    Folder C:\Program Files\Spcron - Removed
    Folder C:\Program Files\Svconr - Removed
    Folder C:\Program Files\Temporary - Removed
    Folder C:\Program Files\Webtools - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-29 23:15:07
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwOpenFile

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
    "khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:a6,39,eb,91,79,92,8d,53,1f,1b,fe,f2,d8,6b,1b,2b,c9,55,cd,26,ab,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:20,52,42,21,65,6e,0a,13,30,dd,51,81,2a,9d,12,2f,ba,92,8a,5d,46,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:c2,8c,dd,c2,af,bb,06,00,63,dc,6e,3b,a6,3b,0e,92,03,88,39,41,14,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:3d,52,d5,a5,23,74,b5,bd,19,92,cd,9a,57,a0,6a,c4,06,65,90,55,eb,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
    "khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:6a,9c,6f,95,8c,93,9e,c4,11,84,a4,a9,e6,6e,a1,e9,01,01,b1,e0,6f,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:20,c3,36,3f,e8,e6,a7,81,eb,73,8e,3f,be,37,97,df,9d,e5,b1,26,5d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:c2,8c,dd,c2,af,bb,06,00,63,dc,6e,3b,a6,3b,0e,92,03,88,39,41,14,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:3d,52,d5,a5,23,74,b5,bd,19,92,cd,9a,57,a0,6a,c4,06,65,90,55,eb,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
    "khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:c5,15,d8,6d,83,b0,cb,0b,e6,ac,53,4c,9a,0f,cf,b9,29,af,26,c8,1d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:a3,5d,b6,49,10,0c,9b,65,4e,20,73,7e,26,09,c8,96,15,da,82,79,50,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:51,d3,bf,81,47,67,04,a9,0a,7a,ef,bb,de,c9,86,57,83,ec,de,24,5d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:92,0d,fe,02,6a,62,80,d6,03,8e,57,03,3b,58,9f,d9,c1,27,7c,5f,ec,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
    "khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:4e,d9,79,a4,9e,6d,6f,89,53,60,c6,b3,65,9a,90,7f,93,c5,8d,5f,72,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:4f,27,2a,f0,05,29,d5,b3,34,31,4c,f6,50,35,33,b3,43,af,e9,5c,9b,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:51,d3,bf,81,47,67,04,a9,0a,7a,ef,bb,de,c9,86,57,83,ec,de,24,5d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:92,0d,fe,02,6a,62,80,d6,03,8e,57,03,3b,58,9f,d9,c1,27,7c,5f,ec,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:fc,90,09,11,24,15,f6,e9,50,6d,e2,29,0d,2c,5b,60,f9,72,05,59,f1,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e6,0e,01,93,bf,2c,ee,a0,42,33,b7,a1,76,b0,f6,8c,88,..
    "khjeh"=hex:c6,ec,89,b0,80,6c,37,05,70,f4,84,22,52,ec,e7,2a,2e,a3,9a,f4,32,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:4e,d9,79,a4,9e,6d,6f,89,53,60,c6,b3,65,9a,90,7f,93,c5,8d,5f,72,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:4f,27,2a,f0,05,29,d5,b3,34,31,4c,f6,50,35,33,b3,43,af,e9,5c,9b,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
    "khjeh"=hex:51,d3,bf,81,47,67,04,a9,0a,7a,ef,bb,de,c9,86,57,83,ec,de,24,5d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
    "khjeh"=hex:92,0d,fe,02,6a,62,80,d6,03,8e,57,03,3b,58,9f,d9,c1,27,7c,5f,ec,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:D isabled:Windows Live Call"
    "C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\WINDOWS\\system32\\vbfodkshc.exe"="C:\\WINDOWS\\system32\\vbfodkshc.exe:*:Enabled:Log System"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :

    C:\WINDOWS\mrofinu1001186.exe Found

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Fri 13 Jun 2008 87,552 A.SHR --- "C:\aqnhkupua.exe"
    Wed 13 Jun 2007 87,552 A.SHR --- "C:\austvekws.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\bmehupqdv.exe"
    Wed 13 Jun 2007 87,552 A.SHR --- "C:\fkjqsenjv.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\fnxekmrhq.exe"
    Wed 13 Jun 2007 87,552 A.SHR --- "C:\izlxwycqu.exe"
    Wed 13 Jun 2007 87,552 A.SHR --- "C:\kefgsvkax.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\linsmdakf.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\mitnlygip.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\noqxuuycu.exe"
    Wed 13 Jun 2007 87,552 ...H. --- "C:\ntqxvrfhk.exe"
    Wed 13 Jun 2007 87,552 A.SHR --- "C:\nvmjljceg.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\ogiqwaxbd.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\ojcwbnwks.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\qmlpxekdd.exe"
    Sat 14 Jun 2008 87,552 A.SHR --- "C:\qoepuqjpp.exe"
    Sat 14 Jun 2008 87,552 A.SHR --- "C:\qxtvqsygc.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\sxplhpjjc.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\tmtsohicx.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\trsmyoqpe.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\udpwolusm.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\vcocroqgh.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\vdvjcytca.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\vwopajxnq.exe"
    Wed 13 Jun 2007 87,552 A.SHR --- "C:\wubeuplfl.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\ysfjlogmo.exe"
    Fri 13 Jun 2008 87,552 A.SHR --- "C:\ywinmulpn.exe"
    Wed 13 Jun 2007 87,552 A.SHR --- "C:\zedsgsusr.exe"
    Sat 14 Jun 2008 87,552 A.SHR --- "C:\zlluflzog.exe"
    Sat 14 Jun 2008 87,552 A.SHR --- "C:\znvlxptss.exe"
    Fri 14 Dec 2007 1,578,312 ...H. --- "C:\Program Files\Travelogue 360 Paris\TraveLogue-Paris.exe"
    Wed 16 Apr 2008 78,848 ..SHR --- "C:\Program Files\T?sks\spoolsv.exe"
    Thu 29 May 2008 230,400 ..SHR --- "C:\WINDOWS\F?nts\??plorer.exe"
    Wed 13 Jun 2007 87,552 ..SHR --- "C:\WINDOWS\system32\vbfodkshc.exe"
    Thu 24 May 2007 39,873,867 A..H. --- "C:\Documents and Settings\Administrateur\Mes documents\~WRL0003.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITE.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT11.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT15.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITD.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT12.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BITF.tmp"
    Wed 23 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT19.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT14.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT10.tmp"
    Sat 22 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT13.tmp"
    Fri 7 Sep 2007 2,325 ...HR --- "C:\Documents and Settings\Administrateur\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!

    ****************************************************


    Puis le main.txt de Dss






    Deckard's System Scanner v20071014.68
    Run by Administrateur on 2008-07-29 23:26:20
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------



    -- Last 1 Restore Point(s) --
    1: 2008-07-29 21:21:33 UTC - RP316 - Deckard's System Scanner Restore Point


    Backed up registry hives.
    Performed disk cleanup.

    System Drive C: has 1.04 GiB (less than 15%) free.


    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-07-29 23:28:50
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\vbfodkshc.exe
    C:\Program Files\Mojicon\Mojicon\mojiim.exe
    C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\mrofinu1001186.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\T?sks\spoolsv.exe
    C:\WINDOWS\F?nts\??plorer.exe
    C:\Program Files\AdVantage\AdVantage.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Antipub\antipub.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
    O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
    O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
    O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
    O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
    O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
    O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
    O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
    O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_bigcityadventuresa/onl...
    O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_dinerdashfloontheg/onl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    --
    End of file - 8498 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 UNPR - c:\windows\system32\unpr.sys
    R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>

    S0 d344bus - c:\windows\system32\drivers\d344bus.sys
    S0 d344prt - c:\windows\system32\drivers\d344prt.sys
    S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
    S3 GMSIPCI - d:\install\gmsipci.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>

    S3 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: PnP BIOS Extension
    Device ID: ROOT\SYSTEM\0003
    Manufacturer: (Standard system devices)
    Name: PnP BIOS Extension
    PNP Device ID: ROOT\SYSTEM\0003
    Service: d344bus


    -- Files created between 2008-06-29 and 2008-07-29 -----------------------------

    2008-07-29 23:23:10 87552 ---h---c- C:\gzpzjqult.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
    2008-07-27 15:58:53 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Sudden Games
    2008-07-24 12:53:21 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Amaranth Games
    2008-07-23 21:54:18 44544 --a------ C:\WINDOWS\mrofinu1001186.exe
    2008-07-23 05:56:58 62976 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
    2008-07-22 21:54:55 0 d-------- C:\Program Files\Antipub
    2008-07-22 21:52:57 0 d-------- C:\Program Files\FileSubmit
    2008-07-22 21:49:58 0 d-------- C:\Program Files\Mojicon
    2008-07-22 21:49:15 0 d-------- C:\Program Files\AdVantage
    2008-07-22 21:48:32 0 d-------- C:\WINDOWS\icons
    2008-07-22 21:48:23 0 d-------- C:\Program Files\Mojicon Installer
    2008-07-22 21:14:24 0 d-------- C:\WINDOWS\F?nts
    2008-07-22 21:14:13 60928 --a------ C:\WINDOWS\system32\eqv.dll
    2008-07-22 21:12:18 64852 --a------ C:\WINDOWS\system32\irdwzsmttobfcxo.exe
    2008-07-11 15:47:12 158208 --a------ C:\WINDOWS\system32\yvczvochgojsjaij.dll


    -- Find3M Report ---------------------------------------------------------------

    2008-07-29 23:03:33 0 d-------- C:\Program Files\Fichiers communs
    2008-07-29 10:18:56 0 d------c- C:\Documents and Settings\Administrateur\Application Data\PlayFirst
    2008-07-28 18:01:47 0 d-------- C:\Program Files\Outerinfo
    2008-07-24 13:10:37 0 d-------- C:\Program Files\Zylom Games
    2008-07-24 12:48:43 0 d-------- C:\Program Files\bfgclient
    2008-07-22 23:28:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Zylom
    2008-07-22 23:28:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Identities
    2008-07-22 21:49:57 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-22 21:27:11 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Adobe
    2008-07-22 21:22:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Mozilla
    2008-06-14 10:46:10 87552 -rahs--c- C:\qoepuqjpp.exe
    2008-06-14 10:01:03 87552 -rahs--c- C:\znvlxptss.exe
    2008-06-14 01:06:32 87552 -rahs--c- C:\zlluflzog.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
    2008-06-14 01:06:01 87552 -rahs--c- C:\qxtvqsygc.exe
    2008-06-13 23:49:51 87552 -rahs--c- C:\udpwolusm.exe
    2008-06-13 23:45:37 87552 -rahs--c- C:\mitnlygip.exe
    2008-06-13 22:17:32 87552 -rahs--c- C:\ojcwbnwks.exe
    2008-06-13 21:35:19 87552 -rahs--c- C:\vdvjcytca.exe
    2008-06-13 21:30:46 87552 -rahs--c- C:\ysfjlogmo.exe
    2008-06-13 21:26:47 87552 -rahs--c- C:\vcocroqgh.exe
    2008-06-13 21:06:35 87552 -rahs--c- C:\noqxuuycu.exe
    2008-06-13 20:56:41 87552 -rahs--c- C:\trsmyoqpe.exe
    2008-06-13 20:49:09 87552 -rahs--c- C:\tmtsohicx.exe
    2008-06-13 18:49:48 87552 -rahs--c- C:\bmehupqdv.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
    2008-06-13 18:48:13 87552 -rahs--c- C:\vwopajxnq.exe
    2008-06-13 18:17:36 87552 -rahs--c- C:\sxplhpjjc.exe
    2008-06-13 17:17:31 87552 -rahs--c- C:\linsmdakf.exe
    2008-06-13 17:10:19 87552 -rahs--c- C:\qmlpxekdd.exe
    2008-06-13 10:43:38 87552 -rahs--c- C:\ywinmulpn.exe
    2008-06-13 10:26:49 87552 -rahs--c- C:\fnxekmrhq.exe
    2008-06-13 10:14:46 87552 -rahs--c- C:\ogiqwaxbd.exe
    2008-06-13 10:09:42 87552 -rahs--c- C:\aqnhkupua.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad99cf64-ff59-9e30-3cae-5b7a705e14b9}]
    11/07/2008 15:47 158208 --a------ C:\WINDOWS\system32\yvczvochgojsjaij.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D930EF6E-24F1-0F20-FF4D-71A2E0E918B0}]
    29/05/2008 20:34 60928 --a------ C:\WINDOWS\system32\eqv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 13:26]
    "nwiz"="nwiz.exe" []
    "SW20"="C:\WINDOWS\system32\sw20.exe" []
    "SW24"="C:\WINDOWS\system32\sw24.exe" []
    "SoundMan"="SOUNDMAN.EXE" [27/03/2003 16:34 C:\WINDOWS\SOUNDMAN.EXE]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 16:57]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [18/03/2005 09:47]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [19/04/2007 13:26]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08/11/2007 14:00]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [21/08/2007 17:22]
    "Log System"="C:\WINDOWS\system32\vbfodkshc.exe" [13/06/2007 15:22]
    "mojiim"="C:\Program Files\Mojicon\Mojicon\mojiim.exe" [08/08/2007 15:59]
    "mojioutlook"="regsvr32 C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" []
    "mojiexpress"="regsvr32 C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" []
    "mojiwin"="C:\Program Files\Mojicon\Mojicon\mojiwin.exe" [28/11/2007 20:13]
    "mojiversion"="C:\Program Files\Mojicon\Mojicon\mojiversion.exe" [31/01/2008 11:30]
    "{d4bfaa67-4026-014f-5674-02bc612d9a51}"="C:\WINDOWS\system32\yvczvochgojsjaij.dll" [11/07/2008 15:47]
    "runner1"="C:\WINDOWS\mrofinu1001186.exe" [29/07/2008 23:24]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:54]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" []
    "Veoh"="J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [30/01/2008 13:55]
    "Seno"="C:\PROGRA~1\TSKS~1\spoolsv.exe" [16/04/2008 21:39]
    "Gashrv"="C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe" []
    "Hae"="C:\WINDOWS\F?nts\??plorer.exe" []
    "AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [14/07/2008 11:52]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "mjc"=C:\Program Files\mjc\mjc.exe

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe [23/03/2003 20:38:22]
    BoontyBox VNUnet.lnk - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe [06/11/2007 21:55:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=1 (0x1)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bd8f9c-0602-11dc-b33b-000feaa950fc}]
    AutoRun\command- K:\setup.exe




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 NtKrnlpa.info


    -- End of Deckard's System Scanner: finished at 2008-07-29 23:30:55 ------------

    **************************************************


    Extra.txt


    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professionnel (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: AMD Sempron(tm) 2600+
    Percentage of Memory in Use: 50%
    Physical Memory (total/avail): 767.48 MiB / 383.33 MiB
    Pagefile Memory (total/avail): 1876.2 MiB / 1580.14 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1931.25 MiB

    C: is Fixed (NTFS) - 9.77 GiB total, 1.03 GiB free.
    D: is CDROM (No Media)
    E: is CDROM (No Media)
    F: is Removable (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Fixed (NTFS) - 64.76 GiB total, 28.21 GiB free.
    K: is CDROM (UDF)
    L: is CDROM (CDFS)
    M: is CDROM (No Media)
    N: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD800BB-00JHA0 - 74.53 GiB - 2 partitions
    \PARTITION0 (bootable) - Système de fichiers installable - 9.77 GiB - C:
    \PARTITION1 - Système de fichiers installable - 64.76 GiB - J:

    \\.\PHYSICALDRIVE1 - IC USB Storage-CFC USB Device

    \\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device

    \\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device

    \\.\PHYSICALDRIVE2 - IC USB Storage-SMC USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.

    AV: Avira AntiVir PersonalEdition v 7.0.0.188
    (Avira GmbH) Disabled Outdated

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:D isabled:Windows Live Call"
    "C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*:Enabled:kavupd"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\WINDOWS\\system32\\vbfodkshc.exe"="C:\\WINDOWS\\system32\\vbfodkshc.exe:*:Enabled:Log System"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Administrateur\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=DIDY
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DEVMGR_SHOW_DETAILS=1
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Administrateur
    LOGONSERVER=\\DIDY
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0801
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=DIDY
    USERNAME=Administrateur
    USERPROFILE=C:\Documents and Settings\Administrateur
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Administrateur (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> MsiExec /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
    --> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    18 Wheels of Steel Pedal to the Metal --> J:\Program Files\18 WoS Pedal to the Metal\uninst.exe
    181985 --> MsiExec.exe /X{29E1FBA5-C4D3-43DE-B04C-4CEB8593A899}
    Abra Academy: Returning Cast --> "J:\Program Files\Abra Academy Returning Cast\Uninstall.exe"
    Ad-aware SE - Traduction FR --> C:\Program Files\Lavasoft\Ad-Aware SE Professional\uninst-trad.exe
    Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 6.0.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    AdVantage --> MsiExec.exe /X{B63C1E49-2E0E-406B-BD8A-C703E4263E0A}
    AGEIA PhysX v6.10.25 --> MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
    Anti-Pub 2003.03 --> "C:\Program Files\Antipub\unins000.exe"
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE
    Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
    Big Island Blends --> J:\Program Files\PLAYFI~1\BIGISL~1\UNWISE.EXE J:\Program Files\PLAYFI~1\BIGISL~1\INSTALL.LOG
    BoontyBox 2.1 --> "C:\WINDOWS\unins000.exe"
    BSPlayer --> "j:\Program Files\Webteh\BSplayer\uninstall.exe"
    Building & Co --> J:\Program Files\Elektrogames\Building&Co\uninstall.exe
    Burger Rush --> J:\Program Files\GAMEHO~1\BURGER~1\UNWISE.EXE /U J:\Program Files\GAMEHO~1\BURGER~1\INSTALL.LOG
    Cake Mania 2 --> J:\Program Files\PLAYFI~1\CAKEMA~1\UNWISE.EXE J:\Program Files\PLAYFI~1\CAKEMA~1\INSTALL.LOG
    Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi040c.dll"
    Canon Utilities Easy-LayoutPrint --> J:\Program Files\uninst.exe uninst.ini
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    CDPoker --> "C:\Poker\CDPoker\_SetupPoker.exe" /uninstall
    CEP - Color Enable Package --> "J:\Program Files\EA GAMES\zCEP_Uninstaller\unins000.exe"
    Chromadrome 2 --> "C:\Program Files\Gamenext\Chromadrome 2\Uninstall.exe" "C:\Program Files\Gamenext\Chromadrome 2\install.log"
    Coffee Rush --> "J:\Program Files\Coffee Rush\Uninstall.exe"
    Construction - Destruction --> C:\PROGRA~1\FICHIE~1\InstallShield\Driver\7\INTEL3~1\IDriver.exe /M{9C488DA2-01C0-47A4-A4C9-7A1F82B819D9}
    Construction Destruction --> J:\Program Files\Valusoft\CONSTR~2\UNWISE.EXE J:\Program Files\Valusoft\CONSTR~2\INSTALL.LOG
    Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Cribbage Quest fr --> "C:\Program Files\BoontyGames\Cribbage Quest\unins000.exe"
    Daycare Nightmare --> J:\Program Files\PLAYFI~1\DAYCAR~1\UNWISE.EXE J:\Program Files\PLAYFI~1\DAYCAR~1\INSTALL.LOG
    Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
    DivX Content Uploader --> J:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Web Player --> J:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
    Enhancement Browser Tools Bannerstyle --> C:\WINDOWS\system32\irdwzsmttobfcxo.exe
    Europa Casino --> "C:\Casino\Europa Casino\_SetupCasino.exe" /uninstall
    Fashion Dash --> "J:\Program Files\Fashion Dash\Uninstall.exe"
    Generic USB Card Reader Driver v1.9e3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v1.9e3\irunin.ini"
    Golden Hearts Juice Bar --> "C:\My Games\un_Golden Hearts Juice Bar _35701.exe"
    Hidden Expedition Titanic --> "C:\Program Files\MSN Games\Hidden Expedition Titanic\Uninstall.exe" "C:\Program Files\MSN Games\Hidden Expedition Titanic\install.log"
    HijackThis 1.99.1 --> C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\HijackThis.exe /uninstall
    InterCasino France --> C:\WINDOWS\system32\UnCasinoV5_FRA.exe InterCasinoV8FRA
    Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Les Sims 2 --> J:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
    Les Sims 2 : Nuits de Folie --> J:\Program Files\EA GAMES\Les Sims 2 Nuits de Folie\EAUninstall.exe
    Les Sims 2 Fun en Famille Kit --> J:\Program Files\EA GAMES\Les Sims 2 F
    30 Juillet 2008 13:48:25

    Re,

    Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux lorsque tu seras en mode sans échec.

    Ton infection utilise le social engineering comme vecteur de propagation.
    Pour en savoir plus sur les infections se propageant via MSN, clique **ICI**.

    Télécharge MSNFix (de !aur3n7) sur ton Bureau :

    Dézippe-le sur C:\ et redémarre en mode sans échec :
    Redémarre l'ordinateur et dès qu'il commence à charger appuie continuellement sur la touche F8. Un menu devrait apparaitre où tu auras la possibilité de choisir le mode sans échec.

    Note 1 : Si tu es sous Windows Vista, fais un clic droit sur le programme et choisis Exécuter en tant qu'Administrateur.

  • Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat (L’extension bat peut ne pas apparaître).
  • Exécute l'option R.
  • Si l'infection est détectée, presse une touche pour lancer le nettoyage (N).
  • Si tu dois redémarrer l’ordinateur fais le manuellement.
  • Poste le rapport situé dans le dossier MSNFix.

    Note 2 :
    Le nom du rapport correspond à l'heure de sa création : date_heure.log

    Note 3 : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci.

    Aide : Comment utiliser MSNFix.

    ;) 
    30 Juillet 2008 21:06:20

    re,

    voici le rapport de MSNFix:

    MSNFix 1.736

    C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\MSNFix
    Fix exécuté le 30/07/2008 - 20:52:23,56 By Administrateur
    mode sans échec

    ************************ Recherche les fichiers présents

    ... C:\autorun.inf
    ... C:\Autorun.inf
    ... C:\WINDOWS\mrofinu*.exe
    ... C:\WINDOWS\mrofinu*.exe.tmp

    ************************ Recherche les dossiers présents

    ... C:\Program Files\outerinfo\




    ************************ Suppression des fichiers

    /!\ ... C:\autorun.inf
    /!\ ... C:\Autorun.inf
    /!\ ... C:\WINDOWS\mrofinu*.exe
    /!\ ... C:\WINDOWS\mrofinu*.exe.tmp


    ************************ Suppression des dossiers

    /!\ ... C:\Program Files\outerinfo\


    ************************ Nettoyage du registre



    Les fichiers encore présents seront supprimés au prochain redémarrage


    ************************ Suppression des fichiers

    .. OK ... C:\autorun.inf
    .. OK ... C:\Autorun.inf
    .. OK ... C:\WINDOWS\mrofinu*.exe
    .. OK ... C:\WINDOWS\mrofinu*.exe.tmp



    ************************ Fichiers suspects

    Aucun Fichier trouvé


    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 30072008_20565748.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = C:\WINDOWS\system32\userinit.exe,

    Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-aler...


    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------




    voilà,

    sinon, je pense que le PC a un soucis de carte graphique car ma copine ne voit plus les personnages quand elle joue aux SIMS2. Si tu ne vois rien dans les rapports, je tenterai de réinstaller les drivers.

    A part ça, j'ai l'impression que le PC va beaucoup mieux. Toujours un message d'erreur d'ANTIVIR et encore quelques pubs intempestives qui s'ouvrent.

    merci en tout cas,
    30 Juillet 2008 21:08:17

    Re,

    On continue, il en reste ;) 

    Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
    NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    30 Juillet 2008 22:39:53

    alors, comme dirait l'autre, c'est chelou.

    il m'a pas sorti de fichier extra, j'ai que le main.
    j'ai voulu refaire la manip et il m'a embêté avec le chargement d'hijackthis, bien que je lui montre où il était installé. enfin, par miracle, la manip a pu reprendre. Mais là encore, que le main.


    donc le voici, suivit d'un hijackthis:


    Deckard's System Scanner v20071014.68
    Run by Administrateur on 2008-07-30 22:23:29
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    System Drive C: has 1.01 GiB (less than 15%) free.


    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-07-30 22:26:28
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\vbfodkshc.exe
    C:\Program Files\Mojicon\Mojicon\mojiim.exe
    C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\T?sks\spoolsv.exe
    C:\WINDOWS\F?nts\??plorer.exe
    C:\Program Files\AdVantage\AdVantage.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Antipub\antipub.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBoxEngine.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\Documents and Settings\Administrateur\Mes documents\Mes fichiers reçus\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
    O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
    O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
    O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
    O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
    O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
    O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
    O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O15 - ProtocolDefaults: Unknown 'about' protocol is in Restricted Zone (HKLM)
    O15 - ProtocolDefaults: Unknown 'about:' protocol is in Restricted Zone (HKLM)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_bigcityadventuresa/onl...
    O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_dinerdashfloontheg/onl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    --
    End of file - 8512 bytes

    -- Files created between 2008-06-30 and 2008-07-30 -----------------------------

    2008-07-30 22:05:57 54272 --a------ C:\WINDOWS\17PHolmes1001186.exe
    2008-07-30 20:57:40 87552 ---h---c- C:\orfecvpbb.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
    2008-07-30 06:33:38 54272 --a------ C:\WINDOWS\mrofinu1001186.exe
    2008-07-29 23:32:35 0 d-------- C:\Program Files\Trend Micro
    2008-07-27 15:58:53 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Sudden Games
    2008-07-24 12:53:21 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Amaranth Games
    2008-07-23 05:56:58 62976 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
    2008-07-22 21:54:55 0 d-------- C:\Program Files\Antipub
    2008-07-22 21:52:57 0 d-------- C:\Program Files\FileSubmit
    2008-07-22 21:49:58 0 d-------- C:\Program Files\Mojicon
    2008-07-22 21:49:15 0 d-------- C:\Program Files\AdVantage
    2008-07-22 21:48:32 0 d-------- C:\WINDOWS\icons
    2008-07-22 21:48:23 0 d-------- C:\Program Files\Mojicon Installer
    2008-07-22 21:14:24 0 d-------- C:\WINDOWS\F?nts
    2008-07-22 21:14:13 60928 --a------ C:\WINDOWS\system32\eqv.dll
    2008-07-22 21:12:18 64852 --a------ C:\WINDOWS\system32\irdwzsmttobfcxo.exe
    2008-07-11 15:47:12 158208 --a------ C:\WINDOWS\system32\yvczvochgojsjaij.dll


    -- Find3M Report ---------------------------------------------------------------

    2008-07-29 23:03:33 0 d-------- C:\Program Files\Fichiers communs
    2008-07-29 10:18:56 0 d------c- C:\Documents and Settings\Administrateur\Application Data\PlayFirst
    2008-07-28 18:01:47 0 d-------- C:\Program Files\Outerinfo
    2008-07-24 13:10:37 0 d-------- C:\Program Files\Zylom Games
    2008-07-24 12:48:43 0 d-------- C:\Program Files\bfgclient
    2008-07-22 23:28:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Zylom
    2008-07-22 23:28:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Identities
    2008-07-22 21:49:57 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-07-22 21:27:11 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Adobe
    2008-07-22 21:22:52 0 d------c- C:\Documents and Settings\Administrateur\Application Data\Mozilla
    2008-06-14 10:46:10 87552 -rahs--c- C:\qoepuqjpp.exe
    2008-06-14 10:01:03 87552 -rahs--c- C:\znvlxptss.exe
    2008-06-14 01:06:32 87552 -rahs--c- C:\zlluflzog.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
    2008-06-14 01:06:01 87552 -rahs--c- C:\qxtvqsygc.exe
    2008-06-13 23:49:51 87552 -rahs--c- C:\udpwolusm.exe
    2008-06-13 23:45:37 87552 -rahs--c- C:\mitnlygip.exe
    2008-06-13 22:17:32 87552 -rahs--c- C:\ojcwbnwks.exe
    2008-06-13 21:35:19 87552 -rahs--c- C:\vdvjcytca.exe
    2008-06-13 21:30:46 87552 -rahs--c- C:\ysfjlogmo.exe
    2008-06-13 21:26:47 87552 -rahs--c- C:\vcocroqgh.exe
    2008-06-13 21:06:35 87552 -rahs--c- C:\noqxuuycu.exe
    2008-06-13 20:56:41 87552 -rahs--c- C:\trsmyoqpe.exe
    2008-06-13 20:49:09 87552 -rahs--c- C:\tmtsohicx.exe
    2008-06-13 18:49:48 87552 -rahs--c- C:\bmehupqdv.exe <Not Verified; Microsoft Corporation; InstallShield® Installer>
    2008-06-13 18:48:13 87552 -rahs--c- C:\vwopajxnq.exe
    2008-06-13 18:17:36 87552 -rahs--c- C:\sxplhpjjc.exe
    2008-06-13 17:17:31 87552 -rahs--c- C:\linsmdakf.exe
    2008-06-13 17:10:19 87552 -rahs--c- C:\qmlpxekdd.exe
    2008-06-13 10:43:38 87552 -rahs--c- C:\ywinmulpn.exe
    2008-06-13 10:26:49 87552 -rahs--c- C:\fnxekmrhq.exe
    2008-06-13 10:14:46 87552 -rahs--c- C:\ogiqwaxbd.exe
    2008-06-13 10:09:42 87552 -rahs--c- C:\aqnhkupua.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad99cf64-ff59-9e30-3cae-5b7a705e14b9}]
    11/07/2008 15:47 158208 --a------ C:\WINDOWS\system32\yvczvochgojsjaij.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D930EF6E-24F1-0F20-FF4D-71A2E0E918B0}]
    29/05/2008 20:34 60928 --a------ C:\WINDOWS\system32\eqv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 13:26]
    "nwiz"="nwiz.exe" []
    "SW20"="C:\WINDOWS\system32\sw20.exe" []
    "SW24"="C:\WINDOWS\system32\sw24.exe" []
    "SoundMan"="SOUNDMAN.EXE" [27/03/2003 16:34 C:\WINDOWS\SOUNDMAN.EXE]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [10/12/2005 16:57]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [18/03/2005 09:47]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [19/04/2007 13:26]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08/11/2007 14:00]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [21/08/2007 17:22]
    "Log System"="C:\WINDOWS\system32\vbfodkshc.exe" [13/06/2007 15:22]
    "mojiim"="C:\Program Files\Mojicon\Mojicon\mojiim.exe" [08/08/2007 15:59]
    "mojioutlook"="regsvr32 C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" []
    "mojiexpress"="regsvr32 C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" []
    "mojiwin"="C:\Program Files\Mojicon\Mojicon\mojiwin.exe" [28/11/2007 20:13]
    "mojiversion"="C:\Program Files\Mojicon\Mojicon\mojiversion.exe" [31/01/2008 11:30]
    "{d4bfaa67-4026-014f-5674-02bc612d9a51}"="C:\WINDOWS\system32\yvczvochgojsjaij.dll" [11/07/2008 15:47]
    "runner1"="C:\WINDOWS\mrofinu1001186.exe" [30/07/2008 21:17]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:55]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 02:54]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" []
    "Veoh"="J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [30/01/2008 13:55]
    "Seno"="C:\PROGRA~1\TSKS~1\spoolsv.exe" [16/04/2008 21:39]
    "Gashrv"="C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe" []
    "Hae"="C:\WINDOWS\F?nts\??plorer.exe" []
    "AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [14/07/2008 11:52]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "mjc"=C:\Program Files\mjc\mjc.exe

    C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Anti-Pub.lnk - C:\Program Files\Antipub\antipub.exe [23/03/2003 20:38:22]
    BoontyBox VNUnet.lnk - C:\Program Files\Boonty\BoontyBox\BoontyBox.exe [06/11/2007 21:55:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=1 (0x1)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bd8f9c-0602-11dc-b33b-000feaa950fc}]
    AutoRun\command- K:\setup.exe




    -- End of Deckard's System Scanner: finished at 2008-07-30 22:28:42 ------------





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:30, on 30/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\vbfodkshc.exe
    C:\Program Files\Mojicon\Mojicon\mojiim.exe
    C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    J:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\PROGRA~1\TSKS~1\spoolsv.exe
    C:\WINDOWS\F?nts\??plorer.exe
    C:\Program Files\AdVantage\AdVantage.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Antipub\antipub.exe
    C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\WINDOWS\17PHolmes1001186.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
    O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
    O4 - HKLM\..\Run: [mojiim] C:\Program Files\Mojicon\Mojicon\mojiim.exe
    O4 - HKLM\..\Run: [mojioutlook] regsvr32 "C:\Program Files\Mojicon\Mojicon\mojioutlook.dll" -s
    O4 - HKLM\..\Run: [mojiexpress] regsvr32 "C:\Program Files\Mojicon\Mojicon\Express\mojiexpress.dll" -s
    O4 - HKLM\..\Run: [mojiwin] C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O4 - HKLM\..\Run: [mojiversion] C:\Program Files\Mojicon\Mojicon\mojiversion.exe
    O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [Veoh] "J:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
    O4 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
    O4 - HKCU\..\Run: [Hae] C:\WINDOWS\F?nts\??plorer.exe
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Default user')
    O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
    O4 - Startup: BoontyBox VNUnet.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: Mojicon Dispenser - {3B3628FF-E084-47ef-8797-FA36FC2571EA} - C:\Program Files\Mojicon\Mojicon\mojiwin.exe
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
    O9 - Extra button: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: InterCasino France - {30C66393-FEF3-4758-BA00-803E3ABC88A2} - C:\Documents and Settings\Administrateur\Bureau\InterCasino France.lnk (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_bigcityadventuresa/onl...
    O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_dinerdashfloontheg/onl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7448 bytes


    voili voilou
    31 Juillet 2008 14:40:04

    :hello:  Bonjour,

    1) --> Télécharger OTMoveIt2 par OldTimer.
    Enregistrer ce fichier sur le Bureau.

    --> Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Installe-le et fais la mise à jour.

    --> Téléchargez ATF Cleaner sur votre Bureau.

    2) Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier
    @echo off & cls
    sc config "Boonty Games" start= disabled
    sc stop "Boonty Games"
    sc delete "Boonty Games"
    dir C:\WINDOWS\F?nts /a h >> files.txt
    dir C:\Documents and Settings\Administrateur\Mes documents\??pPatch /a h >> files.txt
    notepad files.txt

    Puis , menu Démarrer / Executer , tape cmd et valide par OK
    Fais un clique droit dans la fenêtre noire et choisis Coller
    il va sortir un rapport , poste le ici

    3) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :

    Citation :
    O2 - BHO: bannerstyle browser optimizer - {ad99cf64-ff59-9e30-3cae-5b7a705e14b9} - C:\WINDOWS\system32\yvczvochgojsjaij.dll
    O2 - BHO: (no name) - {D930EF6E-24F1-0F20-FF4D-71A2E0E918B0} - C:\WINDOWS\system32\eqv.dll
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\vbfodkshc.exe
    O4 - HKLM\..\Run: [{d4bfaa67-4026-014f-5674-02bc612d9a51}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\yvczvochgojsjaij.dll" DllStart
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKCU\..\Run: [Seno] "C:\PROGRA~1\TSKS~1\spoolsv.exe" -vt yazb
    04 - HKCU\..\Run: [Gashrv] "C:\Documents and Settings\Administrateur\Mes documents\??pPatch\??erinit.exe"
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Default user')
    O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/fr_b [...] Player.cab
    O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://games.bigfishgames.com/fr_d [...] 0.0.33.cab
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe


    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.

    4) Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

    5) Désinstalle les programmes suivants ( si présents ) via ajout/suppression de programmes du panneau de configuration ( menu démarrer > panneau de configuration ) :

    AdVantage
    mjc
    Boonty Games


    6) Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    [kill explorer]
    C:\WINDOWS\17PHolmes1001186.exe
    C:\WINDOWS\mrofinu1001186.exe
    C:\orfecvpbb.exe
    C:\WINDOWS\system32\eqv.dll
    C:\WINDOWS\system32\irdwzsmttobfcxo.exe
    C:\WINDOWS\system32\yvczvochgojsjaij.dll
    C:\Program Files\Outerinfo
    C:\Program Files\Zylom Games
    C:\Documents and Settings\Administrateur\Application Data\Zylom
    C:\qoepuqjpp.exe
    C:\znvlxptss.exe
    C:\zlluflzog.exe
    C:\qxtvqsygc.exe
    C:\udpwolusm.exe
    C:\mitnlygip.exe
    C:\ojcwbnwks.exe
    C:\vdvjcytca.exe
    C:\ysfjlogmo.exe
    C:\vcocroqgh.exe
    C:\noqxuuycu.exe
    C:\trsmyoqpe.exe
    C:\tmtsohicx.exe
    C:\bmehupqdv.exe
    C:\vwopajxnq.exe
    C:\sxplhpjjc.exe
    C:\linsmdakf.exe
    C:\qmlpxekdd.exe
    C:\ywinmulpn.exe
    C:\fnxekmrhq.exe
    C:\ogiqwaxbd.exe
    C:\aqnhkupua.exe
    C:\PROGRA~1\TSKS~1\spoolsv.exe
    C:\Program Files\AdVantage
    C:\Program Files\Boonty
    purity
    emptytemp
    [start explorer]

  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre jaune clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    7) Faites un double clic sur ATF-Cleaner.exe pour lancer le programme.
  • Cliquez sur Select All situé en bas de la liste.
  • Cliquez sur le bouton Empty Selected.

    Si vous utilisez le navigateur Firefox, faites aussi ceci :
  • Cliquez sur Firefox en haut et choisissez Select All dans la liste.
  • Cliquez sur le bouton Empty Selected.
  • NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.

    Si vous utilisez le navigateur Opera, faites aussi ceci :
  • Cliquez sur Opera en haut et choisissez Select All dans la liste.
  • Fermez TOUS les navigateurs Internet (très important).
  • Cliquez sur le bouton Empty Selected.
  • NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.
    Cliquez sur Exit dans le menu principal pour fermer le programme.

    8) Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    9) Merci de me poster les rapports suivants :

    - OTmoveIT2.
    - MBAM.
    - Un nouveau rapport DSS scan.
    - Le contenu du notepad de l'étape 2.

    ;) 
    2 Août 2008 00:11:19

    la manip de OTmoveIT et des progs suivant doit être faite sous mode sans échec ou bien sous win normal?

    sinon, sous mode sans échec, j'ai pas réussi à supprimer avec "ajout/suppression de programmes" le programme Advantage. Il me dit que je dois être en mode sans échec, ce que je suis pourtant (ma carte réseau est désactivée et j'suis en mode sans échec sans prise en charge du réseau, le classique quoi).

    voilà, j'en suis là.


    2 Août 2008 12:24:03

    Re,

    Citation :
    la manip de OTmoveIT et des progs suivant doit être faite sous mode sans échec ou bien sous win normal?


    En mode sans échec. Le bureau disparaîtra lors de la manip', c'est normal alors ne t'inquiète pas ;) 

    Sinon laisse tomber l'étape de suppression des programmes via le panneau de configuration, fais la manip' avec OTmoveIT2 et les suivantes.

    J'attends les rapports.

    ;) 
    3 Août 2008 17:28:13

    j'ai un soucis avec OTMoveIT.

    je copie colle le texte puis fait MOVE IT. Là, dans l'emplacement à droite y a <kill explorer>

    puis plus rien, et quand je click dans la fenêtre, j'ai ("ne réponds pas") qui arrive dans la barre d'adresse à coté du nom du programme...


    sinon, un détail, mais le PC ne s'éteint plus tout seul, j'crois que y a une manip à faire. Tout comme il ne redémarre pas tout seul. Faut le couper manuellement et le relancer.

    voilà, j'attends ton avis pour OTMoveIT

    merci
    3 Août 2008 18:19:40

    Re,

    Laisse tomber OTmoveIT2 et supprime tous les fichiers de l'encadré manuellement en mode sans échec.

    Si ça ne marche pas, on essayera autrement.

    Poste un nouveau rapport DSS scan une fois que tu auras fait les suppressions en mode sans échec.

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS