Se connecter / S'enregistrer
Votre question

BESOIN D'UN GENIE..

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Avril 2008 19:47:17

Salut à toi qui m'aidera de son mieux..

JE SOUFFRE mais..

Rentrons dans le sujet intensément !!!

impossibleee de surfer sans avoir la dizaine de pubs intempestifs qui sui derrière pour DL des antivirus.. c'est littéralement chiatique le pc est devenu une loque totale malgré la config récente !

je sais plus quoi faire j'ai donc fais un rapport Hijackthis le voici..


Merci.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:13, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Winamp\Winampa.exe
C:\DOCUME~1\Ben\LOCALS~1\Temp\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Ben\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [BMf386b3ad] Rundll32.exe "C:\WINDOWS\system32\bcuqccgb.dll",s
O4 - HKLM\..\Run: [f0b58031] rundll32.exe "C:\WINDOWS\system32\vgqlbagm.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bait dupe] C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\toolsecond.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C8F91.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qqetcwyn.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

--
End of file - 6226 bytes

Autres pages sur : besoin genie

a b 8 Sécurité
6 Avril 2008 19:50:00

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Fix Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    6 Avril 2008 20:16:54

    Merci Angeldark alors voiçi le rapport situé dans C:/vundofix.txt

    VundoFix V6.5.4

    Checking Java version...

    Scan started at 18:00:52 25/11/2007

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    VundoFix V7.0.3

    Scan started at 19:50:52 06/04/2008

    Listing files found while scanning....

    C:\Program Files\PowerISO\PWRISOSH.DLL
    C:\windows\system32\__c007A689.dat
    C:\windows\system32\__c00A6069.dat
    C:\windows\system32\__c00AE629.dat
    C:\windows\system32\__c00CE112.dat
    C:\WINDOWS\system32\agadsfiv.dll
    C:\WINDOWS\system32\akkvqrie.dll
    C:\WINDOWS\system32\aoipgwyu.dll
    C:\WINDOWS\system32\arsdpqaf.dll
    C:\windows\system32\awvts.dll
    C:\WINDOWS\system32\aygrgbea.dll
    C:\WINDOWS\system32\blbwrbnf.dll
    C:\windows\system32\cjcsrgsc.dll
    C:\WINDOWS\system32\dyaamltc.dll
    C:\windows\system32\efagcnfm.exe
    C:\WINDOWS\system32\emvvugsi.dll
    C:\windows\system32\ewjlpqxg.dll
    C:\WINDOWS\system32\fffsdnsj.dll
    C:\WINDOWS\system32\fklgjtjk.dll
    C:\WINDOWS\system32\fwkvfpsy.dll
    C:\WINDOWS\system32\fxubdwrh.dll
    C:\WINDOWS\system32\fyrjauvi.dll
    C:\windows\system32\gbjbhdpb.exe
    C:\WINDOWS\system32\gcixyifg.dll
    C:\WINDOWS\system32\gejenkeo.dll
    C:\windows\system32\ghlejoim.dll
    C:\WINDOWS\system32\gkokluoi.dll
    C:\WINDOWS\system32\gqwpsxep.dll
    C:\windows\system32\gxahcpcf.dll
    C:\WINDOWS\system32\hjnbywqi.dll
    C:\WINDOWS\system32\htcwmdbv.dll
    C:\WINDOWS\system32\ibwhxgat.dll
    C:\windows\system32\iqtebrfa.exe
    C:\windows\system32\jihawcbd.exe
    C:\WINDOWS\system32\jkcmdiua.dll
    C:\WINDOWS\system32\jqnapqom.dll
    C:\WINDOWS\system32\jwbcrllp.dll
    C:\WINDOWS\system32\jwwywhwb.dll
    C:\WINDOWS\system32\kpwixlwp.dll
    C:\WINDOWS\system32\kwtldjhx.dll
    C:\windows\system32\lgotdxxq.dll
    C:\WINDOWS\system32\lmriutcf.dll
    C:\windows\system32\lxihqlvx.dll
    C:\WINDOWS\system32\mfojgttb.dll
    C:\WINDOWS\system32\nptlypoh.dll
    C:\windows\system32\ojymylpp.exe
    C:\WINDOWS\system32\opotiqir.dll
    C:\WINDOWS\system32\ptrtkakv.dll
    C:\WINDOWS\system32\pxqcrqij.dll
    C:\windows\system32\pxxampwc.dll
    C:\windows\system32\qdmohcmc.exe
    C:\windows\system32\rojihmpm.dll
    C:\WINDOWS\system32\rqrstrq.dll
    C:\WINDOWS\system32\sduipykh.dll
    C:\windows\system32\sipufjin.exe
    C:\WINDOWS\system32\skqrhjio.dll
    C:\windows\system32\sqdulqut.exe
    C:\windows\system32\stvwa.bak1
    C:\windows\system32\stvwa.bak2
    C:\windows\system32\stvwa.ini
    C:\windows\system32\stvwa.ini2
    C:\WINDOWS\system32\svijdedv.dll
    C:\WINDOWS\system32\tltbycob.dll
    C:\WINDOWS\system32\ujeyjdly.dll
    C:\windows\system32\ujhosvby.dll
    C:\WINDOWS\system32\ullbcgxq.dll
    C:\windows\system32\vfkkxtvy.exe
    C:\windows\system32\vkuexgel.dll
    C:\WINDOWS\system32\vuqvtikt.dll
    C:\WINDOWS\system32\woowjeow.dll
    C:\WINDOWS\system32\wtjgiyry.dll
    C:\windows\system32\xbxkxsci.exe
    C:\WINDOWS\system32\xfigebdv.dll
    C:\WINDOWS\system32\xwqavpfg.dll
    C:\WINDOWS\system32\xyqrajjb.dll
    C:\windows\system32\ygbgttpk.dll
    C:\WINDOWS\system32\ypjopuce.dll
    C:\windows\system32\yptrrwok.dll
    C:\WINDOWS\system32\ytklvhla.dll
    C:\WINDOWS\system32\yvcgsibh.dll
    C:\windows\system32\zgrndloj.dllbox

    Beginning removal...

    Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
    C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!

    Attempting to delete C:\windows\system32\__c007A689.dat
    C:\windows\system32\__c007A689.dat Has been deleted!

    Attempting to delete C:\windows\system32\__c00A6069.dat
    C:\windows\system32\__c00A6069.dat Has been deleted!

    Attempting to delete C:\windows\system32\__c00AE629.dat
    C:\windows\system32\__c00AE629.dat Has been deleted!

    Attempting to delete C:\windows\system32\__c00CE112.dat
    C:\windows\system32\__c00CE112.dat Has been deleted!

    Attempting to delete C:\WINDOWS\system32\agadsfiv.dll
    C:\WINDOWS\system32\agadsfiv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\akkvqrie.dll
    C:\WINDOWS\system32\akkvqrie.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\aoipgwyu.dll
    C:\WINDOWS\system32\aoipgwyu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\arsdpqaf.dll
    C:\WINDOWS\system32\arsdpqaf.dll Has been deleted!

    Attempting to delete C:\windows\system32\awvts.dll
    C:\windows\system32\awvts.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\aygrgbea.dll
    C:\WINDOWS\system32\aygrgbea.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\blbwrbnf.dll
    C:\WINDOWS\system32\blbwrbnf.dll Has been deleted!

    Attempting to delete C:\windows\system32\cjcsrgsc.dll
    C:\windows\system32\cjcsrgsc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dyaamltc.dll
    C:\WINDOWS\system32\dyaamltc.dll Has been deleted!

    Attempting to delete C:\windows\system32\efagcnfm.exe
    C:\windows\system32\efagcnfm.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\emvvugsi.dll
    C:\WINDOWS\system32\emvvugsi.dll Has been deleted!

    Attempting to delete C:\windows\system32\ewjlpqxg.dll
    C:\windows\system32\ewjlpqxg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fffsdnsj.dll
    C:\WINDOWS\system32\fffsdnsj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fklgjtjk.dll
    C:\WINDOWS\system32\fklgjtjk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fwkvfpsy.dll
    C:\WINDOWS\system32\fwkvfpsy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fxubdwrh.dll
    C:\WINDOWS\system32\fxubdwrh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fyrjauvi.dll
    C:\WINDOWS\system32\fyrjauvi.dll Has been deleted!

    Attempting to delete C:\windows\system32\gbjbhdpb.exe
    C:\windows\system32\gbjbhdpb.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gcixyifg.dll
    C:\WINDOWS\system32\gcixyifg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gejenkeo.dll
    C:\WINDOWS\system32\gejenkeo.dll Has been deleted!

    Attempting to delete C:\windows\system32\ghlejoim.dll
    C:\windows\system32\ghlejoim.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gkokluoi.dll
    C:\WINDOWS\system32\gkokluoi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gqwpsxep.dll
    C:\WINDOWS\system32\gqwpsxep.dll Has been deleted!

    Attempting to delete C:\windows\system32\gxahcpcf.dll
    C:\windows\system32\gxahcpcf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hjnbywqi.dll
    C:\WINDOWS\system32\hjnbywqi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\htcwmdbv.dll
    C:\WINDOWS\system32\htcwmdbv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ibwhxgat.dll
    C:\WINDOWS\system32\ibwhxgat.dll Has been deleted!

    Attempting to delete C:\windows\system32\iqtebrfa.exe
    C:\windows\system32\iqtebrfa.exe Has been deleted!

    Attempting to delete C:\windows\system32\jihawcbd.exe
    C:\windows\system32\jihawcbd.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkcmdiua.dll
    C:\WINDOWS\system32\jkcmdiua.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jqnapqom.dll
    C:\WINDOWS\system32\jqnapqom.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jwbcrllp.dll
    C:\WINDOWS\system32\jwbcrllp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jwwywhwb.dll
    C:\WINDOWS\system32\jwwywhwb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kpwixlwp.dll
    C:\WINDOWS\system32\kpwixlwp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kwtldjhx.dll
    C:\WINDOWS\system32\kwtldjhx.dll Has been deleted!

    Attempting to delete C:\windows\system32\lgotdxxq.dll
    C:\windows\system32\lgotdxxq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\lmriutcf.dll
    C:\WINDOWS\system32\lmriutcf.dll Has been deleted!

    Attempting to delete C:\windows\system32\lxihqlvx.dll
    C:\windows\system32\lxihqlvx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mfojgttb.dll
    C:\WINDOWS\system32\mfojgttb.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nptlypoh.dll
    C:\WINDOWS\system32\nptlypoh.dll Has been deleted!

    Attempting to delete C:\windows\system32\ojymylpp.exe
    C:\windows\system32\ojymylpp.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opotiqir.dll
    C:\WINDOWS\system32\opotiqir.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ptrtkakv.dll
    C:\WINDOWS\system32\ptrtkakv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pxqcrqij.dll
    C:\WINDOWS\system32\pxqcrqij.dll Has been deleted!

    Attempting to delete C:\windows\system32\pxxampwc.dll
    C:\windows\system32\pxxampwc.dll Has been deleted!

    Attempting to delete C:\windows\system32\qdmohcmc.exe
    C:\windows\system32\qdmohcmc.exe Has been deleted!

    Attempting to delete C:\windows\system32\rojihmpm.dll
    C:\windows\system32\rojihmpm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqrstrq.dll
    C:\WINDOWS\system32\rqrstrq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\sduipykh.dll
    C:\WINDOWS\system32\sduipykh.dll Has been deleted!

    Attempting to delete C:\windows\system32\sipufjin.exe
    C:\windows\system32\sipufjin.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skqrhjio.dll
    C:\WINDOWS\system32\skqrhjio.dll Has been deleted!

    Attempting to delete C:\windows\system32\sqdulqut.exe
    C:\windows\system32\sqdulqut.exe Has been deleted!

    Attempting to delete C:\windows\system32\stvwa.bak1
    C:\windows\system32\stvwa.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\stvwa.bak2
    C:\windows\system32\stvwa.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\stvwa.ini
    C:\windows\system32\stvwa.ini Has been deleted!

    Attempting to delete C:\windows\system32\stvwa.ini2
    C:\windows\system32\stvwa.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\svijdedv.dll
    C:\WINDOWS\system32\svijdedv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tltbycob.dll
    C:\WINDOWS\system32\tltbycob.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ujeyjdly.dll
    C:\WINDOWS\system32\ujeyjdly.dll Has been deleted!

    Attempting to delete C:\windows\system32\ujhosvby.dll
    C:\windows\system32\ujhosvby.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ullbcgxq.dll
    C:\WINDOWS\system32\ullbcgxq.dll Has been deleted!

    Attempting to delete C:\windows\system32\vfkkxtvy.exe
    C:\windows\system32\vfkkxtvy.exe Has been deleted!

    Attempting to delete C:\windows\system32\vkuexgel.dll
    C:\windows\system32\vkuexgel.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vuqvtikt.dll
    C:\WINDOWS\system32\vuqvtikt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\woowjeow.dll
    C:\WINDOWS\system32\woowjeow.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wtjgiyry.dll
    C:\WINDOWS\system32\wtjgiyry.dll Has been deleted!

    Attempting to delete C:\windows\system32\xbxkxsci.exe
    C:\windows\system32\xbxkxsci.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xfigebdv.dll
    C:\WINDOWS\system32\xfigebdv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xwqavpfg.dll
    C:\WINDOWS\system32\xwqavpfg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xyqrajjb.dll
    C:\WINDOWS\system32\xyqrajjb.dll Has been deleted!

    Attempting to delete C:\windows\system32\ygbgttpk.dll
    C:\windows\system32\ygbgttpk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ypjopuce.dll
    C:\WINDOWS\system32\ypjopuce.dll Has been deleted!

    Attempting to delete C:\windows\system32\yptrrwok.dll
    C:\windows\system32\yptrrwok.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ytklvhla.dll
    C:\WINDOWS\system32\ytklvhla.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yvcgsibh.dll
    C:\WINDOWS\system32\yvcgsibh.dll Has been deleted!

    Attempting to delete C:\windows\system32\zgrndloj.dllbox
    C:\windows\system32\zgrndloj.dllbox Has been deleted!

    Performing Repairs to the registry.
    Done!
    Contenus similaires
    6 Avril 2008 20:17:26

    Et le nouveau Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:16:52, on 06/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscript.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\DOCUME~1\Ben\LOCALS~1\Temp\svchost.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\program files\steam\steam.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {71C49B00-FD4A-4CAD-82C5-81871B8277Bb} - C:\WINDOWS\system32\ytklvhla.dll (file missing)
    O2 - BHO: (no name) - {73CE21EF-CCDB-4434-9109-88C26C9D9569} - C:\WINDOWS\system32\ytklvhla.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {39cc7a9d-cbe0-d83a-3694-c854131aa9d9} - {9d9aa131-458c-4963-a38d-0ebcd9a7cc93} - C:\WINDOWS\system32\enduolvw.dll
    O2 - BHO: (no name) - {FA96865F-5402-4D15-B04A-C9AED590181A} - C:\WINDOWS\system32\awvts.dll (file missing)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\Ben\LOCALS~1\Temp\svchost.exe 1
    O4 - HKLM\..\Run: [f0b58031] rundll32.exe "C:\WINDOWS\system32\vgqlbagm.dll",b
    O4 - HKLM\..\Run: [BMf386b3ad] Rundll32.exe "C:\WINDOWS\system32\bcuqccgb.dll",s
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [bait dupe] C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\toolsecond.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C8F91.dat
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qqetcwyn.exe (file missing)
    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 7063 bytes
    a b 8 Sécurité
    6 Avril 2008 20:43:22

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    6 Avril 2008 21:00:38

    Re Angeldark, Voiçi le compte-rendu de Combofix :


    ComboFix 08-04-04.1 - Ben 2008-04-06 20:47:02.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1501 [GMT 2:00]
    Endroit: C:\Documents and Settings\Ben\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    ADS - svchost.exe: deleted 28162 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.bat
    C:\Autorun.inf
    C:\autorun.vbs
    C:\Documents and Settings\All Users\Application Data\salesmonitor
    C:\Documents and Settings\All Users\Application Data\storageprotector
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
    C:\Documents and Settings\Ben\Application Data\macromedia\Flash Player\#SharedObjects\JPP5SX39\iforex.com
    C:\Documents and Settings\Ben\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Ben\Application Data\storageprotector
    C:\Documents and Settings\Ben\Application Data\storageprotector\Logs\update.log
    C:\WINDOWS\BMf386b3ad.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aabictex.dll
    C:\WINDOWS\system32\aafcgxsq.dll
    C:\WINDOWS\system32\acsjdvcx.dll
    C:\WINDOWS\system32\acswbikt.dll
    C:\WINDOWS\system32\affhybsa.dll
    C:\WINDOWS\system32\afvxmdns.ini
    C:\WINDOWS\system32\agisijop.ini
    C:\WINDOWS\system32\agqityln.dll
    C:\WINDOWS\system32\ahmfsyyi.dll
    C:\WINDOWS\system32\aibomqea.dll
    C:\WINDOWS\system32\ailjpvdm.dll
    C:\WINDOWS\system32\aipympng.dll
    C:\WINDOWS\system32\ajjeirjn.ini
    C:\WINDOWS\system32\ajulykfl.dll
    C:\WINDOWS\system32\alcefjdl.dll
    C:\WINDOWS\system32\alglwdqr.exe
    C:\WINDOWS\system32\alleqigi.ini
    C:\WINDOWS\system32\alyqsbve.ini
    C:\WINDOWS\system32\aocktolo.exe
    C:\WINDOWS\system32\aplyksrl.ini
    C:\WINDOWS\system32\aqvfnmdb.dll
    C:\WINDOWS\system32\argvvhxp.dll
    C:\WINDOWS\system32\asqgjoag.dll
    C:\WINDOWS\system32\atismvcs.dll
    C:\WINDOWS\system32\atjchrco.dll
    C:\WINDOWS\system32\aufpstcj.exe
    C:\WINDOWS\system32\autorun.bat
    C:\WINDOWS\system32\AutoRun.inf
    C:\WINDOWS\system32\autorun.ini
    C:\WINDOWS\system32\autorun.reg
    C:\WINDOWS\system32\autorun.vbs
    C:\WINDOWS\system32\avyuroia.dll
    C:\WINDOWS\system32\awwrpxrq.dll
    C:\WINDOWS\system32\bcjpfksv.ini
    C:\WINDOWS\system32\bcuqccgb.dll
    C:\WINDOWS\system32\bdsyaqot.dll
    C:\WINDOWS\system32\bgcucwia.dll
    C:\WINDOWS\system32\bicnrjqw.dll
    C:\WINDOWS\system32\bkxegxau.ini
    C:\WINDOWS\system32\bmxlcedk.dll
    C:\WINDOWS\system32\bshucixo.ini
    C:\WINDOWS\system32\btwodpid.ini
    C:\WINDOWS\system32\bvejwuyw.dll
    C:\WINDOWS\system32\bvvouyiv.ini
    C:\WINDOWS\system32\bxaypvma.dll
    C:\WINDOWS\system32\bxgoyatr.ini
    C:\WINDOWS\system32\bxspnnqw.dll
    C:\WINDOWS\system32\bxvyqred.ini
    C:\WINDOWS\system32\byhcvkgm.dll
    C:\WINDOWS\system32\cbkasggw.ini
    C:\WINDOWS\system32\ccvhjntr.dll
    C:\WINDOWS\system32\cdxpukpe.exe
    C:\WINDOWS\system32\ceabriqa.ini
    C:\WINDOWS\system32\cehlojgr.ini
    C:\WINDOWS\system32\chniefug.dll
    C:\WINDOWS\system32\cmgmdbbg.ini
    C:\WINDOWS\system32\cogonliy.dll
    C:\WINDOWS\system32\cpcakeui.dll
    C:\WINDOWS\system32\cponddch.ini
    C:\WINDOWS\system32\crdjkexh.dll
    C:\WINDOWS\system32\csgeqkap.ini
    C:\WINDOWS\system32\cstovcga.dll
    C:\WINDOWS\system32\ctxrthsl.dll
    C:\WINDOWS\system32\cxinaufn.dll
    C:\WINDOWS\system32\cxipusuq.dll
    C:\WINDOWS\system32\daaheolt.ini
    C:\WINDOWS\system32\dacpfkvw.ini
    C:\WINDOWS\system32\daoyokrx.dll
    C:\WINDOWS\system32\ddafwtoh.dll
    C:\WINDOWS\system32\ddvnjhnd.exe
    C:\WINDOWS\system32\dejuboos.dll
    C:\WINDOWS\system32\dfcrdmlj.ini
    C:\WINDOWS\system32\dlgjppmr.exe
    C:\WINDOWS\system32\dlsnkgyo.dll
    C:\WINDOWS\system32\dmixqydm.dll
    C:\WINDOWS\system32\docbwxni.ini
    C:\WINDOWS\system32\dqbavgwp.ini
    C:\WINDOWS\system32\drmoyawe.dll
    C:\WINDOWS\system32\drstbpku.ini
    C:\WINDOWS\system32\dtiecndd.dll
    C:\WINDOWS\system32\dujedxmk.dll
    C:\WINDOWS\system32\duuosedi.dll
    C:\WINDOWS\system32\dweswlky.dll
    C:\WINDOWS\system32\dwgcrnxx.ini
    C:\WINDOWS\system32\dxfjesna.ini
    C:\WINDOWS\system32\dxokvrpr.dll
    C:\WINDOWS\system32\eadrvnud.dll
    C:\WINDOWS\system32\eakpsbuh.ini
    C:\WINDOWS\system32\easfcirl.ini
    C:\WINDOWS\system32\ebqfifct.dll
    C:\WINDOWS\system32\edqiufts.dll
    C:\WINDOWS\system32\eehabyln.dll
    C:\WINDOWS\system32\eepoefbr.dll
    C:\WINDOWS\system32\eestmgab.ini
    C:\WINDOWS\system32\eeuwxeoi.ini
    C:\WINDOWS\system32\efggxrax.dll
    C:\WINDOWS\system32\efryhytf.dll
    C:\WINDOWS\system32\eicafwra.ini
    C:\WINDOWS\system32\ejeebyss.ini
    C:\WINDOWS\system32\ejpvbhsh.dll
    C:\WINDOWS\system32\ekbjrdtx.ini
    C:\WINDOWS\system32\empuflyt.ini
    C:\WINDOWS\system32\enduolvw.dll
    C:\WINDOWS\system32\enfehltr.ini
    C:\WINDOWS\system32\eoaadihi.ini
    C:\WINDOWS\system32\eoyiavmt.ini
    C:\WINDOWS\system32\esbqinne.dll
    C:\WINDOWS\system32\eshthkua.dll
    C:\WINDOWS\system32\evxwwvgs.dll
    C:\WINDOWS\system32\ewavvttt.dll
    C:\WINDOWS\system32\ewubydsb.dll
    C:\WINDOWS\system32\ewwlhfbn.dll
    C:\WINDOWS\system32\fauikovs.dll
    C:\WINDOWS\system32\fehjsoio.dll
    C:\WINDOWS\system32\ffgcvuag.dll
    C:\WINDOWS\system32\ffsmpwrm.ini
    C:\WINDOWS\system32\fmjwpxbg.dll
    C:\WINDOWS\system32\fohmyosm.dll
    C:\WINDOWS\system32\frhcwtxf.ini
    C:\WINDOWS\system32\friyxdjp.dll
    C:\WINDOWS\system32\frjgceix.dll
    C:\WINDOWS\system32\frjhnelk.dll
    C:\WINDOWS\system32\ftapvljr.dll
    C:\WINDOWS\system32\fvurjkoy.dll
    C:\WINDOWS\system32\fvxetgnu.dll
    C:\WINDOWS\system32\fxcusdtu.ini
    C:\WINDOWS\system32\fyjsuvng.ini
    C:\WINDOWS\system32\gapogjbj.dll
    C:\WINDOWS\system32\ggntuocr.dll
    C:\WINDOWS\system32\ggxxstqr.dll
    C:\WINDOWS\system32\ghbuismr.ini
    C:\WINDOWS\system32\ghdhwhca.dll
    C:\WINDOWS\system32\ghjmralu.ini
    C:\WINDOWS\system32\giepoiwd.dll
    C:\WINDOWS\system32\gjdkigku.dll
    C:\WINDOWS\system32\gkdpubyx.dll
    C:\WINDOWS\system32\gkkhihld.dll
    C:\WINDOWS\system32\gkqjwaot.ini
    C:\WINDOWS\system32\gkrtulop.dll
    C:\WINDOWS\system32\glgsnequ.dll
    C:\WINDOWS\system32\gmtyrnih.dll
    C:\WINDOWS\system32\gobpixgk.exe
    C:\WINDOWS\system32\gtfokkou.ini
    C:\WINDOWS\system32\gufeinhc.ini
    C:\WINDOWS\system32\gufemkfd.ini
    C:\WINDOWS\system32\gvymylml.ini
    C:\WINDOWS\system32\gwfycwjv.ini
    C:\WINDOWS\system32\gwhrdpeh.dll
    C:\WINDOWS\system32\gxgosdxq.ini
    C:\WINDOWS\system32\gxwmmjfs.dll
    C:\WINDOWS\system32\gybbfxjb.ini
    C:\WINDOWS\system32\gyrcblpc.dll
    C:\WINDOWS\system32\haejohet.dll
    C:\WINDOWS\system32\hbvnokyt.dll
    C:\WINDOWS\system32\hcnrqqdb.ini
    C:\WINDOWS\system32\heyfiulj.ini
    C:\WINDOWS\system32\hgxxomon.dll
    C:\WINDOWS\system32\hixmbwei.dll
    C:\WINDOWS\system32\hlpfcpsg.dll
    C:\WINDOWS\system32\hlqexcoo.dll
    C:\WINDOWS\system32\hlrgcbsy.dll
    C:\WINDOWS\system32\hohjmwgx.dll
    C:\WINDOWS\system32\hsofpbgl.dll
    C:\WINDOWS\system32\htiaweju.dll
    C:\WINDOWS\system32\httboxxm.ini
    C:\WINDOWS\system32\huubdjon.exe
    C:\WINDOWS\system32\huvigsut.ini
    C:\WINDOWS\system32\hvkclljv.dll
    C:\WINDOWS\system32\hxultuqm.dll
    C:\WINDOWS\system32\ibhcqqfg.ini
    C:\WINDOWS\system32\ibkcnojb.ini
    C:\WINDOWS\system32\ietlnbgt.dll
    C:\WINDOWS\system32\iftapoip.ini
    C:\WINDOWS\system32\ijtckrwk.dll
    C:\WINDOWS\system32\inaklehb.ini
    C:\WINDOWS\system32\ioequsil.dll
    C:\WINDOWS\system32\iqhgbksd.dll
    C:\WINDOWS\system32\irxsvrpn.ini
    C:\WINDOWS\system32\isoyissj.dll
    C:\WINDOWS\system32\itjkekce.dll
    C:\WINDOWS\system32\iuqjfdvn.dll
    C:\WINDOWS\system32\jdjqmxys.dll
    C:\WINDOWS\system32\jfbbnvfs.ini
    C:\WINDOWS\system32\jfnquvrn.ini
    C:\WINDOWS\system32\jghicobg.ini
    C:\WINDOWS\system32\jhyuxulx.ini
    C:\WINDOWS\system32\jlmdrcfd.dll
    C:\WINDOWS\system32\jluifyeh.dll
    C:\WINDOWS\system32\jlxyqlub.dll
    C:\WINDOWS\system32\jmureorx.dll
    C:\WINDOWS\system32\johhcqho.exe
    C:\WINDOWS\system32\jpaghani.exe
    C:\WINDOWS\system32\juurywsx.dll
    C:\WINDOWS\system32\jwlswopn.dll
    C:\WINDOWS\system32\jydbcqtl.dll
    C:\WINDOWS\system32\jyjdcmsn.ini
    C:\WINDOWS\system32\jywdtdod.ini
    C:\WINDOWS\system32\kbkjvqnd.dll
    C:\WINDOWS\system32\kbovkvlo.ini
    C:\WINDOWS\system32\kecyuake.ini
    C:\WINDOWS\system32\kfhsvvtl.dll
    C:\WINDOWS\system32\kgdarrda.ini
    C:\WINDOWS\system32\khaggknb.dll
    C:\WINDOWS\system32\khlulolb.exe
    C:\WINDOWS\system32\kkodionw.dll
    C:\WINDOWS\system32\klgkvxsg.dll
    C:\WINDOWS\system32\klygmjbs.ini
    C:\WINDOWS\system32\kmxmecwh.ini
    C:\WINDOWS\system32\kndtuyvm.ini
    C:\WINDOWS\system32\knflnphy.dll
    C:\WINDOWS\system32\koumwrss.dll
    C:\WINDOWS\system32\krfveqyj.ini
    C:\WINDOWS\system32\krmtruit.dll
    C:\WINDOWS\system32\krsmokax.ini
    C:\WINDOWS\system32\krvyvhkd.ini
    C:\WINDOWS\system32\ksvrtcdy.ini
    C:\WINDOWS\system32\ksxgdnfn.dll
    C:\WINDOWS\system32\ktbcjxjv.dll
    C:\WINDOWS\system32\ktfjhmtq.dll
    C:\WINDOWS\system32\ktqcyxng.dll
    C:\WINDOWS\system32\ktwsfyhg.dll
    C:\WINDOWS\system32\kvvrrswj.exe
    C:\WINDOWS\system32\kxitiosl.ini
    C:\WINDOWS\system32\kxkuaqjx.dll
    C:\WINDOWS\system32\kxosgkeg.ini
    C:\WINDOWS\system32\kxqqyqam.ini
    C:\WINDOWS\system32\kxsqrarp.ini
    C:\WINDOWS\system32\kykyttee.dll
    C:\WINDOWS\system32\kyskkrtv.dll
    C:\WINDOWS\system32\lcdkepsv.dll
    C:\WINDOWS\system32\ldjgkmgk.ini
    C:\WINDOWS\system32\ldmbvyyv.dll
    C:\WINDOWS\system32\lggudlcy.dll
    C:\WINDOWS\system32\lgxnblyg.dll
    C:\WINDOWS\system32\liuqylli.ini
    C:\WINDOWS\system32\ljcxdotx.dll
    C:\WINDOWS\system32\llffwknp.dll
    C:\WINDOWS\system32\lrxlsrtp.dll
    C:\WINDOWS\system32\lryimxae.dll
    C:\WINDOWS\system32\lsingcpo.ini
    C:\WINDOWS\system32\lsiwlcsi.dll
    C:\WINDOWS\system32\lsjhrdqy.dll
    C:\WINDOWS\system32\ltuythfq.dll
    C:\WINDOWS\system32\lwbdsisq.ini
    C:\WINDOWS\system32\lwufuyhm.dll
    C:\WINDOWS\system32\lxyguqak.dll
    C:\WINDOWS\system32\lyqvvehu.dll
    C:\WINDOWS\system32\maefnoso.ini
    C:\WINDOWS\system32\maivchkh.dll
    C:\WINDOWS\system32\masdcniy.dll
    C:\WINDOWS\system32\matujgnp.ini
    C:\WINDOWS\system32\mcatwnth.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mdullqap.ini
    C:\WINDOWS\system32\meauobfw.ini
    C:\WINDOWS\system32\mgablqgv.ini
    C:\WINDOWS\system32\mgnbqnja.ini
    C:\WINDOWS\system32\mgpehexx.dll
    C:\WINDOWS\system32\mgyurcac.dll
    C:\WINDOWS\system32\mhjmighn.ini
    C:\WINDOWS\system32\mhlrufaw.exe
    C:\WINDOWS\system32\mjgsqrwb.dll
    C:\WINDOWS\system32\mjvpnxcv.dll
    C:\WINDOWS\system32\mkikieew.ini
    C:\WINDOWS\system32\mksdhpxp.ini
    C:\WINDOWS\system32\mktnfbxg.dll
    C:\WINDOWS\system32\mlaahktc.exe
    C:\WINDOWS\system32\mmfospin.ini
    C:\WINDOWS\system32\mntdnfxj.dll
    C:\WINDOWS\system32\mqlvrkag.dll
    C:\WINDOWS\system32\mrflkqjq.dll
    C:\WINDOWS\system32\mtltjwvb.ini
    C:\WINDOWS\system32\mttunncr.dll
    C:\WINDOWS\system32\mtvxtxgr.ini
    C:\WINDOWS\system32\muftsifq.dll
    C:\WINDOWS\system32\mvhkrgrw.dll
    C:\WINDOWS\system32\mxlqalhf.dll
    C:\WINDOWS\system32\mynssodc.dll
    C:\WINDOWS\system32\mysskaos.dll
    C:\WINDOWS\system32\ncdyumgk.ini
    C:\WINDOWS\system32\ndtimwrs.dll
    C:\WINDOWS\system32\nfhxanlw.dll
    C:\WINDOWS\system32\nfndgxsk.ini
    C:\WINDOWS\system32\ngexmrbm.exe
    C:\WINDOWS\system32\ngockdqs.dll
    C:\WINDOWS\system32\nhdbcqkt.dll
    C:\WINDOWS\system32\nhowtcqv.ini
    C:\WINDOWS\system32\nhqofrjf.dll
    C:\WINDOWS\system32\njemjxuw.ini
    C:\WINDOWS\system32\njumqsor.ini
    C:\WINDOWS\system32\njwktopu.ini
    C:\WINDOWS\system32\nknebvrq.dll
    C:\WINDOWS\system32\nmkkxmgh.ini
    C:\WINDOWS\system32\nmpltmri.ini
    C:\WINDOWS\system32\nnnijbce.ini
    C:\WINDOWS\system32\nntrkfgn.ini
    C:\WINDOWS\system32\nogetblv.ini
    C:\WINDOWS\system32\npaaglvq.ini
    C:\WINDOWS\system32\npmngyhi.dll
    C:\WINDOWS\system32\nsjbfhgj.dll
    C:\WINDOWS\system32\nvjdrpdl.ini
    C:\WINDOWS\system32\nvxlgeht.dll
    C:\WINDOWS\system32\nwpicgnm.ini
    C:\WINDOWS\system32\nwwuylya.dll
    C:\WINDOWS\system32\nyesfolo.exe
    C:\WINDOWS\system32\odceymwd.ini
    C:\WINDOWS\system32\odmtrwuw.ini
    C:\WINDOWS\system32\oeqxepey.exe
    C:\WINDOWS\system32\ohsfkakq.dll
    C:\WINDOWS\system32\ohsiquoj.ini
    C:\WINDOWS\system32\oiciwiju.dll
    C:\WINDOWS\system32\ojchdlai.exe
    C:\WINDOWS\system32\ojenirhd.exe
    C:\WINDOWS\system32\ojhpgwss.ini
    C:\WINDOWS\system32\okgcvkbq.dll
    C:\WINDOWS\system32\omfjqlyv.dll
    C:\WINDOWS\system32\oodwttyf.ini
    C:\WINDOWS\system32\oqkbjuui.dll
    C:\WINDOWS\system32\oqlvyjle.dll
    C:\WINDOWS\system32\osftsaoo.exe
    C:\WINDOWS\system32\ovlrrrny.exe
    C:\WINDOWS\system32\ovlwwmns.ini
    C:\WINDOWS\system32\ovtfguae.exe
    C:\WINDOWS\system32\ovtjreas.ini
    C:\WINDOWS\system32\owhdmsmg.ini
    C:\WINDOWS\system32\oxnqyjtg.dll
    C:\WINDOWS\system32\oyptjpdb.ini
    C:\WINDOWS\system32\padijsxp.dll
    C:\WINDOWS\system32\panbqsnd.exe
    C:\WINDOWS\system32\papdntov.dll
    C:\WINDOWS\system32\pavbpbxd.ini
    C:\WINDOWS\system32\pawfwdvo.dll
    C:\WINDOWS\system32\pcsxcbau.dll
    C:\WINDOWS\system32\pdekwthj.exe
    C:\WINDOWS\system32\pfgrtoqc.dll
    C:\WINDOWS\system32\pfmiatvf.ini
    C:\WINDOWS\system32\pjlnemlt.dll
    C:\WINDOWS\system32\pkxkjdgx.ini
    C:\WINDOWS\system32\pleunfmn.dll
    C:\WINDOWS\system32\pmhkeatk.dll
    C:\WINDOWS\system32\pmovcbmm.dll
    C:\WINDOWS\system32\pobxyucf.dll
    C:\WINDOWS\system32\pqdvnhhd.dll
    C:\WINDOWS\system32\pqnqoxth.ini
    C:\WINDOWS\system32\prqwomqu.ini
    C:\WINDOWS\system32\psbqddpd.ini
    C:\WINDOWS\system32\pscpdhlv.ini
    C:\WINDOWS\system32\pvvetxrw.dll
    C:\WINDOWS\system32\pxcencnw.dll
    C:\WINDOWS\system32\pxdwhxxw.ini
    C:\WINDOWS\system32\pxkwxfnp.dll
    C:\WINDOWS\system32\pxstjqoa.ini
    C:\WINDOWS\system32\pygyiclb.dll
    C:\WINDOWS\system32\qbmfrksr.dll
    C:\WINDOWS\system32\qbupndmx.ini
    C:\WINDOWS\system32\qdbfotca.dll
    C:\WINDOWS\system32\qflkdujs.ini
    C:\WINDOWS\system32\qhgcvrpu.dll
    C:\WINDOWS\system32\qhqkxcsp.dll
    C:\WINDOWS\system32\qhwcpvns.dll
    C:\WINDOWS\system32\qiiopbpw.dll
    C:\WINDOWS\system32\qjcekuie.dll
    C:\WINDOWS\system32\qjpmbsvp.ini
    C:\WINDOWS\system32\qkcpcjup.exe
    C:\WINDOWS\system32\qkgfxslr.ini
    C:\WINDOWS\system32\qkqakjwo.ini
    C:\WINDOWS\system32\qktkaxrj.ini
    C:\WINDOWS\system32\qkvorntp.ini
    C:\WINDOWS\system32\qmoffckp.ini
    C:\WINDOWS\system32\qpwbnlay.ini
    C:\WINDOWS\system32\qqbyxetm.ini
    C:\WINDOWS\system32\qqggesgq.dll
    C:\WINDOWS\system32\qqsjcbde.exe
    C:\WINDOWS\system32\qrtevere.exe
    C:\WINDOWS\system32\qrxprwwa.ini
    C:\WINDOWS\system32\qvjlbsor.dll
    C:\WINDOWS\system32\qvlgaapn.dll
    C:\WINDOWS\system32\qwmdbbtx.dll
    C:\WINDOWS\system32\qxdsogxg.dll
    C:\WINDOWS\system32\qxgkovwr.ini
    C:\WINDOWS\system32\rbayholr.exe
    C:\WINDOWS\system32\rcllliwy.dll
    C:\WINDOWS\system32\rcsxjslj.dll
    C:\WINDOWS\system32\rdahfwsd.dll
    C:\WINDOWS\system32\repedahn.dll
    C:\WINDOWS\system32\rfvthgdq.dll
    C:\WINDOWS\system32\rgrubfoh.dll
    C:\WINDOWS\system32\rideptnp.dll
    C:\WINDOWS\system32\rjhtgmcw.ini
    C:\WINDOWS\system32\rkpmlhdv.dll
    C:\WINDOWS\system32\rmdxwntj.dll
    C:\WINDOWS\system32\rmtsvawl.exe
    C:\WINDOWS\system32\rnvkwyfn.ini
    C:\WINDOWS\system32\rosqmujn.dll
    C:\WINDOWS\system32\rpoxjyxa.ini
    C:\WINDOWS\system32\rprvkoxd.ini
    C:\WINDOWS\system32\rpwrojlr.dll
    C:\WINDOWS\system32\rrdpymuy.ini
    C:\WINDOWS\system32\rtajwyuh.dll
    C:\WINDOWS\system32\ruywahcd.exe
    C:\WINDOWS\system32\rwghecqg.dll
    C:\WINDOWS\system32\rxkjpeyv.dll
    C:\WINDOWS\system32\sahdytpu.dll
    C:\WINDOWS\system32\sbekqoac.ini
    C:\WINDOWS\system32\sfjmmwxg.ini
    C:\WINDOWS\system32\sgfhoyfo.dll
    C:\WINDOWS\system32\shpfvdih.ini
    C:\WINDOWS\system32\sievjiev.ini
    C:\WINDOWS\system32\slsnonji.dll
    C:\WINDOWS\system32\smpqvtaq.dll
    C:\WINDOWS\system32\snlxgehh.dll
    C:\WINDOWS\system32\sqctihug.dll
    C:\WINDOWS\system32\sqrcdssb.dll
    C:\WINDOWS\system32\srjlndty.dll
    C:\WINDOWS\system32\sscolqbh.dll
    C:\WINDOWS\system32\ssnvnvaj.exe
    C:\WINDOWS\system32\staudkvs.dll
    C:\WINDOWS\system32\sthnketi.dll
    C:\WINDOWS\system32\stnqxqcj.dll
    C:\WINDOWS\system32\stroxbjv.dll
    C:\WINDOWS\system32\suackbcr.ini
    C:\WINDOWS\system32\sumdnbqd.ini
    C:\WINDOWS\system32\svokiuaf.ini
    C:\WINDOWS\system32\svpddmjt.ini
    C:\WINDOWS\system32\swbjylpf.ini
    C:\WINDOWS\system32\swgnmxkp.ini
    C:\WINDOWS\system32\sxilmjmg.dll
    C:\WINDOWS\system32\tbixykus.ini
    C:\WINDOWS\system32\tcvjhgmu.dll
    C:\WINDOWS\system32\tdrwohkp.dll
    C:\WINDOWS\system32\tevlevny.exe
    C:\WINDOWS\system32\tfunqlxo.dll
    C:\WINDOWS\system32\tgqknelx.ini
    C:\WINDOWS\system32\thcwtirn.ini
    C:\WINDOWS\system32\tiptdiby.exe
    C:\WINDOWS\system32\tjuvttkb.ini
    C:\WINDOWS\system32\tlnhvcvy.dll
    C:\WINDOWS\system32\tnxdlajg.exe
    C:\WINDOWS\system32\towengkn.dll
    C:\WINDOWS\system32\tpmpxhhu.ini
    C:\WINDOWS\system32\tqmhbkrq.ini
    C:\WINDOWS\system32\twfucrtr.dll
    C:\WINDOWS\system32\txobpeha.ini
    C:\WINDOWS\system32\uaxppmkw.dll
    C:\WINDOWS\system32\uaxvchhi.dll
    C:\WINDOWS\system32\ucakbghg.dll
    C:\WINDOWS\system32\ucweanjj.ini
    C:\WINDOWS\system32\udcklwmt.dll
    C:\WINDOWS\system32\uekooupu.ini
    C:\WINDOWS\system32\ufmqeadp.dll
    C:\WINDOWS\system32\uftdqeue.exe
    C:\WINDOWS\system32\ugnvakck.dll
    C:\WINDOWS\system32\uiiebkxh.dll
    C:\WINDOWS\system32\ukguqbdd.ini
    C:\WINDOWS\system32\uknymehq.dll
    C:\WINDOWS\system32\ulwqiime.dll
    C:\WINDOWS\system32\umbprwwc.ini
    C:\WINDOWS\system32\uneaqfdf.ini
    C:\WINDOWS\system32\unnpfghm.ini
    C:\WINDOWS\system32\upuookeu.dll
    C:\WINDOWS\system32\uqmowqrp.dll
    C:\WINDOWS\system32\urrvbfyv.ini
    C:\WINDOWS\system32\useykewe.dll
    C:\WINDOWS\system32\utkpmvnk.exe
    C:\WINDOWS\system32\utqufval.ini
    C:\WINDOWS\system32\utukvpij.dll
    C:\WINDOWS\system32\uwrorjww.dll
    C:\WINDOWS\system32\uxmqownk.dll
    C:\WINDOWS\system32\uxwuxoqd.dll
    C:\WINDOWS\system32\vbfpplrh.dll
    C:\WINDOWS\system32\vblscyte.dll
    C:\WINDOWS\system32\vcbohvhy.dll
    C:\WINDOWS\system32\vcdaxjcr.ini
    C:\WINDOWS\system32\vcptuiqg.ini
    C:\WINDOWS\system32\vdndsweh.dll
    C:\WINDOWS\system32\vdvcfuqa.dll
    C:\WINDOWS\system32\vftqgbvy.dll
    C:\WINDOWS\system32\vgqdygin.ini
    C:\WINDOWS\system32\vgqlbagm.dll
    C:\WINDOWS\system32\vgyjgdwx.dll
    C:\WINDOWS\system32\virqvpdf.dll
    C:\WINDOWS\system32\vjbebsra.dll
    C:\WINDOWS\system32\vjbrkmhn.dll
    C:\WINDOWS\system32\vjdwitmm.ini
    C:\WINDOWS\system32\vkmambee.ini
    C:\WINDOWS\system32\vmhbflti.ini
    C:\WINDOWS\system32\vnnweexn.ini
    C:\WINDOWS\system32\vobrubsl.ini
    C:\WINDOWS\system32\vplkdpsm.ini
    C:\WINDOWS\system32\vppdtsah.dll
    C:\WINDOWS\system32\vrdimoih.ini
    C:\WINDOWS\system32\vrpjbeme.dll
    C:\WINDOWS\system32\vsgxstio.dll
    C:\WINDOWS\system32\vtbradhd.ini
    C:\WINDOWS\system32\vtsoyhlc.dll
    C:\WINDOWS\system32\vvrdbhmq.ini
    C:\WINDOWS\system32\vwsgdtbe.ini
    C:\WINDOWS\system32\vxuigbpi.exe
    C:\WINDOWS\system32\vygakcug.dll
    C:\WINDOWS\system32\wbbmjfud.ini
    C:\WINDOWS\system32\wbxwnrwa.dll
    C:\WINDOWS\system32\wdbgjvuf.ini
    C:\WINDOWS\system32\wfwqsoia.dll
    C:\WINDOWS\system32\wguyieps.ini
    C:\WINDOWS\system32\whayfvhy.ini
    C:\WINDOWS\system32\whwoudeg.ini
    C:\WINDOWS\system32\winlogo.exe
    C:\WINDOWS\system32\wjvnerbs.ini
    C:\WINDOWS\system32\wkgoelgw.ini
    C:\WINDOWS\system32\wotjktea.ini
    C:\WINDOWS\system32\wprqdufb.dll
    C:\WINDOWS\system32\wtmgcfgm.ini
    C:\WINDOWS\system32\wuhawlea.dll
    C:\WINDOWS\system32\wujyudfi.ini
    C:\WINDOWS\system32\wusiflbp.dll
    C:\WINDOWS\system32\wvqdvxqc.dll
    C:\WINDOWS\system32\wvwcxoqi.ini
    C:\WINDOWS\system32\wwrccbnj.dll
    C:\WINDOWS\system32\wwwejqcy.dll
    C:\WINDOWS\system32\xarxggfe.ini
    C:\WINDOWS\system32\xbujbgpb.exe
    C:\WINDOWS\system32\xcjhmyge.ini
    C:\WINDOWS\system32\xdnqidsn.dll
    C:\WINDOWS\system32\xefdjyvj.dll
    C:\WINDOWS\system32\xfacctlm.dll
    C:\WINDOWS\system32\xfdciyof.dll
    C:\WINDOWS\system32\xfejgjtn.ini
    C:\WINDOWS\system32\xgsaytbx.dll
    C:\WINDOWS\system32\xihqwiwd.ini
    C:\WINDOWS\system32\xiqoelqg.ini
    C:\WINDOWS\system32\xkemeelr.dll
    C:\WINDOWS\system32\xkklofof.ini
    C:\WINDOWS\system32\xkrvjgig.dll
    C:\WINDOWS\system32\xlblsxna.dll
    C:\WINDOWS\system32\xlhyvyor.dll
    C:\WINDOWS\system32\xrfrafrv.ini
    C:\WINDOWS\system32\xsafvyjh.dll
    C:\WINDOWS\system32\xtnmprka.dll
    C:\WINDOWS\system32\xtuyllne.dll
    C:\WINDOWS\system32\xtvuiddj.dll
    C:\WINDOWS\system32\xufjjwxi.dll
    C:\WINDOWS\system32\xupaobjl.dll
    C:\WINDOWS\system32\xwpvchcd.dll
    C:\WINDOWS\system32\xwrxylxf.dll
    C:\WINDOWS\system32\xxyaxvu.dll
    C:\WINDOWS\system32\xxyyaby.dll
    C:\WINDOWS\system32\yafvenmq.dll
    C:\WINDOWS\system32\ydfdrlpo.ini
    C:\WINDOWS\system32\ydmvmfyk.dll
    C:\WINDOWS\system32\yeiaqbgd.dll
    C:\WINDOWS\system32\yenubuvf.dll
    C:\WINDOWS\system32\yfiyytgy.dll
    C:\WINDOWS\system32\yftpqmvy.ini
    C:\WINDOWS\system32\yhitftxy.dll
    C:\WINDOWS\system32\ykrmdrkg.dll
    C:\WINDOWS\system32\yksqxmag.dll
    C:\WINDOWS\system32\ylcpnvud.dll
    C:\WINDOWS\system32\ylejvcwo.ini
    C:\WINDOWS\system32\ynsghlyt.dll
    C:\WINDOWS\system32\yoavvcho.dll
    C:\WINDOWS\system32\yofppweq.dll
    C:\WINDOWS\system32\yoigqifn.ini
    C:\WINDOWS\system32\yqwdbiug.ini
    C:\WINDOWS\system32\yrkmswce.dll
    C:\WINDOWS\system32\yrqjxnqe.ini
    C:\WINDOWS\system32\ysdkomse.ini
    C:\WINDOWS\system32\ytdffxxq.ini
    C:\WINDOWS\system32\ytvebtno.dll
    C:\WINDOWS\system32\yxsqncwb.dll
    C:\WINDOWS\system32\yynmogvd.dll
    C:\winlogon.exe
    C:\x.dat
    C:\z.dat
    D:\autorun.bat
    D:\Autorun.inf
    D:\autorun.vbs

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DOMAINSERVICE
    -------\Legacy_ICF
    -------\Service_DomainService
    -------\Service_ICF


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-06 18:27 . 2008-04-06 18:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-05 22:42 . 2008-04-05 22:42 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-05 21:08 . 2008-04-05 23:10 4,559,557 ---hs---- C:\WINDOWS\system32\oymidnbs.ini
    2008-04-05 21:05 . 2008-04-05 21:06 4,951,672 ---hs---- C:\WINDOWS\system32\wavebspd.ini
    2008-04-05 20:15 . 2008-04-05 21:00 5,630,163 ---hs---- C:\WINDOWS\system32\mucpihki.ini
    2008-04-05 18:24 . 2008-04-05 20:14 6,696,777 ---hs---- C:\WINDOWS\system32\ubtgseed.ini
    2008-04-05 17:31 . 2008-04-05 18:22 6,699,022 ---hs---- C:\WINDOWS\system32\avsjclye.ini
    2008-04-05 16:52 . 2008-04-05 17:28 6,701,077 ---hs---- C:\WINDOWS\system32\gkyeseyf.ini
    2008-04-05 15:30 . 2008-04-05 16:46 6,709,982 ---hs---- C:\WINDOWS\system32\vilfugmw.ini
    2008-04-05 15:23 . 2008-04-05 15:25 6,751,924 ---hs---- C:\WINDOWS\system32\pgcvrqoi.ini
    2008-04-05 15:02 . 2008-04-05 15:21 6,754,166 ---hs---- C:\WINDOWS\system32\hlxdrrwx.ini
    2008-04-04 17:34 . 2008-04-05 15:00 6,680,449 ---hs---- C:\WINDOWS\system32\yvmifnjq.ini
    2008-04-04 13:27 . 2008-04-04 17:31 6,661,137 ---hs---- C:\WINDOWS\system32\xaiafvqh.ini
    2008-04-04 12:54 . 2008-04-04 13:25 6,648,492 ---hs---- C:\WINDOWS\system32\nsjxqbai.ini
    2008-04-04 11:19 . 2008-04-04 12:51 6,597,354 ---hs---- C:\WINDOWS\system32\gggjayqd.ini
    2008-04-03 23:03 . 2008-04-04 11:14 6,509,199 ---hs---- C:\WINDOWS\system32\yqnphsvl.ini
    2008-04-03 19:43 . 2008-04-03 22:57 6,511,159 ---hs---- C:\WINDOWS\system32\rvrowpva.ini
    2008-04-03 19:33 . 2008-04-03 19:40 6,513,115 ---hs---- C:\WINDOWS\system32\xusahrtb.ini
    2008-04-03 18:37 . 2008-04-03 19:27 6,515,359 ---hs---- C:\WINDOWS\system32\vjtxtnsr.ini
    2008-04-03 17:33 . 2008-04-03 18:34 6,517,607 ---hs---- C:\WINDOWS\system32\ybvqpxcg.ini
    2008-04-03 17:06 . 2008-04-03 17:31 6,519,929 ---hs---- C:\WINDOWS\system32\jebhqqwg.ini
    2008-04-03 14:20 . 2008-04-03 16:57 6,397,136 ---hs---- C:\WINDOWS\system32\udecbohn.ini
    2008-04-03 13:56 . 2008-04-03 14:17 6,397,016 ---hs---- C:\WINDOWS\system32\veteumwq.ini
    2008-04-03 13:52 . 2008-04-03 13:53 6,400,985 ---hs---- C:\WINDOWS\system32\kotyrlmv.ini
    2008-04-03 13:37 . 2008-04-03 13:46 6,400,423 ---hs---- C:\WINDOWS\system32\nmipvvxg.ini
    2008-04-03 12:01 . 2008-04-03 13:34 6,394,050 ---hs---- C:\WINDOWS\system32\muhausnh.ini
    2008-04-03 07:19 . 2008-04-03 11:56 6,297,727 ---hs---- C:\WINDOWS\system32\aljrnrxa.ini
    2008-04-03 06:29 . 2008-04-03 07:16 6,299,915 ---hs---- C:\WINDOWS\system32\skfxdgvl.ini
    2008-04-02 21:16 . 2008-04-03 06:21 6,302,027 ---hs---- C:\WINDOWS\system32\qywmhfhc.ini
    2008-04-02 19:49 . 2008-04-02 21:07 6,304,452 ---hs---- C:\WINDOWS\system32\gisoidct.ini
    2008-04-02 06:26 . 2008-04-02 19:49 6,299,458 ---hs---- C:\WINDOWS\system32\nnjenlhd.ini
    2008-04-02 06:18 . 2008-04-02 06:20 6,301,697 ---hs---- C:\WINDOWS\system32\qqgorxwp.ini
    2008-04-01 21:16 . 2008-04-02 06:18 6,303,781 ---hs---- C:\WINDOWS\system32\ipwinawl.ini
    2008-04-01 20:26 . 2008-04-01 22:34 <REP> d-------- C:\Program Files\The All-Seeing Eye
    2008-04-01 20:05 . 2008-04-01 21:10 5,020,412 ---hs---- C:\WINDOWS\system32\xytdquoi.ini
    2008-04-01 20:03 . 2008-04-01 20:05 5,022,074 ---hs---- C:\WINDOWS\system32\mxqretts.ini
    2008-04-01 19:33 . 2008-04-01 20:02 3,737,360 ---hs---- C:\WINDOWS\system32\hqwvdixj.ini
    2008-04-01 18:42 . 2008-04-01 19:30 3,739,055 ---hs---- C:\WINDOWS\system32\xgjljnwa.ini
    2008-04-01 18:38 . 2008-04-01 18:39 2,463,562 ---hs---- C:\WINDOWS\system32\mjsdedhi.ini
    2008-04-01 16:54 . 2008-04-01 18:35 2,756,391 ---hs---- C:\WINDOWS\system32\vrivttyc.ini
    2008-04-01 16:25 . 2008-04-01 16:25 90,688 --a------ C:\WINDOWS\system32\yurpenlm.dll
    2008-04-01 15:36 . 2008-04-01 15:36 90,688 --a------ C:\WINDOWS\system32\pjacodxt.dll
    2008-03-31 22:17 . 2008-03-31 22:17 91,712 --a------ C:\WINDOWS\system32\cweooxax.dll
    2008-03-31 21:55 . 2008-03-31 21:55 91,712 --a------ C:\WINDOWS\system32\kpnleski.dll
    2008-03-30 21:54 . 2008-03-30 21:54 3,416 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
    2008-03-29 14:29 . 2008-03-29 14:29 26,800 --a------ C:\WINDOWS\system32\hgGaxuts.dll
    2008-03-29 02:57 . 2008-03-29 02:57 90,688 --a------ C:\WINDOWS\system32\erqoxgno.dll
    2008-03-28 13:20 . 2008-03-28 13:20 93,760 --a------ C:\WINDOWS\system32\ywafnavi.dll
    2008-03-27 13:16 . 2008-03-28 13:16 1,395,101 ---hs---- C:\WINDOWS\system32\rscgkium.ini
    2008-03-27 13:16 . 2008-03-27 13:16 92,224 --a------ C:\WINDOWS\system32\upphxbtu.dll
    2008-03-26 22:36 . 2008-03-26 22:36 90,688 --a------ C:\WINDOWS\system32\hhcgdgft.dll
    2008-03-26 12:36 . 2008-03-26 12:36 90,688 --a------ C:\WINDOWS\system32\jvjjmfcx.dll
    2008-03-26 00:52 . 2008-03-26 00:52 94,272 --a------ C:\WINDOWS\system32\ocbbmpdq.dll
    2008-03-26 00:48 . 2008-03-26 00:49 90,688 --a------ C:\WINDOWS\system32\dsjavhrk.dll
    2008-03-25 08:42 . 2008-03-26 00:22 1,327,027 ---hs---- C:\WINDOWS\system32\qfpeyfnv.ini
    2008-03-25 08:42 . 2008-03-25 08:42 93,248 --a------ C:\WINDOWS\system32\lvhclsra.dll
    2008-03-25 08:39 . 2008-03-25 08:39 91,200 --a------ C:\WINDOWS\system32\aigfcybi.dll
    2008-03-25 00:13 . 2008-03-25 00:13 93,248 --a------ C:\WINDOWS\system32\rvkhwquk.dll
    2008-03-25 00:08 . 2008-03-25 00:08 91,200 --a------ C:\WINDOWS\system32\pqkbyrsf.dll
    2008-03-24 22:13 . 2008-03-24 22:13 93,248 --a------ C:\WINDOWS\system32\cfgegqvu.dll
    2008-03-24 22:11 . 2008-03-24 22:11 91,200 --a------ C:\WINDOWS\system32\eqkcyxaf.dll
    2008-03-24 21:37 . 2008-03-24 21:37 93,248 --a------ C:\WINDOWS\system32\ireytgqp.dll
    2008-03-24 21:35 . 2008-03-24 21:35 91,200 --a------ C:\WINDOWS\system32\asbgemib.dll
    2008-03-24 12:35 . 2008-03-24 12:35 93,248 --a------ C:\WINDOWS\system32\lirrfhia.dll
    2008-03-24 12:33 . 2008-03-24 12:33 91,200 --a------ C:\WINDOWS\system32\lbjydckf.dll
    2008-03-24 12:28 . 2008-03-24 12:28 91,200 --a------ C:\WINDOWS\system32\ftwvutfi.dll
    2008-03-23 02:53 . 2008-03-23 02:53 93,248 --a------ C:\WINDOWS\system32\gbxtvtjt.dll
    2008-03-23 02:51 . 2008-03-23 02:51 92,224 --a------ C:\WINDOWS\system32\uomkywvb.dll
    2008-03-23 02:22 . 2008-03-23 02:22 93,248 --a------ C:\WINDOWS\system32\nrhlaggl.dll
    2008-03-23 02:17 . 2008-03-23 02:17 92,224 --a------ C:\WINDOWS\system32\vmppbnkh.dll
    2008-03-23 02:01 . 2008-03-23 02:01 93,248 --a------ C:\WINDOWS\system32\tdbuvpax.dll
    2008-03-23 01:59 . 2008-03-23 01:59 92,224 --a------ C:\WINDOWS\system32\wfolgoyw.dll
    2008-03-22 23:44 . 2008-03-22 23:44 93,248 --a------ C:\WINDOWS\system32\qqjnywyk.dll
    2008-03-22 23:39 . 2008-03-22 23:39 92,224 --a------ C:\WINDOWS\system32\ywiqhdsf.dll
    2008-03-22 21:15 . 2008-03-22 21:15 93,248 --a------ C:\WINDOWS\system32\xmdjdfht.dll
    2008-03-22 21:13 . 2008-03-22 21:13 92,224 --a------ C:\WINDOWS\system32\hxhpdion.dll
    2008-03-22 14:52 . 2008-03-22 14:52 93,248 --a------ C:\WINDOWS\system32\cexinyqn.dll
    2008-03-22 14:46 . 2008-03-22 14:46 92,224 --a------ C:\WINDOWS\system32\nhwyllob.dll
    2008-03-22 12:55 . 2008-03-22 12:55 93,248 --a------ C:\WINDOWS\system32\qhismkih.dll
    2008-03-22 12:50 . 2008-03-22 12:50 92,224 --a------ C:\WINDOWS\system32\yvtekgdt.dll
    2008-03-21 17:17 . 2008-03-21 17:17 91,712 --a------ C:\WINDOWS\system32\xhjjejur.dll
    2008-03-20 17:20 . 2008-03-20 17:20 91,712 --a------ C:\WINDOWS\system32\rimkliut.dll
    2008-03-20 17:17 . 2008-03-21 17:18 1,367,091 ---hs---- C:\WINDOWS\system32\dtmioigp.ini
    2008-03-20 07:39 . 2008-03-20 07:39 93,248 --a------ C:\WINDOWS\system32\wkkibmjc.dll
    2008-03-20 07:36 . 2008-03-20 07:36 90,688 --a------ C:\WINDOWS\system32\diuwpsaj.dll
    2008-03-19 10:46 . 2008-03-19 10:46 91,200 --a------ C:\WINDOWS\system32\edtvctga.dll
    2008-03-19 07:36 . 2008-03-19 07:36 25,984 --a------ C:\WINDOWS\system32\yaywvst.dll
    2008-03-19 07:18 . 2008-03-19 10:46 1,300,782 ---hs---- C:\WINDOWS\system32\tvhsbktw.ini
    2008-03-19 07:13 . 2008-03-19 07:13 91,200 --a------ C:\WINDOWS\system32\cerxkptc.dll
    2008-03-18 21:56 . 2008-03-19 07:12 1,300,987 ---hs---- C:\WINDOWS\system32\ewmihigy.ini
    2008-03-18 21:54 . 2008-03-18 21:54 91,200 --a------ C:\WINDOWS\system32\tbkebhbm.dll
    2008-03-18 21:51 . 2008-03-18 21:51 <REP> d--hs---- C:\found.000
    2008-03-18 18:03 . 2008-03-18 21:54 1,306,620 ---hs---- C:\WINDOWS\system32\gsgkbqib.ini
    2008-03-18 18:00 . 2008-03-18 18:00 91,200 --a------ C:\WINDOWS\system32\coyeyuhp.dll
    2008-03-18 13:57 . 2008-03-18 13:57 25,984 --a------ C:\WINDOWS\system32\awtsqom.dll
    2008-03-17 18:00 . 2008-03-17 18:00 99,392 --a------ C:\WINDOWS\system32\qgqkudwp.dll
    2008-03-17 17:57 . 2008-03-18 17:58 2,096,772 ---hs---- C:\WINDOWS\system32\qyckygwm.ini
    2008-03-17 17:57 . 2008-03-17 17:57 93,760 --a------ C:\WINDOWS\system32\pvnrphvq.dll
    2008-03-17 12:39 . 2008-03-17 17:57 1,372,550 ---hs---- C:\WINDOWS\system32\egsdrxii.ini
    2008-03-17 12:37 . 2008-03-17 12:37 99,392 --a------ C:\WINDOWS\system32\veiygmws.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-06 18:55 --------- d-----w C:\Program Files\Steam
    2008-04-06 18:07 --------- d-----w C:\Program Files\PowerISO
    2008-04-06 16:27 --------- d-----w C:\Program Files\eMule
    2008-04-04 15:47 --------- d-----w C:\Documents and Settings\Ben\Application Data\teamspeak2
    2008-04-04 12:08 --------- d-----w C:\Program Files\Winamp
    2008-04-01 14:49 --------- d-----w C:\Program Files\Java
    2008-03-12 21:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-12 11:52 --------- d-----w C:\Program Files\Arovax AntiSpyware
    2008-02-15 08:33 --------- d-----w C:\Documents and Settings\Ben\Application Data\BurnModeBat
    2008-02-15 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default
    2008-02-14 13:52 --------- d-----w C:\Program Files\VideoLAN
    2007-11-14 13:46 36,864 ----a-w C:\Documents and Settings\Ben\winlogo.exe
    2007-11-14 13:46 167 ----a-w C:\Documents and Settings\Ben\6758.bat
    2006-07-30 14:20 959 --sha-r C:\WINDOWS\system32\autorun.bin
    2001-10-29 13:00 61,440 --sha-r C:\WINDOWS\system32\Autorun.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71C49B00-FD4A-4CAD-82C5-81871B8277Bb}]
    C:\WINDOWS\system32\ytklvhla.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73CE21EF-CCDB-4434-9109-88C26C9D9569}]
    C:\WINDOWS\system32\ytklvhla.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA96865F-5402-4D15-B04A-C9AED590181A}]
    C:\WINDOWS\system32\awvts.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-11 01:08 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "bait dupe"="C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\toolsecond.exe" [2008-02-15 10:32 469504]
    "Steam"="c:\program files\steam\steam.exe" [2008-04-01 19:33 1271032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
    "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-11-15 00:33 8716288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.lhacm"= lhacm.acm
    "MSVideo"= vfwwdm32.dll
    "MSVideo8"= VfWWDM32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "C:\\Program Files\\Steam\\steamapps\\danyzuka\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \Shell\AutoRun\command - I:\
    \Shell\explore\Command - WScript.exe .\autorun.vbs
    \Shell\open\Command - WScript.exe .\autorun.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eaa45de-c5c5-11dc-bb21-001bfc65bf1c}]
    \Shell\AutoRun\command - J:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b996e1dc-9aeb-11dc-bac8-806d6172696f}]
    \Shell\AutoRun\command - E:\Bin\Assetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-06 18:00:00 C:\WINDOWS\Tasks\B0C2EC9C92496B50.job"
    - c:\docume~1\ben\applic~1\burnmo~1\army wma 2.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-06 20:55:39
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation

    Balayage processus cach‚s ...

    C:\WINDOWS\system32\.f0b5809e\f0b5809e.exe [484]

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    C:\WINDOWS\system32\.f0b5809e

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 1

    **************************************************************************

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
    "msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
    "bait dupe"="C:\\DOCUME~1\\Ben\\APPLIC~1\\BURNMO~1\\toolsecond.exe"
    "Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\f0b5809e]
    "ImagePath"="C:\WINDOWS\system32\.f0b5809e\f0b5809e.exe"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\Program Files\Unlocker\UnlockerHook.dll
    -> C:\WINDOWS\system32\.f0b5809e\f0b5809e.core.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-06 20:57:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-06 18:57:24
    Pre-Run: 64,232,652,800 octets libres
    Post-Run: 63,896,985,600 octets libres
    .
    2008-02-22 02:00:47 --- E O F ---
    a b 8 Sécurité
    6 Avril 2008 21:13:14

    Il reste plein de fichiers à supprimer encore, on va s'en charger.

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\oymidnbs.ini
    C:\WINDOWS\system32\wavebspd.ini
    C:\WINDOWS\system32\mucpihki.ini
    C:\WINDOWS\system32\ubtgseed.ini
    C:\WINDOWS\system32\avsjclye.ini
    C:\WINDOWS\system32\gkyeseyf.ini
    C:\WINDOWS\system32\vilfugmw.ini
    C:\WINDOWS\system32\pgcvrqoi.ini
    C:\WINDOWS\system32\hlxdrrwx.ini
    C:\WINDOWS\system32\yvmifnjq.ini
    C:\WINDOWS\system32\xaiafvqh.ini
    C:\WINDOWS\system32\nsjxqbai.ini
    C:\WINDOWS\system32\gggjayqd.ini
    C:\WINDOWS\system32\yqnphsvl.ini
    C:\WINDOWS\system32\rvrowpva.ini
    C:\WINDOWS\system32\xusahrtb.ini
    C:\WINDOWS\system32\vjtxtnsr.ini
    C:\WINDOWS\system32\ybvqpxcg.ini
    C:\WINDOWS\system32\jebhqqwg.ini
    C:\WINDOWS\system32\udecbohn.ini
    C:\WINDOWS\system32\veteumwq.ini
    C:\WINDOWS\system32\kotyrlmv.ini
    C:\WINDOWS\system32\nmipvvxg.ini
    C:\WINDOWS\system32\muhausnh.ini
    C:\WINDOWS\system32\aljrnrxa.ini
    C:\WINDOWS\system32\skfxdgvl.ini
    C:\WINDOWS\system32\qywmhfhc.ini
    C:\WINDOWS\system32\gisoidct.ini
    C:\WINDOWS\system32\nnjenlhd.ini
    C:\WINDOWS\system32\qqgorxwp.ini
    C:\WINDOWS\system32\ipwinawl.ini
    C:\WINDOWS\system32\xytdquoi.ini
    C:\WINDOWS\system32\mxqretts.ini
    C:\WINDOWS\system32\hqwvdixj.ini
    C:\WINDOWS\system32\xgjljnwa.ini
    C:\WINDOWS\system32\mjsdedhi.ini
    C:\WINDOWS\system32\vrivttyc.ini
    C:\WINDOWS\system32\yurpenlm.dll
    C:\WINDOWS\system32\pjacodxt.dll
    C:\WINDOWS\system32\cweooxax.dll
    C:\WINDOWS\system32\kpnleski.dll
    C:\WINDOWS\system32\erqoxgno.dll
    C:\WINDOWS\system32\ywafnavi.dll
    C:\WINDOWS\system32\rscgkium.ini
    C:\WINDOWS\system32\upphxbtu.dll
    C:\WINDOWS\system32\hhcgdgft.dll
    C:\WINDOWS\system32\jvjjmfcx.dll
    C:\WINDOWS\system32\ocbbmpdq.dll
    C:\WINDOWS\system32\dsjavhrk.dll
    C:\WINDOWS\system32\qfpeyfnv.ini
    C:\WINDOWS\system32\lvhclsra.dll
    C:\WINDOWS\system32\aigfcybi.dll
    C:\WINDOWS\system32\rvkhwquk.dll
    C:\WINDOWS\system32\pqkbyrsf.dll
    C:\WINDOWS\system32\cfgegqvu.dll
    C:\WINDOWS\system32\eqkcyxaf.dll
    C:\WINDOWS\system32\ireytgqp.dll
    C:\WINDOWS\system32\asbgemib.dll
    C:\WINDOWS\system32\lirrfhia.dll
    C:\WINDOWS\system32\lbjydckf.dll
    C:\WINDOWS\system32\ftwvutfi.dll
    C:\WINDOWS\system32\gbxtvtjt.dll
    C:\WINDOWS\system32\uomkywvb.dll
    C:\WINDOWS\system32\nrhlaggl.dll
    C:\WINDOWS\system32\vmppbnkh.dll
    C:\WINDOWS\system32\tdbuvpax.dll
    C:\WINDOWS\system32\wfolgoyw.dll
    C:\WINDOWS\system32\qqjnywyk.dll
    C:\WINDOWS\system32\ywiqhdsf.dll
    C:\WINDOWS\system32\xmdjdfht.dll
    C:\WINDOWS\system32\hxhpdion.dll
    C:\WINDOWS\system32\cexinyqn.dll
    C:\WINDOWS\system32\nhwyllob.dll
    C:\WINDOWS\system32\qhismkih.dll
    C:\WINDOWS\system32\yvtekgdt.dll
    C:\WINDOWS\system32\xhjjejur.dll
    C:\WINDOWS\system32\rimkliut.dll
    C:\WINDOWS\system32\dtmioigp.ini
    C:\WINDOWS\system32\wkkibmjc.dll
    C:\WINDOWS\system32\diuwpsaj.dll
    C:\WINDOWS\system32\edtvctga.dll
    C:\WINDOWS\system32\yaywvst.dll
    C:\WINDOWS\system32\tvhsbktw.ini
    C:\WINDOWS\system32\cerxkptc.dll
    C:\WINDOWS\system32\ewmihigy.ini
    C:\WINDOWS\system32\tbkebhbm.dll
    C:\WINDOWS\system32\gsgkbqib.ini
    C:\WINDOWS\system32\coyeyuhp.dll
    C:\WINDOWS\system32\awtsqom.dll
    C:\WINDOWS\system32\qgqkudwp.dll
    C:\WINDOWS\system32\qyckygwm.ini
    C:\WINDOWS\system32\pvnrphvq.dll
    C:\WINDOWS\system32\egsdrxii.ini
    C:\WINDOWS\system32\veiygmws.dll

    Folder::
    C:\found.000
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71C49B00-FD4A-4CAD-82C5-81871B8277Bb}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73CE21EF-CCDB-4434-9109-88C26C9D9569}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA96865F-5402-4D15-B04A-C9AED590181A}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "bait dupe"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Avril 2008 21:40:55

    Re Angeldark, j'ai donc copié le text et enregistré sous le nom demandé "CFScript.txt" je l'ai glissé dans Combofix.exe

    Ca ma relancé combofix normalement je n'ai pas du tapé sur "1" puis validé?

    J'ai quand même laissé combofix s'éffectué le rapport c'est inscrit mais ca na pas rebooté de sois j'ai donc rebooté par l'unité centrale j'espère que ca n'aura aucune conséquence?

    Voici donc le nouveau combofix :


    ComboFix 08-04-04.1 - Ben 2008-04-06 21:27:16.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1539 [GMT 2:00]
    Endroit: C:\Documents and Settings\Ben\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Ben\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\aigfcybi.dll
    C:\WINDOWS\system32\aljrnrxa.ini
    C:\WINDOWS\system32\asbgemib.dll
    C:\WINDOWS\system32\avsjclye.ini
    C:\WINDOWS\system32\awtsqom.dll
    C:\WINDOWS\system32\cerxkptc.dll
    C:\WINDOWS\system32\cexinyqn.dll
    C:\WINDOWS\system32\cfgegqvu.dll
    C:\WINDOWS\system32\coyeyuhp.dll
    C:\WINDOWS\system32\cweooxax.dll
    C:\WINDOWS\system32\diuwpsaj.dll
    C:\WINDOWS\system32\dsjavhrk.dll
    C:\WINDOWS\system32\dtmioigp.ini
    C:\WINDOWS\system32\edtvctga.dll
    C:\WINDOWS\system32\egsdrxii.ini
    C:\WINDOWS\system32\eqkcyxaf.dll
    C:\WINDOWS\system32\erqoxgno.dll
    C:\WINDOWS\system32\ewmihigy.ini
    C:\WINDOWS\system32\ftwvutfi.dll
    C:\WINDOWS\system32\gbxtvtjt.dll
    C:\WINDOWS\system32\gggjayqd.ini
    C:\WINDOWS\system32\gisoidct.ini
    C:\WINDOWS\system32\gkyeseyf.ini
    C:\WINDOWS\system32\gsgkbqib.ini
    C:\WINDOWS\system32\hhcgdgft.dll
    C:\WINDOWS\system32\hlxdrrwx.ini
    C:\WINDOWS\system32\hqwvdixj.ini
    C:\WINDOWS\system32\hxhpdion.dll
    C:\WINDOWS\system32\ipwinawl.ini
    C:\WINDOWS\system32\ireytgqp.dll
    C:\WINDOWS\system32\jebhqqwg.ini
    C:\WINDOWS\system32\jvjjmfcx.dll
    C:\WINDOWS\system32\kotyrlmv.ini
    C:\WINDOWS\system32\kpnleski.dll
    C:\WINDOWS\system32\lbjydckf.dll
    C:\WINDOWS\system32\lirrfhia.dll
    C:\WINDOWS\system32\lvhclsra.dll
    C:\WINDOWS\system32\mjsdedhi.ini
    C:\WINDOWS\system32\mucpihki.ini
    C:\WINDOWS\system32\muhausnh.ini
    C:\WINDOWS\system32\mxqretts.ini
    C:\WINDOWS\system32\nhwyllob.dll
    C:\WINDOWS\system32\nmipvvxg.ini
    C:\WINDOWS\system32\nnjenlhd.ini
    C:\WINDOWS\system32\nrhlaggl.dll
    C:\WINDOWS\system32\nsjxqbai.ini
    C:\WINDOWS\system32\ocbbmpdq.dll
    C:\WINDOWS\system32\oymidnbs.ini
    C:\WINDOWS\system32\pgcvrqoi.ini
    C:\WINDOWS\system32\pjacodxt.dll
    C:\WINDOWS\system32\pqkbyrsf.dll
    C:\WINDOWS\system32\pvnrphvq.dll
    C:\WINDOWS\system32\qfpeyfnv.ini
    C:\WINDOWS\system32\qgqkudwp.dll
    C:\WINDOWS\system32\qhismkih.dll
    C:\WINDOWS\system32\qqgorxwp.ini
    C:\WINDOWS\system32\qqjnywyk.dll
    C:\WINDOWS\system32\qyckygwm.ini
    C:\WINDOWS\system32\qywmhfhc.ini
    C:\WINDOWS\system32\rimkliut.dll
    C:\WINDOWS\system32\rscgkium.ini
    C:\WINDOWS\system32\rvkhwquk.dll
    C:\WINDOWS\system32\rvrowpva.ini
    C:\WINDOWS\system32\skfxdgvl.ini
    C:\WINDOWS\system32\tbkebhbm.dll
    C:\WINDOWS\system32\tdbuvpax.dll
    C:\WINDOWS\system32\tvhsbktw.ini
    C:\WINDOWS\system32\ubtgseed.ini
    C:\WINDOWS\system32\udecbohn.ini
    C:\WINDOWS\system32\uomkywvb.dll
    C:\WINDOWS\system32\upphxbtu.dll
    C:\WINDOWS\system32\veiygmws.dll
    C:\WINDOWS\system32\veteumwq.ini
    C:\WINDOWS\system32\vilfugmw.ini
    C:\WINDOWS\system32\vjtxtnsr.ini
    C:\WINDOWS\system32\vmppbnkh.dll
    C:\WINDOWS\system32\vrivttyc.ini
    C:\WINDOWS\system32\wavebspd.ini
    C:\WINDOWS\system32\wfolgoyw.dll
    C:\WINDOWS\system32\wkkibmjc.dll
    C:\WINDOWS\system32\xaiafvqh.ini
    C:\WINDOWS\system32\xgjljnwa.ini
    C:\WINDOWS\system32\xhjjejur.dll
    C:\WINDOWS\system32\xmdjdfht.dll
    C:\WINDOWS\system32\xusahrtb.ini
    C:\WINDOWS\system32\xytdquoi.ini
    C:\WINDOWS\system32\yaywvst.dll
    C:\WINDOWS\system32\ybvqpxcg.ini
    C:\WINDOWS\system32\yqnphsvl.ini
    C:\WINDOWS\system32\yurpenlm.dll
    C:\WINDOWS\system32\yvmifnjq.ini
    C:\WINDOWS\system32\yvtekgdt.dll
    C:\WINDOWS\system32\ywafnavi.dll
    C:\WINDOWS\system32\ywiqhdsf.dll
    .
    /wow section - STAGE 35
    pv: No matching processes found
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

    /wow section - STAGE 36
    Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\d.exe
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\0
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\army wma 2.exe
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\ktdtmbeb.exe
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\ofcyndik.exe
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\PLAY LESS ROAM PLAN.exe
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\shslawfk.exe
    C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\toolsecond.exe
    C:\Documents and Settings\Ben\ResErrors.log
    C:\Documents and Settings\Ben\winlogo.exe
    C:\found.000
    C:\found.000\dir0000.chk\explorer.exe.hdmp
    C:\found.000\dir0000.chk\explorer.exe.mdmp
    C:\WINDOWS\system32\aigfcybi.dll
    C:\WINDOWS\system32\aljrnrxa.ini
    C:\WINDOWS\system32\amefnkki.dll
    C:\WINDOWS\system32\asbgemib.dll
    C:\WINDOWS\system32\auimpbqd.dll
    C:\WINDOWS\system32\avsjclye.ini
    C:\WINDOWS\system32\awtsqom.dll
    C:\WINDOWS\system32\bpkwvsvf.dll
    C:\WINDOWS\system32\buutkbpr.dll
    C:\WINDOWS\system32\cdwuncon.dll
    C:\WINDOWS\system32\cerxkptc.dll
    C:\WINDOWS\system32\cexinyqn.dll
    C:\WINDOWS\system32\cfgegqvu.dll
    C:\WINDOWS\system32\chlwairn.dll
    C:\WINDOWS\system32\cjkolbdi.dll
    C:\WINDOWS\system32\cnwsdiop.dll
    C:\WINDOWS\system32\cnyhagmo.dll
    C:\WINDOWS\system32\coyeyuhp.dll
    C:\WINDOWS\system32\cweooxax.dll
    C:\WINDOWS\system32\dcrbgkag.dll
    C:\WINDOWS\system32\dffjstfp.dll
    C:\WINDOWS\system32\dibiogqf.dll
    C:\WINDOWS\system32\diuwpsaj.dll
    C:\WINDOWS\system32\dotlbhff.ini
    C:\WINDOWS\system32\dsjavhrk.dll
    C:\WINDOWS\system32\dtmioigp.ini
    C:\WINDOWS\system32\duxmqqvw.dll
    C:\WINDOWS\system32\eavuwyks.dll
    C:\WINDOWS\system32\ebmeathi.dll
    C:\WINDOWS\system32\edtvctga.dll
    C:\WINDOWS\system32\egsdrxii.ini
    C:\WINDOWS\system32\ehsbdphr.dll
    C:\WINDOWS\system32\emtklhsi.dll
    C:\WINDOWS\system32\eqkcyxaf.dll
    C:\WINDOWS\system32\erqoxgno.dll
    C:\WINDOWS\system32\evofreth.dll
    C:\WINDOWS\system32\ewmihigy.ini
    C:\WINDOWS\system32\ffefbxpy.dll
    C:\WINDOWS\system32\ffehsobw.dll
    C:\WINDOWS\system32\ffhbltod.dll
    C:\WINDOWS\system32\fmitrgja.dll
    C:\WINDOWS\system32\fncrfrit.dll
    C:\WINDOWS\system32\fpvbfqpn.ini
    C:\WINDOWS\system32\fqerbjnd.dll
    C:\WINDOWS\system32\ftwvutfi.dll
    C:\WINDOWS\system32\gbxtvtjt.dll
    C:\WINDOWS\system32\ggcbagsd.dll
    C:\WINDOWS\system32\gggjayqd.ini
    C:\WINDOWS\system32\giqocqqq.dll
    C:\WINDOWS\system32\gisoidct.ini
    C:\WINDOWS\system32\gkyeseyf.ini
    C:\WINDOWS\system32\gligfsly.dll
    C:\WINDOWS\system32\gscinhmq.dll
    C:\WINDOWS\system32\gsgkbqib.ini
    C:\WINDOWS\system32\gwxonefe.dll
    C:\WINDOWS\system32\hcdnsfte.dll
    C:\WINDOWS\system32\hgogefoy.dll
    C:\WINDOWS\system32\hhcgdgft.dll
    C:\WINDOWS\system32\hlxdrrwx.ini
    C:\WINDOWS\system32\hqwvdixj.ini
    C:\WINDOWS\system32\hxhpdion.dll
    C:\WINDOWS\system32\iieewiti.dll
    C:\WINDOWS\system32\inpqqoqw.dll
    C:\WINDOWS\system32\invwsvfy.dll
    C:\WINDOWS\system32\ipwinawl.ini
    C:\WINDOWS\system32\ireytgqp.dll
    C:\WINDOWS\system32\iudmfujt.dll
    C:\WINDOWS\system32\jebhqqwg.ini
    C:\WINDOWS\system32\jtrhtjtn.dll
    C:\WINDOWS\system32\jvjjmfcx.dll
    C:\WINDOWS\system32\jwfsqook.dll
    C:\WINDOWS\system32\kotyrlmv.ini
    C:\WINDOWS\system32\kpnleski.dll
    C:\WINDOWS\system32\kublgqib.dll
    C:\WINDOWS\system32\lbjydckf.dll
    C:\WINDOWS\system32\lfbikura.dll
    C:\WINDOWS\system32\lirrfhia.dll
    C:\WINDOWS\system32\lvhclsra.dll
    C:\WINDOWS\system32\mcgohcxc.dll
    C:\WINDOWS\system32\mdtugyjg.dll
    C:\WINDOWS\system32\mjsdedhi.ini
    C:\WINDOWS\system32\mkajivns.dll
    C:\WINDOWS\system32\mrovrlxr.dll
    C:\WINDOWS\system32\mucpihki.ini
    C:\WINDOWS\system32\muhausnh.ini
    C:\WINDOWS\system32\mxqretts.ini
    C:\WINDOWS\system32\myqotmmv.dll
    C:\WINDOWS\system32\nhwyllob.dll
    C:\WINDOWS\system32\niokpfeh.dll
    C:\WINDOWS\system32\nkintico.dll
    C:\WINDOWS\system32\nmipvvxg.ini
    C:\WINDOWS\system32\nnjenlhd.ini
    C:\WINDOWS\system32\npqfbvpf.dll
    C:\WINDOWS\system32\npyhshnh.dll
    C:\WINDOWS\system32\nrhlaggl.dll
    C:\WINDOWS\system32\nsjxqbai.ini
    C:\WINDOWS\system32\obucnmhm.dll
    C:\WINDOWS\system32\ocbbmpdq.dll
    C:\WINDOWS\system32\ogoftmrw.dll
    C:\WINDOWS\system32\okuwfvui.dll
    C:\WINDOWS\system32\olilragg.dll
    C:\WINDOWS\system32\omwnlioi.dll
    C:\WINDOWS\system32\oqxykfig.dll
    C:\WINDOWS\system32\oteqcrlg.dll
    C:\WINDOWS\system32\oymidnbs.ini
    C:\WINDOWS\system32\paootnsr.dll
    C:\WINDOWS\system32\pdsryifn.dll
    C:\WINDOWS\system32\pgcvrqoi.ini
    C:\WINDOWS\system32\pjacodxt.dll
    C:\WINDOWS\system32\pjairdap.dll
    C:\WINDOWS\system32\pkiequnm.dll
    C:\WINDOWS\system32\plvgyxed.dll
    C:\WINDOWS\system32\pmajecyx.dll
    C:\WINDOWS\system32\pnhtjxpg.dll
    C:\WINDOWS\system32\pqkbyrsf.dll
    C:\WINDOWS\system32\pqkvrdra.dll
    C:\WINDOWS\system32\psklwkjn.dll
    C:\WINDOWS\system32\pvnrphvq.dll
    C:\WINDOWS\system32\qfpeyfnv.ini
    C:\WINDOWS\system32\qgqkudwp.dll
    C:\WINDOWS\system32\qhismkih.dll
    C:\WINDOWS\system32\qlrnhfrj.dll
    C:\WINDOWS\system32\qqgorxwp.ini
    C:\WINDOWS\system32\qqjnywyk.dll
    C:\WINDOWS\system32\qyckygwm.ini
    C:\WINDOWS\system32\qywmhfhc.ini
    C:\WINDOWS\system32\rimkliut.dll
    C:\WINDOWS\system32\rklplqic.dll
    C:\WINDOWS\system32\rnsefbeh.dll
    C:\WINDOWS\system32\rpmermwx.dll
    C:\WINDOWS\system32\rscgkium.ini
    C:\WINDOWS\system32\rvkhwquk.dll
    C:\WINDOWS\system32\rvrowpva.ini
    C:\WINDOWS\system32\rxgxbifd.dll
    C:\WINDOWS\system32\skfxdgvl.ini
    C:\WINDOWS\system32\tbkebhbm.dll
    C:\WINDOWS\system32\tbtwrdrq.dll
    C:\WINDOWS\system32\tciusskl.dll
    C:\WINDOWS\system32\tdbuvpax.dll
    C:\WINDOWS\system32\tdinsloa.dll
    C:\WINDOWS\system32\trlpicyw.dll
    C:\WINDOWS\system32\tvhsbktw.ini
    C:\WINDOWS\system32\ubtgseed.ini
    C:\WINDOWS\system32\udecbohn.ini
    C:\WINDOWS\system32\uomkywvb.dll
    C:\WINDOWS\system32\upphxbtu.dll
    C:\WINDOWS\system32\vagmlejv.dll
    C:\WINDOWS\system32\veiygmws.dll
    C:\WINDOWS\system32\veteumwq.ini
    C:\WINDOWS\system32\vewtythg.dll
    C:\WINDOWS\system32\vfvoyvvq.dll
    C:\WINDOWS\system32\vhbdpkdn.dll
    C:\WINDOWS\system32\vilfugmw.ini
    C:\WINDOWS\system32\vjtxtnsr.ini
    C:\WINDOWS\system32\vmppbnkh.dll
    C:\WINDOWS\system32\vpdiyxfw.dll
    C:\WINDOWS\system32\vrivttyc.ini
    C:\WINDOWS\system32\vystqmgl.dll
    C:\WINDOWS\system32\wavebspd.ini
    C:\WINDOWS\system32\wcfmkuuo.dll
    C:\WINDOWS\system32\wfolgoyw.dll
    C:\WINDOWS\system32\wkbsqytg.dll
    C:\WINDOWS\system32\wkkibmjc.dll
    C:\WINDOWS\system32\wujvkkty.dll
    C:\WINDOWS\system32\xaiafvqh.ini
    C:\WINDOWS\system32\xcamgckx.dll
    C:\WINDOWS\system32\xgjljnwa.ini
    C:\WINDOWS\system32\xhjjejur.dll
    C:\WINDOWS\system32\xmafyxpe.dll
    C:\WINDOWS\system32\xmdjdfht.dll
    C:\WINDOWS\system32\xotekvvs.dll
    C:\WINDOWS\system32\xusahrtb.ini
    C:\WINDOWS\system32\xvuhlcwt.dll
    C:\WINDOWS\system32\xypoxnpd.dll
    C:\WINDOWS\system32\xytdquoi.ini
    C:\WINDOWS\system32\yaywvst.dll
    C:\WINDOWS\system32\ybvqpxcg.ini
    C:\WINDOWS\system32\yddfnoyi.dll
    C:\WINDOWS\system32\yewquuky.dll
    C:\WINDOWS\system32\yqnphsvl.ini
    C:\WINDOWS\system32\yurpenlm.dll
    C:\WINDOWS\system32\yvmifnjq.ini
    C:\WINDOWS\system32\yvtekgdt.dll
    C:\WINDOWS\system32\ywafnavi.dll
    C:\WINDOWS\system32\ywiqhdsf.dll
    C:\WINDOWS\system32\yxetxtbs.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-06 18:27 . 2008-04-06 18:27 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-05 22:42 . 2008-04-05 22:42 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-04-01 20:26 . 2008-04-01 22:34 <REP> d-------- C:\Program Files\The All-Seeing Eye
    2008-03-30 21:54 . 2008-03-30 21:54 3,416 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
    2008-03-29 14:29 . 2008-03-29 14:29 26,800 --a------ C:\WINDOWS\system32\hgGaxuts.dll
    2008-03-16 16:22 . 2008-03-17 12:36 1,368,015 ---hs---- C:\WINDOWS\system32\ccglacyn.ini
    2008-03-16 13:29 . 2008-03-16 16:16 1,367,823 ---hs---- C:\WINDOWS\system32\meyrhqnw.ini
    2008-03-16 05:15 . 2008-03-16 13:23 1,367,703 ---hs---- C:\WINDOWS\system32\efjaiuej.ini
    2008-03-16 00:27 . 2008-03-16 05:12 1,367,532 ---hs---- C:\WINDOWS\system32\uqwlqbhk.ini
    2008-03-15 19:05 . 2008-03-16 00:27 1,367,412 ---hs---- C:\WINDOWS\system32\rhywtkka.ini
    2008-03-15 18:33 . 2008-03-15 18:59 1,367,283 ---hs---- C:\WINDOWS\system32\shltfcqe.ini
    2008-03-15 18:06 . 2008-03-15 18:30 1,367,163 ---hs---- C:\WINDOWS\system32\okpayolq.ini
    2008-03-15 14:38 . 2008-03-15 17:20 1,367,061 ---hs---- C:\WINDOWS\system32\cpooyppy.ini
    2008-03-15 14:16 . 2008-03-15 14:35 1,366,863 ---hs---- C:\WINDOWS\system32\baaweans.ini
    2008-03-15 03:48 . 2008-03-15 14:14 1,366,752 ---hs---- C:\WINDOWS\system32\lcqbtysb.ini
    2008-03-14 21:53 . 2008-03-15 01:40 1,333,954 ---hs---- C:\WINDOWS\system32\mwaonsbl.ini
    2008-03-14 21:45 . 2008-03-14 21:48 1,333,825 ---hs---- C:\WINDOWS\system32\qjucegoa.ini
    2008-03-14 19:44 . 2008-03-14 21:42 1,333,714 ---hs---- C:\WINDOWS\system32\eqcksviu.ini
    2008-03-14 18:50 . 2008-03-14 19:41 1,328,013 ---hs---- C:\WINDOWS\system32\sowidvva.ini
    2008-03-14 17:18 . 2008-03-14 18:50 1,327,893 ---hs---- C:\WINDOWS\system32\xrqgqsfj.ini
    2008-03-14 17:10 . 2008-03-14 17:12 1,327,773 ---hs---- C:\WINDOWS\system32\gxfonilp.ini
    2008-03-14 17:04 . 2008-03-14 17:07 1,333,719 ---hs---- C:\WINDOWS\system32\nlaqirsp.ini
    2008-03-14 16:13 . 2008-03-14 17:03 1,330,728 ---hs---- C:\WINDOWS\system32\crquwvws.ini
    2008-03-14 15:54 . 2008-03-14 16:07 1,330,608 ---hs---- C:\WINDOWS\system32\cguqghol.ini
    2008-03-14 15:17 . 2008-03-14 15:52 1,321,722 ---hs---- C:\WINDOWS\system32\hfhtojce.ini
    2008-03-14 13:43 . 2008-03-14 15:16 1,330,137 ---hs---- C:\WINDOWS\system32\fmwqvksy.ini
    2008-03-14 02:30 . 2008-03-14 02:33 <REP> d-------- C:\Program Files\Mumble
    2008-03-14 02:28 . 2008-03-14 13:40 1,350,643 ---hs---- C:\WINDOWS\system32\iawllyev.ini
    2008-03-13 09:37 . 2008-03-14 02:25 1,345,087 ---hs---- C:\WINDOWS\system32\pglqwwit.ini
    2008-03-13 00:04 . 2008-03-13 09:34 1,321,831 ---hs---- C:\WINDOWS\system32\xsavwemv.ini
    2008-03-12 23:51 . 2008-03-13 00:01 1,321,702 ---hs---- C:\WINDOWS\system32\djbrbsub.ini
    2008-03-12 23:47 . 2008-03-12 23:47 <REP> d-------- C:\Program Files\Veoh Networks
    2008-03-12 20:20 . 2008-03-12 23:47 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-03-12 20:19 . 2008-03-12 20:20 21,073,040 --a------ C:\Program Files\VeohSetup-3.9.0.1099.exe
    2008-03-12 17:50 . 2008-03-13 00:10 1,348 --a------ C:\WINDOWS\mozver.dat
    2008-03-12 13:57 . 2008-03-12 23:45 1,321,634 ---hs---- C:\WINDOWS\system32\pppbotwd.ini
    2008-03-12 13:50 . 2008-03-12 13:56 1,321,469 ---hs---- C:\WINDOWS\system32\cnwrqmwg.ini
    2008-03-12 13:45 . 2008-03-12 13:47 1,321,349 ---hs---- C:\WINDOWS\system32\eujkuhxf.ini
    2008-03-12 13:42 . 2008-03-12 13:42 1,321,229 ---hs---- C:\WINDOWS\system32\kebxyypm.ini
    2008-03-12 13:28 . 2008-03-12 13:39 1,321,187 ---hs---- C:\WINDOWS\system32\hmnvcbgq.ini
    2008-03-12 13:03 . 2008-03-12 13:28 1,320,989 ---hs---- C:\WINDOWS\system32\hkodcptg.ini
    2008-03-12 12:54 . 2008-03-12 12:57 1,320,809 ---hs---- C:\WINDOWS\system32\eumqevil.ini
    2008-03-12 12:43 . 2008-03-12 12:48 1,320,689 ---hs---- C:\WINDOWS\system32\wtgqmwfl.ini
    2008-03-12 10:14 . 2008-03-12 12:42 1,320,569 ---hs---- C:\WINDOWS\system32\krepybwp.ini
    2008-03-12 10:10 . 2008-03-12 10:11 1,319,725 ---hs---- C:\WINDOWS\system32\nsdwdgbu.ini
    2008-03-12 09:22 . 2008-03-12 10:04 1,319,605 ---hs---- C:\WINDOWS\system32\jnbuicep.ini
    2008-03-12 09:14 . 2008-03-12 09:19 1,319,485 ---hs---- C:\WINDOWS\system32\ycgxcbvt.ini
    2008-03-12 09:11 . 2008-03-12 09:13 1,319,365 ---hs---- C:\WINDOWS\system32\mbpwowtg.ini
    2008-03-12 04:06 . 2008-03-12 09:05 1,319,970 ---hs---- C:\WINDOWS\system32\dmtkynbv.ini
    2008-03-12 03:59 . 2008-03-12 04:04 1,319,790 ---hs---- C:\WINDOWS\system32\fpyrpddy.ini
    2008-03-12 03:41 . 2008-03-12 03:59 1,319,670 ---hs---- C:\WINDOWS\system32\iywhvgju.ini
    2008-03-12 01:17 . 2008-03-12 03:35 1,319,550 ---hs---- C:\WINDOWS\system32\xslspgxh.ini
    2008-03-12 01:12 . 2008-03-12 01:14 1,319,430 ---hs---- C:\WINDOWS\system32\tcjwyvhq.ini
    2008-03-12 01:02 . 2008-03-12 01:09 1,319,319 ---hs---- C:\WINDOWS\system32\mjtljisa.ini
    2008-03-12 00:57 . 2008-03-12 00:59 1,319,190 ---hs---- C:\WINDOWS\system32\xrdkncvm.ini
    2008-03-12 00:53 . 2008-03-12 00:54 1,319,070 ---hs---- C:\WINDOWS\system32\hburggxa.ini
    2008-03-12 00:41 . 2008-03-12 00:51 1,318,950 ---hs---- C:\WINDOWS\system32\lyngqdbs.ini
    2008-03-12 00:39 . 2008-03-12 00:39 90,688 --a------ C:\WINDOWS\system32\mjyepnnn.dll
    2008-03-12 00:17 . 2008-03-12 00:38 1,318,830 ---hs---- C:\WINDOWS\system32\uwvkunni.ini
    2008-03-12 00:17 . 2008-03-12 00:17 93,248 --a------ C:\WINDOWS\system32\sawcwmce.dll
    2008-03-12 00:14 . 2008-03-12 00:14 90,688 --a------ C:\WINDOWS\system32\iteovrrf.dll
    2008-03-12 00:13 . 2008-03-12 00:13 93,248 --a------ C:\WINDOWS\system32\majgcxff.dll
    2008-03-12 00:10 . 2008-03-12 00:10 90,688 --a------ C:\WINDOWS\system32\pifrpmda.dll
    2008-03-12 00:09 . 2008-03-12 00:14 1,318,710 ---hs---- C:\WINDOWS\system32\vqsmqlga.ini
    2008-03-12 00:09 . 2008-03-12 00:09 90,688 --a------ C:\WINDOWS\system32\hqfrlwbb.dll
    2008-03-11 23:24 . 2008-03-11 23:24 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-11 20:58 . 2008-03-11 20:58 93,248 --a------ C:\WINDOWS\system32\jnuprgug.dll
    2008-03-11 20:56 . 2008-03-12 00:08 1,318,539 ---hs---- C:\WINDOWS\system32\rqbwmsam.ini
    2008-03-11 20:56 . 2008-03-11 20:56 90,688 --a------ C:\WINDOWS\system32\qltpqvch.dll
    2008-03-11 20:37 . 2008-03-11 20:55 1,318,350 ---hs---- C:\WINDOWS\system32\wlarttnu.ini
    2008-03-11 20:37 . 2008-03-11 20:37 93,248 --a------ C:\WINDOWS\system32\kcbupbyw.dll
    2008-03-11 20:35 . 2008-03-11 20:35 90,688 --a------ C:\WINDOWS\system32\ajvcusmc.dll
    2008-03-11 20:33 . 2008-03-11 20:33 90,688 --a------ C:\WINDOWS\system32\xfoenwhk.dll
    2008-03-11 20:29 . 2008-03-11 20:34 1,318,230 ---hs---- C:\WINDOWS\system32\sevwaiis.ini
    2008-03-11 20:27 . 2008-03-11 20:27 90,688 --a------ C:\WINDOWS\system32\grnynopw.dll
    2008-03-11 20:23 . 2008-03-11 20:27 1,318,050 ---hs---- C:\WINDOWS\system32\hpvdevfc.ini
    2008-03-11 20:21 . 2008-03-11 20:21 90,688 --a------ C:\WINDOWS\system32\hbnalmuv.dll
    2008-03-11 20:19 . 2008-03-11 20:19 93,248 --a------ C:\WINDOWS\system32\xjefrmwl.dll
    2008-03-11 20:17 . 2008-03-11 20:21 1,317,930 ---hs---- C:\WINDOWS\system32\ikkxnwbe.ini
    2008-03-11 20:17 . 2008-03-11 20:17 90,688 --a------ C:\WINDOWS\system32\ggwesnsq.dll
    2008-03-11 20:14 . 2008-03-11 20:16 1,317,810 ---hs---- C:\WINDOWS\system32\uukdsvqo.ini
    2008-03-11 20:14 . 2008-03-11 20:14 90,688 --a------ C:\WINDOWS\system32\cekrndjf.dll
    2008-03-11 20:12 . 2008-03-11 20:12 93,248 --a------ C:\WINDOWS\system32\msjqgnbk.dll
    2008-03-11 20:10 . 2008-03-11 20:13 1,317,690 ---hs---- C:\WINDOWS\system32\lmfdkguj.ini
    2008-03-11 20:10 . 2008-03-11 20:10 90,688 --a------ C:\WINDOWS\system32\wtuluoea.dll
    2008-03-11 20:08 . 2008-03-11 20:08 90,688 --a------ C:\WINDOWS\system32\pbdawiho.dll
    2008-03-11 20:07 . 2008-03-11 20:07 93,248 --a------ C:\WINDOWS\system32\dpjddtkw.dll
    2008-03-11 20:05 . 2008-03-11 20:09 1,317,570 ---hs---- C:\WINDOWS\system32\mdjebyng.ini
    2008-03-11 20:04 . 2008-03-11 20:04 90,688 --a------ C:\WINDOWS\system32\vwejkyky.dll
    2008-03-11 16:06 . 2008-03-11 16:06 93,248 --a------ C:\WINDOWS\system32\ahfcykuq.dll
    2008-03-11 16:03 . 2008-03-11 20:04 1,317,417 ---hs---- C:\WINDOWS\system32\ythrgkck.ini
    2008-03-11 16:01 . 2008-03-11 16:01 90,688 --a------ C:\WINDOWS\system32\tmligdvm.dll
    2008-03-11 15:38 . 2008-03-11 16:01 1,317,150 ---hs---- C:\WINDOWS\system32\rrxxulki.ini
    2008-03-11 15:35 . 2008-03-11 15:35 93,248 --a------ C:\WINDOWS\system32\ujtrnhyc.dll
    2008-03-11 15:33 . 2008-03-11 15:33 90,688 --a------ C:\WINDOWS\system32\stckccqt.dll
    2008-03-11 14:54 . 2008-03-11 15:32 1,317,030 ---hs---- C:\WINDOWS\system32\vfvthkqd.ini
    2008-03-11 14:51 . 2008-03-11 14:51 93,248 --a------ C:\WINDOWS\system32\nrofaysr.dll
    2008-03-11 14:48 . 2008-03-11 14:48 90,688 --a------ C:\WINDOWS\system32\evpoosie.dll
    2008-03-11 14:12 . 2008-03-11 14:12 93,248 --a------ C:\WINDOWS\system32\jqlynsqd.dll
    2008-03-11 14:09 . 2008-03-11 14:48 1,318,713 ---hs---- C:\WINDOWS\system32\ykwxhllt.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-05 16:36 91,712 ----a-w C:\WINDOWS\system32\egkwsexl.dll
    2008-03-04 21:43 96,832 ----a-w C:\WINDOWS\system32\htmvwrff.dll
    2008-03-04 21:37 91,712 ----a-w C:\WINDOWS\system32\arqaxdds.dll
    2008-03-04 20:34 96,832 ----a-w C:\WINDOWS\system32\oiudvjbp.dll
    2008-03-04 20:31 91,712 ----a-w C:\WINDOWS\system32\wquipwto.dll
    2008-03-04 17:49 96,832 ----a-w C:\WINDOWS\system32\xcwmepsr.dll
    2008-03-04 17:43 91,712 ----a-w C:\WINDOWS\system32\lhfvpkqv.dll
    2008-03-04 09:28 91,712 ----a-w C:\WINDOWS\system32\jcwnnxul.dll
    2008-03-03 19:19 95,296 ----a-w C:\WINDOWS\system32\dvtbjnck.dll
    2008-03-03 19:17 91,712 ----a-w C:\WINDOWS\system32\vvkdvbhw.dll
    2008-03-03 13:18 91,712 ----a-w C:\WINDOWS\system32\rrgdrjbo.dll
    2008-03-02 20:40 91,712 ----a-w C:\WINDOWS\system32\hlsrojfm.dll
    2008-03-02 19:01 91,712 ----a-w C:\WINDOWS\system32\ahsnfupo.dll
    2008-03-02 10:43 91,712 ----a-w C:\WINDOWS\system32\rdonmxpr.dll
    2008-03-02 09:41 91,712 ----a-w C:\WINDOWS\system32\acnyxrbm.dll
    2008-03-02 09:37 91,712 ----a-w C:\WINDOWS\system32\iryqvxyq.dll
    2008-03-02 09:34 91,712 ----a-w C:\WINDOWS\system32\jfwvvoll.dll
    2008-03-02 09:08 91,712 ----a-w C:\WINDOWS\system32\voilvxix.dll
    2008-03-02 08:06 91,712 ----a-w C:\WINDOWS\system32\idulginy.dll
    2008-03-02 08:03 91,712 ----a-w C:\WINDOWS\system32\rldejrmk.dll
    2008-03-02 07:41 91,712 ----a-w C:\WINDOWS\system32\ijcjwnsq.dll
    2008-03-02 07:36 91,712 ----a-w C:\WINDOWS\system32\rosgtayw.dll
    2008-03-01 10:15 91,712 ----a-w C:\WINDOWS\system32\cfwvfppk.dll
    2008-02-29 13:26 91,712 ----a-w C:\WINDOWS\system32\higaorbq.dll
    2008-02-29 05:56 91,712 ----a-w C:\WINDOWS\system32\hoyokdyi.dll
    2008-02-29 01:20 91,712 ----a-w C:\WINDOWS\system32\erypterh.dll
    2008-02-28 19:22 91,712 ----a-w C:\WINDOWS\system32\mxchfuxb.dll
    2008-02-28 01:42 91,712 ----a-w C:\WINDOWS\system32\bfhsnsdw.dll
    2008-02-27 13:03 91,712 ----a-w C:\WINDOWS\system32\umgxirce.dll
    2008-02-27 11:24 91,712 ----a-w C:\WINDOWS\system32\uxgrqlys.dll
    2008-02-26 21:32 91,712 ----a-w C:\WINDOWS\system32\vplwittr.dll
    2008-02-25 20:53 90,688 ----a-w C:\WINDOWS\system32\hlnbrumf.dll
    2008-02-25 19:01 90,688 ----a-w C:\WINDOWS\system32\rovypqvs.dll
    2008-02-25 13:44 90,688 ----a-w C:\WINDOWS\system32\vevcpjmt.dll
    2008-02-25 12:34 90,688 ----a-w C:\WINDOWS\system32\urckxsco.dll
    2008-02-25 12:25 90,688 ----a-w C:\WINDOWS\system32\jwfrmrjw.dll
    2008-02-25 12:22 90,688 ----a-w C:\WINDOWS\system32\mfpyblqs.dll
    2008-02-25 12:17 90,688 ----a-w C:\WINDOWS\system32\ikserogj.dll
    2008-02-25 12:13 90,688 ----a-w C:\WINDOWS\system32\jeequcpf.dll
    2008-02-22 11:53 91,712 ----a-w C:\WINDOWS\system32\cqblwbkq.dll
    2008-02-22 10:34 91,712 ----a-w C:\WINDOWS\system32\gvgnkaip.dll
    2008-02-22 00:13 93,760 ----a-w C:\WINDOWS\system32\coasvhyk.dll
    2008-02-21 21:14 93,760 ----a-w C:\WINDOWS\system32\karxkftu.dll
    2008-02-21 20:56 93,760 ----a-w C:\WINDOWS\system32\ihvsdxav.dll
    2008-02-21 17:36 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-02-21 12:19 93,760 ----a-w C:\WINDOWS\system32\jhiobfmf.dll
    2008-02-21 11:33 93,760 ----a-w C:\WINDOWS\system32\afsqufay.dll
    2008-02-18 19:09 93,248 ----a-w C:\WINDOWS\system32\dgevmmrk.dll
    2008-02-18 12:52 93,248 ----a-w C:\WINDOWS\system32\uupqgcmb.dll
    2008-02-18 12:14 93,248 ----a-w C:\WINDOWS\system32\vdbvvuca.dll
    2008-02-18 10:51 93,248 ----a-w C:\WINDOWS\system32\behhifhc.dll
    2008-02-18 07:10 97,344 ----a-w C:\WINDOWS\system32\rneqthsb.dll
    2008-02-17 23:16 97,344 ----a-w C:\WINDOWS\system32\wsterxuw.dll
    2008-02-17 23:12 97,344 ----a-w C:\WINDOWS\system32\kmnwuiiu.dll
    2008-02-17 23:05 97,344 ----a-w C:\WINDOWS\system32\nwswkefx.dll
    2008-02-17 23:00 97,344 ----a-w C:\WINDOWS\system32\olmarmvu.dll
    2008-02-17 22:52 97,344 ----a-w C:\WINDOWS\system32\upvmvssq.dll
    2008-02-17 20:12 97,344 ----a-w C:\WINDOWS\system32\wqkkbcbm.dll
    2008-02-17 19:51 97,344 ----a-w C:\WINDOWS\system32\kaqfgram.dll
    2008-02-17 19:32 97,344 ----a-w C:\WINDOWS\system32\xaatbyfj.dll
    2008-02-17 19:21 97,344 ----a-w C:\WINDOWS\system32\brralook.dll
    2008-02-17 19:05 97,344 ----a-w C:\WINDOWS\system32\otjkguhr.dll
    2008-02-17 18:50 97,344 ----a-w C:\WINDOWS\system32\axrgbxks.dll
    2008-02-17 17:14 97,344 ----a-w C:\WINDOWS\system32\tcwqwaiv.dll
    2008-02-16 07:15 91,712 ----a-w C:\WINDOWS\system32\youfanvl.dll
    2008-02-16 07:13 91,712 ----a-w C:\WINDOWS\system32\yfdtsdwj.dll
    2008-02-16 01:29 91,712 ----a-w C:\WINDOWS\system32\gicckysf.dll
    2008-02-16 01:07 91,712 ----a-w C:\WINDOWS\system32\iuauwclc.dll
    2008-02-15 22:28 91,712 ----a-w C:\WINDOWS\system32\fomorwge.dll
    2008-02-15 22:25 91,712 ----a-w C:\WINDOWS\system32\bvekmurr.dll
    2008-02-15 22:18 91,712 ----a-w C:\WINDOWS\system32\mlskaswv.dll
    2008-02-15 22:02 91,712 ----a-w C:\WINDOWS\system32\sqjnqnud.dll
    2008-02-15 19:43 91,712 ----a-w C:\WINDOWS\system32\tpoxhiyo.dll
    2008-02-15 17:15 91,712 ----a-w C:\WINDOWS\system32\opaohdtq.dll
    2008-02-15 16:24 91,712 ----a-w C:\WINDOWS\system32\bodkaxww.dll
    2008-02-15 16:21 91,712 ----a-w C:\WINDOWS\system32\obitpgky.dll
    2008-02-15 15:21 91,712 ----a-w C:\WINDOWS\system32\gojswrma.dll
    2008-02-15 14:58 91,712 ----a-w C:\WINDOWS\system32\dmwklbxn.dll
    2008-02-14 14:56 91,200 ----a-w C:\WINDOWS\system32\unfqosku.dll
    2008-02-14 13:45 91,200 ----a-w C:\WINDOWS\system32\phwotxsk.dll
    2008-02-14 13:44 91,200 ----a-w C:\WINDOWS\system32\vvovyjfo.dll
    2008-02-14 12:33 91,200 ----a-w C:\WINDOWS\system32\cbsjxvnr.dll
    2008-02-14 12:18 91,200 ----a-w C:\WINDOWS\system32\hsectbaq.dll
    2008-02-14 11:50 91,200 ----a-w C:\WINDOWS\system32\jxmlbbrt.dll
    2008-02-14 05:23 98,368 ----a-w C:\WINDOWS\system32\yyrdmcsr.dll
    2008-02-14 02:27 98,368 ----a-w C:\WINDOWS\system32\dwwplgfs.dll
    2008-02-14 01:28 98,368 ----a-w C:\WINDOWS\system32\euktyoae.dll
    2008-02-14 01:27 98,368 ----a-w C:\WINDOWS\system32\muonbnop.dll
    2008-02-14 01:26 98,368 ----a-w C:\WINDOWS\system32\svifqfsk.dll
    2008-02-13 21:57 98,368 ----a-w C:\WINDOWS\system32\fabvkbpi.dll
    2008-02-13 21:56 98,368 ----a-w C:\WINDOWS\system32\xtojgyqg.dll
    2008-02-13 21:56 98,368 ----a-w C:\WINDOWS\system32\ggtnatlh.dll
    2008-02-13 20:14 98,368 ----a-w C:\WINDOWS\system32\kganxojb.dll
    2008-02-13 20:06 98,368 ----a-w C:\WINDOWS\system32\slushwob.dll
    2008-02-13 19:50 98,368 ----a-w C:\WINDOWS\system32\qoamluhm.dll
    2008-02-13 19:33 98,368 ----a-w C:\WINDOWS\system32\qpuamjtq.dll
    2008-02-13 19:22 98,368 ----a-w C:\WINDOWS\system32\vtksqhpx.dll
    2008-02-13 18:15 98,368 ----a-w C:\WINDOWS\system32\hggwissc.dll
    2008-02-13 16:29 93,248 ----a-w C:\WINDOWS\system32\stmoyhca.dll
    2008-02-13 14:51 93,248 ----a-w C:\WINDOWS\system32\suaagots.dll
    2006-07-30 14:20 959 --sha-r C:\WINDOWS\system32\autorun.bin
    2001-10-29 13:00 61,440 --sha-r C:\WINDOWS\system32\Autorun.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71C49B00-FD4A-4CAD-82C5-81871B8277Bb}]
    C:\WINDOWS\system32\ytklvhla.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73CE21EF-CCDB-4434-9109-88C26C9D9569}]
    C:\WINDOWS\system32\ytklvhla.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA96865F-5402-4D15-B04A-C9AED590181A}]
    C:\WINDOWS\system32\awvts.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-11 01:08 190024]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "bait dupe"="C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\toolsecond.exe" [ ]
    "Steam"="c:\program files\steam\steam.exe" [2008-04-01 19:33 1271032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 10:27 200704]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
    "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-11-15 00:33 8716288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.lhacm"= lhacm.acm
    "MSVideo"= vfwwdm32.dll
    "MSVideo8"= VfWWDM32.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "C:\\Program Files\\Steam\\steamapps\\danyzuka\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

    S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
    \Shell\AutoRun\command - I:\
    \Shell\explore\Command - WScript.exe .\autorun.vbs
    \Shell\open\Command - WScript.exe .\autorun.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
    \Shell\AutoRun\command - J:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eaa45de-c5c5-11dc-bb21-001bfc65bf1c}]
    \Shell\AutoRun\command - J:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b996e1dc-9aeb-11dc-bac8-806d6172696f}]
    \Shell\AutoRun\command - E:\Bin\Assetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-06 19:00:00 C:\WINDOWS\Tasks\B0C2EC9C92496B50.job"
    - c:\docume~1\ben\applic~1\burnmo~1\army wma 2.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-06 21:29:47
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey, ZwEnumerateValueKey, ZwQueryDirectoryFile, ZwQuerySystemInformation

    Balayage processus cachés ...

    C:\WINDOWS\system32\.f0b5809e\f0b5809e.exe [484]

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\.f0b5809e

    Scan terminé avec succès
    Les fichiers cachés: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\f0b5809e]
    "ImagePath"="C:\WINDOWS\system32\.f0b5809e\f0b5809e.exe"
    .
    Temps d'accomplissement: 2008-04-06 21:30:13
    ComboFix-quarantined-files.txt 2008-04-06 19:30:03
    ComboFix2.txt 2008-04-06 18:57:32
    Pre-Run: 63,930,454,016 octets libres
    Post-Run: 63,676,665,856 octets libres
    .
    2008-02-22 02:00:47 --- E O F ---
    6 Avril 2008 21:41:47

    Accompagné d'un nouveau Hijackthis :



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:40:57, on 06/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\program files\steam\steam.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {71C49B00-FD4A-4CAD-82C5-81871B8277Bb} - C:\WINDOWS\system32\ytklvhla.dll (file missing)
    O2 - BHO: (no name) - {73CE21EF-CCDB-4434-9109-88C26C9D9569} - C:\WINDOWS\system32\ytklvhla.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {FA96865F-5402-4D15-B04A-C9AED590181A} - C:\WINDOWS\system32\awvts.dll (file missing)
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [bait dupe] C:\DOCUME~1\Ben\APPLIC~1\BURNMO~1\toolsecond.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 6289 bytes
    a b 8 Sécurité
    6 Avril 2008 22:11:00

    On va faire autrement.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS