Cmonnom

Membres

Afficher le profil Afficher son activité

Compteur de contenus
24
Inscription
le 24 février 2007
Dernière visite
le 10 mars 2007

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par Cmonnom

Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Désespérant ... Message affiché lors de la destruction An error 0xC0000022 occured during the deletion of file "C: Windows.... Par ailleurs, l'ordinateur n'a pas redémarré seul aprés la commande reboot (?) Rapport Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 18:44:07, on 09/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
- le 9 mars 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

J'ai suivi la procédure. En fin de scan : "Gmer hasn't found any system modification" Il m'a été indiqué que le rapport était dans le presse-papier. mais je ne suis jamais parvenu à le récupèrer pour le copier ici. ?!
- le 8 mars 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Dur à cuire ce fichier !!! Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\hceflewr ******************* Script file located at: \??\C:\WINDOWS\kivoxpkb.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Could not open file C:\WINDOWS\system32\dkdadkd.dll for deletion Deletion of file C:\WINDOWS\system32\dkdadkd.dll failed! Could not process line: C:\WINDOWS\system32\dkdadkd.dll Status: 0xc0000022 Could not open registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} for deletion Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} failed! Status: 0xc0000022 Could not open registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nhzlzjhg for deletion Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nhzlzjhg failed! Status: 0xc0000022 Completed script processing. ******************* Finished! Terminate. ------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:45:16, on 06/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
- le 6 mars 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Je te poste un rapport HijackThis mais aussi un nouveau rapport Kasperski qui détecte trois virus sur quatre objets infectés. Mais les répertoires des objets infectés correspondent à des fichiers de restauration ou HijackThis donc sans risque ? A noter que le rapport kaspersky ne parle plus de dkdadkd.dll. Bref, je te laisse faire le tri !! Logfile of HijackThis v1.99.1 Scan saved at 16:53:43, on 04/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe ------------------------------------------------------------------------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, March 04, 2007 1:24:13 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 4/03/2007 Enregistrements dans la base antivirus Kaspersky : 260161 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Statistiques de l'analyse Total d'objets analysés 94038 Nombre de virus trouvés 3 Nombre d'objets infectés 4 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:48:52 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b8d6e74bd1fbd7047c156df49536a41_2f8e4ef9-1179-4f61-87a5-89e94e8caf92 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b8d6e74bd1fbd7047c156df49536a41_40379e10-66ef-4863-8d09-57e81df4f4a3 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012007030420070305\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\JET954A.tmp L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_hphtra07.log L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF80C3.tmp L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Softwin\BitDefender Firewall\bdfirewall.txt L'objet est verrouillé ignoré C:\Program Files\HijackThis\backups\backup-20070225-101312-135-MS_update_0612_KB74062.exe Infecté : Trojan-Downloader.Win32.Murlo.ek ignoré C:\Program Files\Softwin\BitDefender10\aspdict.dat L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001227.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001350.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001352.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002518.exe Infecté : Trojan-Downloader.Win32.Murlo.ek ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002557.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002621.dll Infecté : Trojan.Win32.Agent.fd ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002622.dll Infecté : Trojan-Spy.Win32.Small.ez ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{5D15B20C-AD52-4E4E-BC23-E2C3C6A54A36}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\bdss.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\tmp00005a68\tmp00000000 L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée. -------------------------------------------------------------------------------------------------------------------------------------------------------------
- le 4 mars 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

J'ai tenté avec delinvfile. Sans réussir. Message obtenu : "Delete error. Access denied" Avec le second soft que tu m'as indiqué, je n'ai pas tenté. Cela me paraît beaucoup plus compliqué; j'attends tes explications. Pour info, je retrouve dkdadkd.dll avec un dkdadkd.bak (qui n'est pas à zéro !) dans un répertoire killbox sur le C:
- le 3 mars 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Bonjour, je suis rentré et j'espère qu'on va l'exterminer ce dkd machin ! Tu m'as indiqué deux softs mais comment faire exactement ?
- le 3 mars 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

C'est décourageant : Au lancement de del.bat, il affiche : "unable to mark this file for delation" J'ai vérifié. Le fichier est, bien sûr, toujours là. En plus, je vais devoir suspendre nos échanges. Je pars jusque vendredi. J'espère que nous pourrons reprendre à mon retour. Je pense que nous avons bien avancé. Reste à liquider ce f... fichier. Merci en tout cas pour ce qui a été fait jusqu'à maintenant. A samedi certainement.
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

"Accés refusé" mais fichier introuvable quand je fais un dir En revanche, avec Explorateur Windows, le fichier est là à 0 toujours
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Eh bien, tu as tort ; je ne vais pas mettre de rapport !!! En fait, quand je tente de détruire le fichier par del .... , la réponse est "Accés refusé" Même chose en Mode sans échec !
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

OK, voilà : Logfile of HijackThis v1.99.1 Scan saved at 20:03:24, on 26/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\program files\softwin\bitdefender10\bdmcon.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

J'ai même recommencé !
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Voilà le rapport mais je crains que le fichier même à 0 soit toujours là avec les lignes 02 et 20 ! Logfile of HijackThis v1.99.1 Scan saved at 14:15:35, on 26/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Confirmation : 0 sur le disque
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

d7k2d9WQ
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

d7k2d9WQ
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

C'est fait. Bien reçu ?
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Voilà qui est fait ! Bien reçu ?
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Je ne peux faire la manip. Voici le message reçu : "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

J'ai même retenté KillBox et HijackThis. Voilà ce que ça donne : Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:35 AM Killbox Closed(Exit) @ 10:35:43 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:36 AM # 1 [Delete on Reboot] Path = C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\96046.exeC:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\95953.exeC:\WINDOWS\system32\vulsekpx.exeC:\WINDOWS\system32\MS_update_0612_KB74062.exeC:\WINDOWS\system32\dkdadkd.dll PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:38:57 AM Killbox Closed(Exit) @ 10:39:29 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:43 AM Killbox Closed(Exit) @ 10:44:35 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:42 PM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\dkdadkd.dll # 2 [Delete on Reboot] Path = C:\WINDOWS\System32\rjdgheuv.dll # 3 [Delete on Reboot] Path = C:\WINDOWS\System32\dkdadkd.dll.bak I Rebooted @ 10:48:23 PM Killbox Closed(Exit) @ 10:48:40 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:51 PM Killbox Closed(Exit) @ 10:53:11 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ lundi, février 26, 2007, 8:54 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\dkdadkd.dll PendingFileRenameOperations Registry Data has been Removed by External Process! @ 8:55:56 AM Killbox Closed(Exit) @ 8:56:25 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ lundi, février 26, 2007, 9:01 AM Killbox Closed(Exit) @ 9:03:15 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ lundi, février 26, 2007, 9:27 AM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\dkdadkd.dll PendingFileRenameOperations Registry Data has been Removed by External Process! @ 9:28:37 AM Killbox Closed(Exit) @ 9:28:59 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ lundi, février 26, 2007, 9:31 AM ---------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 09:34:05, on 26/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Documents and Settings\HP_Propriétaire\Bureau\KillBox.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Pas d'erreur : il es toujours là !!! M'avait bien semblé que .... Il va falloir sortir la hâche ?
- le 26 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:35 AM Killbox Closed(Exit) @ 10:35:43 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:36 AM # 1 [Delete on Reboot] Path = C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\96046.exeC:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\95953.exeC:\WINDOWS\system32\vulsekpx.exeC:\WINDOWS\system32\MS_update_0612_KB74062.exeC:\WINDOWS\system32\dkdadkd.dll PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:38:57 AM Killbox Closed(Exit) @ 10:39:29 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:43 AM Killbox Closed(Exit) @ 10:44:35 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:42 PM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\dkdadkd.dll # 2 [Delete on Reboot] Path = C:\WINDOWS\System32\rjdgheuv.dll # 3 [Delete on Reboot] Path = C:\WINDOWS\System32\dkdadkd.dll.bak I Rebooted @ 10:48:23 PM Killbox Closed(Exit) @ 10:48:40 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:51 PM --------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:57:04, on 25/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefende
- le 25 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Voici le rapport. En espérant qu'il soit complet cette fois : C:\WINDOWS\System32\bdss.log -->25/02/2007 20:38:23 C:\WINDOWS\System32\bdod.bin -->25/02/2007 18:42:39 C:\WINDOWS\System32\filter.drv -->25/02/2007 10:44:27 C:\WINDOWS\System32\dkdadkd.dll -->25/02/2007 10:42:04 C:\WINDOWS\System32\rjdgheuv.dll -->23/02/2007 12:21:14 C:\WINDOWS\System32\dkdadkd.dll.bak -->22/02/2007 12:17:09 C:\WINDOWS\System32\CONFIG.NT -->06/02/2007 21:04:39 C:\WINDOWS\System32\tmp.txt -->05/02/2007 19:00:36 C:\WINDOWS\System32\tmp.reg -->05/02/2007 19:00:36 C:\WINDOWS\System32\jupdate-1.5.0_09-b03.log -->13/01/2007 08:18:36 C:\WINDOWS\System32\wpa.dbl -->05/01/2007 09:12:55 C:\WINDOWS\System32\edb.log -->08/12/2006 21:06:01 C:\WINDOWS\System32\edb.chk -->08/12/2006 21:06:01 C:\WINDOWS\System32\res2.log -->08/12/2006 21:00:59 C:\WINDOWS\System32\res1.log -->08/12/2006 21:00:59 C:\WINDOWS\System32\hpzjrd01.dll -->28/11/2006 19:00:07 C:\WINDOWS\System32\AOLDial.dll -->17/11/2006 12:40:58 C:\WINDOWS\System32\LuResult.txt -->16/11/2006 19:24:57 C:\WINDOWS\System32\zllictbl.dat -->16/11/2006 19:16:14 C:\WINDOWS\System32\dsm_ja.qm -->15/11/2006 22:01:37 C:\WINDOWS\System32\dsm_fr.qm -->15/11/2006 22:01:37 C:\WINDOWS\System32\dsm_de.qm -->15/11/2006 22:01:37 C:\WINDOWS\System32\divxsm.tlb -->15/11/2006 22:01:37 C:\WINDOWS\System32\DivXsm.exe -->15/11/2006 22:01:37 C:\WINDOWS\System32\qt-dx331.dll -->15/11/2006 22:01:35 C:\WINDOWS\WindowsUpdate.log -->25/02/2007 20:44:44 C:\WINDOWS\win.ini -->25/02/2007 20:39:44 C:\WINDOWS.log -->25/02/2007 20:38:54 C:\WINDOWS\wiadebug.log -->25/02/2007 20:38:22 C:\WINDOWS\wiaservc.log -->25/02/2007 20:38:18 C:\WINDOWS\bootstat.dat -->25/02/2007 20:37:50 C:\WINDOWS\SchedLgU.Txt -->25/02/2007 18:42:40 C:\WINDOWS\setupapi.log -->25/02/2007 12:43:43 C:\WINDOWS\Sti_Trace.log -->25/02/2007 12:14:07 C:\WINDOWS\ntbtlog.txt -->25/02/2007 12:06:27 C:\WINDOWS\setupact.log -->25/02/2007 10:50:55 C:\WINDOWS\setuperr.log -->25/02/2007 10:49:58 C:\WINDOWS\system.ini -->24/02/2007 11:28:43 C:\WINDOWS\ULEAD32.INI -->18/02/2007 12:52:43 C:\WINDOWS\PrnHlpLogConfig.ini -->28/11/2006 19:04:09 C:\WINDOWS\ALCMTR.EXE |01/01/2005 21:52:39 C:\WINDOWS\ALCWZRD.EXE |01/01/2005 21:52:39 C:\WINDOWS\CDILLA10.EXE |01/04/2003 09:18:00 C:\WINDOWS\CDILLA16.EXE |01/04/2003 09:18:04 C:\WINDOWS\CDILLA64.EXE |01/04/2003 09:21:20 C:\WINDOWS\IsUn040c.exe |01/01/2005 21:42:09 C:\WINDOWS\IsUninst.exe |01/01/2005 22:04:53 C:\WINDOWS\RTHDCPL.EXE |01/01/2005 21:52:39 C:\WINDOWS\RTLCPL.EXE |01/01/2005 21:52:39 C:\WINDOWS\SOUNDMAN.EXE |01/01/2005 21:52:40 C:\WINDOWS\twunk_16.exe |05/08/2004 13:00:00 C:\WINDOWS\twunk_32.exe |05/08/2004 13:00:00 C:\WINDOWS\unin040c.exe |23/07/2006 08:54:10 C:\WINDOWS\unvise32qt.exe |01/01/2005 22:15:17 C:\WINDOWS\wanmpsvc.exe |19/12/2006 22:30:46 C:\WINDOWS\CDILLA05.DLL |01/04/2003 09:17:56 C:\WINDOWS\CDILLA13.DLL |01/04/2003 09:23:22 C:\WINDOWS\CDILLA32.DLL |01/04/2003 09:23:22 C:\WINDOWS\CDILLA40.DLL |01/04/2003 09:04:10 C:\WINDOWS\MTsu4fra.dll |22/11/1999 11:43:10 C:\WINDOWS\PalmDevC.dll |14/10/2003 09:54:40 C:\WINDOWS\twain.dll |05/08/2004 13:00:00 C:\WINDOWS\twain_32.dll |05/08/2004 19:00:00 C:\WINDOWS\Twunk_16.dll |20/08/2004 06:26:54 C:\WINDOWS\Twunk_32.dll |20/08/2004 06:26:54 C:\WINDOWS\system32\append.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\ati2evxx.exe |01/01/2005 21:51:50 C:\WINDOWS\system32\Ati2mdxx.exe |01/01/2005 21:51:50 C:\WINDOWS\system32\debug.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\DivXCodecUpdateChecker.exe |15/11/2006 21:36:58 C:\WINDOWS\system32\DivXsm.exe |15/11/2006 22:01:37 C:\WINDOWS\system32\dosx.exe |05/08/2004 19:00:00 C:\WINDOWS\system32\dvdplay.exe |05/08/2004 19:00:00 C:\WINDOWS\system32\edlin.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\exe2bin.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\fastopen.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\HdAShCut.exe |08/01/2005 00:07:16 C:\WINDOWS\system32\hphmon06.exe |07/06/2004 19:43:20 C:\WINDOWS\system32\HPZinw12.exe |01/01/2005 22:04:55 C:\WINDOWS\system32\HPZipm12.exe |01/01/2005 22:04:55 C:\WINDOWS\system32\java.exe |13/01/2007 08:18:38 C:\WINDOWS\system32\javaw.exe |13/01/2007 08:18:38 C:\WINDOWS\system32\javaws.exe |13/01/2007 08:18:38 C:\WINDOWS\system32\mem.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\mscdexnt.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\nlsfunc.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\Prounstl.exe |01/01/2005 21:56:26 C:\WINDOWS\system32\ps2.EXE |01/01/2005 22:08:35 C:\WINDOWS\system32\pxcpya64.exe |01/01/2005 22:44:57 C:\WINDOWS\system32\pxcpyi64.exe |01/01/2005 22:44:57 C:\WINDOWS\system32\pxhpinst.exe |01/01/2005 22:44:57 C:\WINDOWS\system32\pxinsa64.exe |01/01/2005 22:44:57 C:\WINDOWS\system32\pxinsi64.exe |01/01/2005 22:44:57 C:\WINDOWS\system32\redir.exe |05/08/2004 19:00:00 C:\WINDOWS\system32\setver.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\share.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\usrmlnka.exe |05/08/2004 19:00:00 C:\WINDOWS\system32\usrprbda.exe |05/08/2004 19:00:00 C:\WINDOWS\system32\usrshuta.exe |05/08/2004 19:00:00 C:\WINDOWS\system32\ZIPTOA.EXE |23/07/2006 08:55:11 C:\WINDOWS\system32\amstream.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\AOLDial.dll |17/11/2006 12:40:58 C:\WINDOWS\system32\ati2cqag.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\ati2dvag.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\ati2edxx.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\ati2evxx.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\ati3duag.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\ATIDDC.DLL |01/01/2005 21:51:50 C:\WINDOWS\system32\ATIDEMGR.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\atiiiexx.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\atioglxx.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\atipdlxx.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\atitvo32.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\ativcoxx.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\ativvaxx.dll |01/01/2005 21:51:50 C:\WINDOWS\system32\atmfd.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\atmlib.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\bcbmm.dll |01/01/2005 21:39:51 C:\WINDOWS\system32\borlndmm.dll |01/01/2005 21:39:51 C:\WINDOWS\system32\cc3250.dll |01/01/2005 21:39:51 C:\WINDOWS\system32\cc3250mt.dll |31/01/2000 12:00:00 C:\WINDOWS\system32\CDRip.dll |12/06/2004 15:55:20 C:\WINDOWS\system32\compatUI.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\cPC_DMIRD.dll |01/01/2005 21:46:56 C:\WINDOWS\system32\delphimm.dll |01/01/2005 21:39:51 C:\WINDOWS\system32\dgrpsetu.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\dgsetup.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\DivX.dll |15/11/2006 21:56:12 C:\WINDOWS\system32\DivXWMPExtType.dll |15/11/2006 21:36:58 C:\WINDOWS\system32\divx_xx07.dll |15/11/2006 21:56:13 C:\WINDOWS\system32\divx_xx0c.dll |15/11/2006 21:56:12 C:\WINDOWS\system32\divx_xx11.dll |15/11/2006 21:56:12 C:\WINDOWS\system32\dkdadkd.dll |17/02/2007 10:32:14 C:\WINDOWS\system32\dpl100.dll |15/11/2006 21:56:17 C:\WINDOWS\system32\dpu10.dll |15/11/2006 21:56:15 C:\WINDOWS\system32\dpu11.dll |15/11/2006 21:56:15 C:\WINDOWS\system32\dpuGUI10.dll |15/11/2006 21:56:16 C:\WINDOWS\system32\dpuGUI11.dll |15/11/2006 21:56:15 C:\WINDOWS\system32\dpus11.dll |15/11/2006 21:56:15 C:\WINDOWS\system32\dpv11.dll |15/11/2006 21:56:15 C:\WINDOWS\system32\dtu100.dll |15/11/2006 21:56:17 C:\WINDOWS\system32\e100bmsg.dll |01/01/2005 21:56:26 C:\WINDOWS\system32\encdec.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\EqnClass.Dll |05/08/2004 13:00:00 C:\WINDOWS\system32\GEARAspi.dll |14/09/2004 21:38:26 C:\WINDOWS\system32\HdAProp.dll |08/01/2005 00:07:16 C:\WINDOWS\system32\HdAudRes.dll |08/01/2005 00:08:22 C:\WINDOWS\system32\HPODXPAT.DLL |11/06/2004 19:27:32 C:\WINDOWS\system32\hpreg.dll |01/01/2005 22:17:13 C:\WINDOWS\system32\hpz3l3xu.dll |12/09/2006 18:15:03 C:\WINDOWS\system32\HPZc3212.dll |30/09/2004 02:49:46 C:\WINDOWS\system32\HPZidr12.dll |01/01/2005 22:04:55 C:\WINDOWS\system32\hpzids01.dll |12/09/2006 18:15:03 C:\WINDOWS\system32\HPZipr12.dll |01/01/2005 22:04:55 C:\WINDOWS\system32\HPZipt12.dll |01/01/2005 22:04:55 C:\WINDOWS\system32\HPZisn12.dll |01/01/2005 22:04:55 C:\WINDOWS\system32\hpzjfw01.dll |01/01/2005 22:04:31 C:\WINDOWS\system32\hpzjrd01.dll |20/05/2003 06:01:04 C:\WINDOWS\system32\hpzjsn01.dll |20/05/2003 05:55:14 C:\WINDOWS\system32\hticons.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\hypertrm.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\iccvid.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\ieencode.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\inetwh32.dlL |21/06/2006 18:47:57 C:\WINDOWS\system32\IntelNic.dll |01/01/2005 21:56:26 C:\WINDOWS\system32\ir32_32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir41_qc.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\ir41_qcx.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\ir50_32.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\ir50_qc.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\ir50_qcx.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\isrdbg32.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\IVIresize.dll |01/01/2005 22:44:00 C:\WINDOWS\system32\IVIresizeA6.dll |01/01/2005 22:44:00 C:\WINDOWS\system32\IVIresizeM6.dll |01/01/2005 22:44:00 C:\WINDOWS\system32\IVIresizeP6.dll |01/01/2005 22:44:00 C:\WINDOWS\system32\IVIresizePX.dll |01/01/2005 22:44:00 C:\WINDOWS\system32\IVIresizeW7.dll |01/01/2005 22:44:00 C:\WINDOWS\system32\JavaAccessBridge.dll |10/04/2003 22:04:00 C:\WINDOWS\system32\JAWTAccessBridge.dll |10/04/2003 22:04:00 C:\WINDOWS\system32\jgaw400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgdw400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgdwmie.dll |21/06/2006 18:47:58 C:\WINDOWS\system32\jgmd400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgpl400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgsd400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgsh400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\LameEncShim.dll |12/06/2004 14:55:32 C:\WINDOWS\system32\lame_enc.dll |12/06/2004 14:55:32 C:\WINDOWS\system32\LCodcCMP.dll |24/04/2002 18:42:18 C:\WINDOWS\system32\libdivx.dll |15/11/2006 22:01:25 C:\WINDOWS\system32\mdwmdmsp.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\msdmo.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\msencode.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\MSRTEDIT.DLL |22/01/1999 19:46:58 C:\WINDOWS\system32\OemInfo.dll |01/01/2005 21:39:51 C:\WINDOWS\system32\omano.dll |01/01/2005 22:17:16 C:\WINDOWS\system32\paqsp.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\PcdrKernelModeServices.dll |19/01/2005 22:45:40 C:\WINDOWS\system32\pncrt.dll |21/06/2006 18:48:29 C:\WINDOWS\system32\pndx5016.dll |21/06/2006 18:48:30 C:\WINDOWS\system32\pndx5032.dll |21/06/2006 18:48:30 C:\WINDOWS\system32\ProgressTrace.dll |19/01/2005 22:45:40 C:\WINDOWS\system32\Px.dll |30/03/2005 20:55:24 C:\WINDOWS\system32\pxdrv.dll |18/02/2005 08:01:00 C:\WINDOWS\system32\PxMas.dll |30/03/2005 20:54:30 C:\WINDOWS\system32\PxSFS.DLL |30/03/2005 20:58:32 C:\WINDOWS\system32\PxWave.dll |30/03/2005 20:54:02 C:\WINDOWS\system32\PXWMA.dll |17/01/2005 09:44:08 C:\WINDOWS\system32\python22.dll |01/01/2005 21:39:53 C:\WINDOWS\system32\pythoncom22.dll |01/01/2005 21:40:14 C:\WINDOWS\system32\pywintypes22.dll |01/01/2005 21:40:14 C:\WINDOWS\system32\qedwipes.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\qt-dx331.dll |15/11/2006 22:01:35 C:\WINDOWS\system32\RDBios32.dll |01/01/2005 21:46:56 C:\WINDOWS\system32\rjdgheuv.dll |17/02/2007 14:56:38 C:\WINDOWS\system32\rmoc3260.dll |21/06/2006 18:48:31 C:\WINDOWS\system32\roboex32.dll |21/06/2006 18:47:57 C:\WINDOWS\system32\RTLCPAPI.dll |01/01/2005 21:52:39 C:\WINDOWS\system32\S32EVNT1.DLL |01/01/2005 22:34:47 C:\WINDOWS\system32\sbe.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\SCSINT.DLL |23/07/2006 08:55:05 C:\WINDOWS\system32\ShellvRTF.dll |01/01/2005 22:15:56 C:\WINDOWS\system32\slbcsp.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\slbiop.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\slbrccsp.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\sockspy.dll |26/01/2006 19:19:52 C:\WINDOWS\system32\spnike.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\sprio600.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\sprio800.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\spxcoins.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ssldivx.dll |15/11/2006 22:01:25 C:\WINDOWS\system32\SymNeti.dll |05/04/2005 10:17:04 C:\WINDOWS\system32\SymRedir.dll |05/04/2005 10:17:04 C:\WINDOWS\system32\tsd32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\UMLoader.dll |16/09/2004 08:00:00 C:\WINDOWS\system32\usrcntra.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrcoina.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrdpa.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrdtea.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrfaxa.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrlbva.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrrtosa.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrsdpia.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrsvpia.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrv42a.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrv80a.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrvoica.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\usrvpa.dll |05/08/2004 19:00:00 C:\WINDOWS\system32\VXBLOCK.dll |12/01/2005 08:00:00 C:\WINDOWS\system32\WBDBT32I.DLL |01/01/2005 21:39:51 C:\WINDOWS\system32\WBDBV32I.DLL |01/01/2005 21:39:51 C:\WINDOWS\system32\win87em.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\WindowsAccessBridge.dll |10/04/2003 22:04:00 C:\WINDOWS\system32\xcomm.dll |22/08/2006 15:08:52 C:\WINDOWS\system32\xreglib.dll |06/12/2002 16:37:06 Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 5482-2D35 Répertoire de C:\WINDOWS\system 07/05/1998 17:04 52 736 hpsysdrv.exe 23/12/1997 02:23 4 672 wowpost.exe 2 fichier(s) 57 408 octets 0 Rép(s) 207 202 226 176 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 5482-2D35 Répertoire de C:\WINDOWS\system32 05/08/2004 19:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 207 202 226 176 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 5482-2D35 Répertoire de C:\WINDOWS\Downloaded Program Files 25/02/2007 12:43 <REP> . 25/02/2007 12:43 <REP> .. 23/11/2004 22:20 65 desktop.ini 26/07/2002 01:13 24 576 dwusplay.dll 26/07/2002 01:13 196 608 dwusplay.exe 07/06/2006 10:09 1 249 erma.inf 27/07/2004 23:48 323 584 isusweb.dll 08/08/2006 11:45 576 kavwebscan.inf 26/05/2005 04:19 293 muweb.inf 7 fichier(s) 546 951 octets Total des fichiers listés : 7 fichier(s) 546 951 octets 2 Rép(s) 207 202 226 176 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Liste des programmes installes Adobe Download Manager 2.0 (Supprimer uniquement) Adobe Flash Player 9 Adobe Reader 7.0.8 - Français Adobe® Photoshop® Album Edition Découverte 3.0 AiO_Scan AiOSoftware AOL - Assistant de désinstallation AOL Coach Version 1.0(Build:20040229.1 fr) Archiveur WinRAR ATI Control Panel ATI Display Driver AutoUpdate AVG Anti-Spyware 7.5 BitDefender Internet Security v10 BufferChm C-Dilla Licence Management System CameraDrivers CameraDrivers CCleaner (remove only) Compléments d'aide et de support Connexion Facile à Internet Connexion Facile à Internet Copy Correctif Windows XP - KB867282 Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885250 Correctif Windows XP - KB885295 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888239 Correctif Windows XP - KB890175 Correctif Windows XP - KB891781 CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_dwSharkTaleAlbums1 cp_dwSharkTaleCards1 cp_dwShrek2Albums1 cp_dwShrek2Cards1 CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config CP_PLSBusinessFlyers CreativeProjects CreativeProjectsTemplates CueTour Derive 5 Destinations DeviceFunctionQFolder DeviceManagementQFolder DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DocProc Documents To Go DocumentViewer Ecran de veille AOL Photos Enhanced Multimedia Keyboard Solution eSupportQFolder Fax FullDPAppQFolder Geoplan-Geospace High Definition Audio - KB888111 HijackThis 1.99.1 HP Appareils photos Photosmart 4.5 HP Deskjet Printer Preload HP Help and Support 4.0 HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP Photosmart 330,380,420,470,7800,8000,8200 Series HP PSC & OfficeJet 4.7 HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant HpSdpAppCoreApp HPSystemDiagnostics InstantShare InstantShareDevices Intel® PRO Network Connections Drivers InterVideo WinDVD Player InterVideo WinDVD Player IomegaWare iTunes iTunes J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 9 Kaspersky Online Scanner Learn2 Player (Uninstall Only) Lecteur Windows Media 10 LiveUpdate 2.5 (Symantec Corporation) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft Money 2001 Microsoft Office 2000 Professional Mozilla Firefox (2.0.0.1) Mozilla Thunderbird (1.5) muvee autoProducer 4.0 Oxilog CD Ripper Palm Desktop Palm VersaMail PanoStandAlone PC-Doctor for Windows PC-Doctor for Windows PhotoGallery Photosmart 320,370,7400,8100,8400 Series (fra) PrintScreen PS2 PS8200 PSPrinters06 PSPrinters08 PSTAPlugin Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder QuickProjects QuickTime RandMap Readme RealPlayer Basic Scan ScannerCopy SereneScreen Marine Aquarium 2.6 Shockwave SkinsHP1 SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Status Symantec Network Drivers Update Timbres de France TomTom HOME TrayApp Ultra soft Universalis 9 Unload Viewpoint Media Player WebFldrs XP WebReg Windows Media Format Runtime Yahoo! Toolbar Yahoo! Toolbar ZoneAlarm Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 5482-2D35 Répertoire de C:\Program Files 25/02/2007 10:49 <REP> . 25/02/2007 10:49 <REP> .. 07/08/2006 09:53 <REP> Adobe 16/11/2006 18:58 <REP> Alwil Software 19/12/2006 22:29 <REP> AOL 10/12/2005 23:09 <REP> AOL 9.0 10/12/2005 23:09 <REP> AOL 9.0a 11/12/2005 19:23 <REP> AOL 9.0b 19/02/2007 11:54 <REP> AOL 9.0c 21/06/2006 18:49 <REP> AOL Compagnon 10/12/2005 23:09 <REP> AOL Toolbar 01/01/2005 22:42 <REP> ATI Technologies 18/11/2006 21:07 <REP> CCleaner 24/11/2004 02:37 <REP> ComPlus Applications 01/12/2006 21:55 <REP> DivX 16/09/2006 11:35 <REP> Documents To Go 18/02/2007 23:00 <REP> Easy Internet signup 16/11/2006 19:12 <REP> EasyAntivirus 21/12/2005 11:34 <REP> Elaborate Bytes 06/02/2007 21:11 <REP> Fichiers communs 11/01/2006 19:23 <REP> Fnacmusic 30/01/2007 18:45 <REP> Geoplan-Geospace 21/12/2005 18:36 <REP> Google 18/11/2006 21:08 <REP> Grisoft 28/08/2006 18:56 <REP> Hewlett-Packard 25/02/2007 12:18 <REP> HijackThis 12/09/2006 18:17 <REP> HP 01/01/2005 22:19 <REP> HPQ 01/01/2005 21:43 <REP> Internet Explorer 01/01/2005 22:43 <REP> InterVideo 23/07/2006 08:55 <REP> Iomega 01/01/2005 22:15 <REP> iPod 01/01/2005 22:15 <REP> iTunes 13/01/2007 08:18 <REP> Java 01/09/2005 19:19 <REP> Learn2.com 01/07/2006 14:50 <REP> MathType 17/06/2006 08:20 <REP> Matroska Playback Pack 01/01/2005 21:49 <REP> Messenger 21/06/2006 19:09 <REP> microsoft frontpage 24/02/2007 22:12 <REP> Microsoft Money 03/09/2005 11:05 <REP> Microsoft Office 25/11/2004 04:27 <REP> Movie Maker 25/02/2007 16:10 <REP> Mozilla Firefox 07/02/2007 21:50 <REP> Mozilla Thunderbird 25/11/2004 04:27 <REP> MSN 25/11/2004 04:27 <REP> MSN Gaming Zone 01/01/2005 22:44 <REP> muvee Technologies 22/06/2006 02:29 <REP> NetMeeting 01/09/2005 19:23 <REP> NUMERICABLE 25/11/2004 04:27 <REP> Online Services 22/06/2006 02:29 <REP> Outlook Express 04/07/2006 18:13 <REP> Oxilog 16/09/2006 11:38 <REP> Palm 01/01/2005 22:22 <REP> PC-Doctor for Windows 01/01/2005 22:15 <REP> QuickTime 01/09/2005 19:18 <REP> Real 28/12/2006 19:51 <REP> SereneScreen 01/01/2005 22:25 <REP> Services en ligne 06/02/2007 21:13 <REP> Softwin 01/01/2005 22:12 <REP> Sonic 12/11/2006 19:26 <REP> Symantec 12/09/2005 19:24 <REP> SymNetDrv 01/09/2005 20:02 <REP> TechCity Solutions 28/12/2006 19:38 <REP> TomTom HOME 02/09/2005 18:47 <REP> Ulead Systems 24/11/2004 02:37 <REP> Uninstall Information 10/12/2005 23:45 <REP> UnSpyPC 17/06/2006 08:22 <REP> VideoLAN 25/02/2007 15:09 <REP> Viewpoint 22/06/2006 02:29 <REP> Windows Media Player 22/06/2006 02:29 <REP> Windows NT 24/11/2004 02:37 <REP> WindowsUpdate 30/10/2006 23:25 <REP> WinRAR 25/11/2004 04:28 <REP> xerox 24/07/2006 23:28 <REP> Yahoo! 10/10/2006 21:49 <REP> Yvert & Tellier 0 fichier(s) 0 octets 76 Rép(s) 207 202 177 024 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 5482-2D35 Répertoire de C:\Program Files\fichiers communs 06/02/2007 21:11 <REP> . 06/02/2007 21:11 <REP> .. 07/08/2006 09:47 <REP> Adobe 19/12/2006 22:30 <REP> AOL 01/09/2005 20:05 <REP> aolback 21/06/2006 18:48 <REP> aolshare 16/09/2006 11:21 <REP> DataViz 03/09/2005 11:08 <REP> Designer 01/01/2005 22:07 <REP> Hewlett-Packard 12/09/2006 18:21 <REP> HP 01/01/2005 22:42 <REP> InstallShield 01/01/2005 21:46 <REP> Java 01/07/2006 14:18 <REP> Microsoft Shared 25/11/2004 04:26 <REP> MSSoap 01/01/2005 22:44 <REP> muvee Technologies 01/09/2005 19:18 <REP> Nullsoft 25/11/2004 04:26 <REP> ODBC 16/09/2005 13:03 <REP> Real 22/06/2006 02:29 <REP> Services 06/02/2007 21:13 <REP> Softwin 01/01/2005 22:11 <REP> Sonic Shared 25/11/2004 04:26 <REP> SpeechEngines 01/01/2005 22:11 <REP> SureThing Shared 16/11/2006 21:23 <REP> Symantec Shared 25/11/2004 04:27 <REP> System 01/01/2005 22:12 <REP> TiVo Shared 16/09/2005 13:03 <REP> xing shared 0 fichier(s) 0 octets 27 Rép(s) 207 202 177 024 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 5482-2D35 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 25/11/2004 04:26 <REP> . 25/11/2004 04:26 <REP> .. 18/05/2001 21:57 561 209 MSONSEXT.DLL 03/06/1999 18:09 122 937 MSOWS409.DLL 07/03/2001 13:00 127 033 MSOWS40c.DLL 18/03/1999 05:37 593 977 RAGENT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 207 202 172 928 octets libres Le volume dans le lecteur C s'appelle HP_PAVILION Le numéro de série du volume est 5482-2D35 Répertoire de C:\ 16/11/2006 19:01 11 746 992 antivir_6_4_en.exe 15/11/2006 19:53 403 072 aswclnr.exe 16/11/2006 18:57 10 971 704 avast.exe 18/11/2006 21:06 6 469 352 avg-anti-spyware_avg_anti-spyware_francais_27645.exe 18/11/2006 21:03 1 496 208 ccsetup134.exe 11/11/2001 00:00 68 096 diff.exe 16/11/2006 19:11 10 806 967 easyantivirus.exe 27/08/2006 14:10 103 424 grep.exe 15/11/2006 19:35 8 932 136 InstallPREVX102000337.exe 14/01/2006 11:38 12 814 336 mp10setup.exe 16/11/2006 19:07 9 346 664 ZoneAlarmEng.exe 11 fichier(s) 73 158 951 octets 0 Rép(s) 207 202 172 928 octets libres c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0b\AMP\ampx.exe c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0b\xpsp2FRfix\cswitch.exe c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0b\xpsp2FRfix\ipchecking.exe c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0b\xpsp2FRfix\WindowsXP-KB885295-x86-fra.exe c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\AMP\ampx.exe c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\xpsp2FRfix\cswitch.exe c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\xpsp2FRfix\ipchecking.exe c:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0c\xpsp2FRfix\WindowsXP-KB885295-x86-fra.exe c:\Documents and Settings\All Users\Documents\cris\AdbeRdr708_fr_FR.exe c:\Documents and Settings\All Users\Documents\cris\avinstall.exe c:\Documents and Settings\All Users\Documents\cris\Firefox Setup 1.5.0.4.exe c:\Documents and Settings\All Users\Documents\cris\Firefox Setup 2.0.exe c:\Documents and Settings\All Users\Documents\cris\psa30se_fr_fr.exe c:\Documents and Settings\All Users\Documents\cris\Second Life 1-13-1-6 Setup.exe c:\Documents and Settings\All Users\Documents\cris\Thunderbird Setup 1.5.0.7.exe c:\Documents and Settings\All Users\Documents\cris\wrar351fr.exe c:\Documents and Settings\All Users\Documents\cris\wrar361fr.exe c:\Documents and Settings\All Users\Documents\cris\ytb612_efgsip.exe c:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\ARPPRODUCTICON.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\PalmDesktopShortcut.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\ARPPRODUCTICON.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\NewShortcut1.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\NewShortcut1_1.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupB.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupE.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupF.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupG.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupI.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{7B0ADD54-01D9-45E7-964A-B4A334F12034}\VersaMailSetupS.exe c:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe c:\Documents and Settings\HP_Propriétaire\Application Data\U3CE18A61337278E8\cleanup.exe c:\Documents and Settings\HP_Propriétaire\Application Data\U3CE18A61337278E8\LaunchPad.exe c:\Documents and Settings\HP_Propriétaire\Application Data\U3\temp\cleanup.exe c:\Documents and Settings\HP_Propriétaire\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\HP_Propriétaire\Bureau\avgas-setup-7.5.0.50.exe c:\Documents and Settings\HP_Propriétaire\Bureau\bitdefender_isecurity_v10.exe c:\Documents and Settings\HP_Propriétaire\Bureau\documentstogopre8003demo-fr.exe c:\Documents and Settings\HP_Propriétaire\Bureau\dxwebsetup.exe c:\Documents and Settings\HP_Propriétaire\Bureau\KillBox.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix.exe c:\Documents and Settings\HP_Propriétaire\Bureau\WGAPluginInstall.exe c:\Documents and Settings\HP_Propriétaire\Bureau\clean\clean\pskill.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\diff.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\grep.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\streams.exe c:\Documents and Settings\HP_Propriétaire\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\cliptext.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\download.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\LS.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\Process.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\RegDACL.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\RestartIt!.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\sc.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\SF.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\sha160.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\swreg.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\swsc.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\unzip.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\zip.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\HP_Propriétaire\Bureau\SDFix\SDFix\apps\Replace\XP.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Jdusb2.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\MAquarium2_6.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Cedric\Adobe Photoshop CS\Setup\setup.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Cedric\Virtual CloneDrive\Virtual Clone Drive v 5.0.1.3.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\INA\DivXInstaller.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\Ma généalogie\Installation_Nimegue_v1-11.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\dumphive.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\Reboot.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\restart.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\swreg.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\swsc.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\swxcacls.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\SmitfraudFix\unzip.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\TomTom\HOME\Backups\GO\Backup01\Storage\installtomtomhome.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\TomTom\HOME\Downloads\Download Cache\v1_3_308_win.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\IE6.0sp1-KB905915-Windows-2000-XP-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\KB837009-oe6sp1.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB826939-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB828028-x86-FRA.EXE c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB828035-x86-FRA.EXE c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB833987-x86-FRA.EXE c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB835732-x86-FRA.EXE c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB873333-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB888113-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB888302-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB890047-X86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB890175-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB891711-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB891781-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB899588-x86-FRA.exe c:\Documents and Settings\HP_Propriétaire\Mes documents\XP\WindowsXP-KB912919-x86-FRA.exe c:\Program Files\Documents To Go\DocsToGo.exe c:\Program Files\Documents To Go\HandheldInstall.exe c:\Program Files\Documents To Go\LaunchDXTG.exe c:\Program Files\Documents To Go\OfficeAddinInstaller.exe c:\Program Files\Documents To Go\OfficeAddinUninstaller.exe c:\Program Files\Documents To Go\ptgxlat.exe c:\Program Files\Documents To Go\ZipUtil.exe c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Genealogos De Luxe\GENEALOGOS DE LUXE .exe c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Genealogos De Luxe\LHA.EXE c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Divers\Install_tfcMAJ.exe c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Finances\ProgBudget\BD.EXE c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Finances\ProgBudget\BRUN20G.EXE c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Finances\ProgBudget\LANCEBD.EXE c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Finances\ProgBudget\PROGBAS\BD.EXE c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Généalogie\Programmes informatiques\Nimegue\Installation_Nimegue_v1-11.exe c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Généalogie\Programmes informatiques\Transged\SETUP.EXE c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Généalogie\Programmes informatiques\Transged\TransGed.exe c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Généalogie\Sauvegarde fichiers Nimègue\Installation_Nimegue_v1-11.exe c:\SAUV COMPAQ\Sauv Généalogie Documents Compaq\Mes documents\Sport\Losc\LHA.EXE c:\Documents and Settings\HP_Propriétaire\Application Data\TaoUSign\jseccapi.dll c:\Documents and Settings\HP_Propriétaire\Application Data\U3CE18A61337278E8\LPSecurityExtension.dll c:\Documents and Settings\HP_Propriétaire\Application Data\U3CE18A61337278E8\u3dapi10.dll
- le 25 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a répondu à un(e) sujet de Cmonnom dans Analyses et éradication malwares

Bonjour et merci pour avoir pris en compte mon problème. J'ai suivi la procédure proposée en entier. Voici les rapports : RAPPORT KILLBOX Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:35 AM Killbox Closed(Exit) @ 10:35:43 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:36 AM # 1 [Delete on Reboot] Path = C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\96046.exeC:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\95953.exeC:\WINDOWS\system32\vulsekpx.exeC:\WINDOWS\system32\MS_update_0612_KB74062.exeC:\WINDOWS\system32\dkdadkd.dll PendingFileRenameOperations Registry Data has been Removed by External Process! @ 10:38:57 AM Killbox Closed(Exit) @ 10:39:29 AM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as HP_Propriétaire(Administrator) was started @ dimanche, février 25, 2007, 10:43 AM -------------------------------------------------------------------------------------------------------------------------------------------------- RAPPORT CLEAN Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Option 2, executee le 25/02/2007 a 10:49:20,37 Microsoft Windows XP [version 5.1.2600] *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ tentative de suppression de C:\WINDOWS\rdt.ini *** Suppression des fichiers dans C:\WINDOWS\system32 tentative de suppression de C:\WINDOWS\system32\bdod.bin tentative de suppression de C:\WINDOWS\system32\service.exe tentative de suppression de C:\WINDOWS\system32\socks_dll.dll tentative de suppression de "C:\Program Files\Viewpoint\" tentative de suppression de C:\PROGRA~1\UNIVER~1\ *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! --------------------------------------------------------------------------------------------------------------------------------------------------- RAPPORT AVG SPYWARE --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 11:59:35 25/02/2007 + Résultat de l'analyse: C:\WINDOWS\system32\ipv6mons.dl_ -> Logger.BZub.hx : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\IEFilter.dll -> Logger.Small.ez : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001351.exe -> Trojan.Agent.fd : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001369.exe -> Trojan.Agent.fd : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002556.exe -> Trojan.Agent.fd : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\MSIEHelper.dll -> Trojan.Agent.fd : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport ---------------------------------------------------------------------------------------------------------------------------------------------- RAPPORT SDFix SDFix: Version 1.68 Run by HP_Propri‚taire - 25/02/2007 @ 12:10:37,89 Microsoft Windows XP [version 5.1.2600] Running From: C:\Documents and Settings\HP_Propri‚taire\Bureau\SDFix\SDFix Safe Mode: Checking Services: Name: Path: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\SYSTEM32\IDHVHRI.DLL - Deleted C:\WINDOWS\SYSTEM32\AEAEAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEAUKOYH.EXE - Deleted C:\WINDOWS\SYSTEM32\AEBFAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEBKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECCTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECSIGFN.EXE - Deleted C:\WINDOWS\SYSTEM32\AECSKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECXJWJX.EXE - Deleted C:\WINDOWS\SYSTEM32\AEDDXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEDVKASD.EXE - Deleted C:\WINDOWS\SYSTEM32\AEDYGQCX.EXE - Deleted C:\WINDOWS\SYSTEM32\AEEAOHRF.EXE - Deleted C:\WINDOWS\SYSTEM32\AEELRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEEQGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEGMAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEIYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEJAXQWG.EXE - Deleted C:\WINDOWS\SYSTEM32\AEKJAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEKJHAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEKVHDET.EXE - Deleted C:\WINDOWS\SYSTEM32\AELDSOYO.EXE - Deleted C:\WINDOWS\SYSTEM32\AEMAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEMOLFEV.EXE - Deleted C:\WINDOWS\SYSTEM32\AEMWXUCY.EXE - Deleted C:\WINDOWS\SYSTEM32\AENRNJWO.EXE - Deleted C:\WINDOWS\SYSTEM32\AEOPPMNH.EXE - Deleted C:\WINDOWS\SYSTEM32\AEPIJRXI.EXE - Deleted C:\WINDOWS\SYSTEM32\AEPYUCGH.EXE - Deleted C:\WINDOWS\SYSTEM32\AEQDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEQRQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AERAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AESLFYNQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AESOUWUK.EXE - Deleted C:\WINDOWS\SYSTEM32\AESQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AESWFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEUCVPMX.EXE - Deleted C:\WINDOWS\SYSTEM32\AEUJJAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEUQGWYM.EXE - Deleted C:\WINDOWS\SYSTEM32\AEVGKTVK.EXE - Deleted C:\WINDOWS\SYSTEM32\AEWNOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEWUAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEXPLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEXQGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEYHLAMQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AIBAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AICPCAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIDRUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIFKXBGB.EXE - Deleted C:\WINDOWS\SYSTEM32\AIGBEJVH.EXE - Deleted C:\WINDOWS\SYSTEM32\AIGJOXNX.EXE - Deleted C:\WINDOWS\SYSTEM32\AIIAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIKABAPK.EXE - Deleted C:\WINDOWS\SYSTEM32\AILRAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIMHJRSY.EXE - Deleted C:\WINDOWS\SYSTEM32\AIMMFAMX.EXE - Deleted C:\WINDOWS\SYSTEM32\AINSEQIU.EXE - Deleted C:\WINDOWS\SYSTEM32\AIODHGVQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AIPBXEAI.EXE - Deleted C:\WINDOWS\SYSTEM32\AIPTCEXK.EXE - Deleted C:\WINDOWS\SYSTEM32\AIPXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIRGBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIRVGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AISCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIWHTPDR.EXE - Deleted C:\WINDOWS\SYSTEM32\AIWSVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIXHPLOL.EXE - Deleted C:\WINDOWS\SYSTEM32\AIXMVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AMDRVQDI.EXE - Deleted C:\WINDOWS\SYSTEM32\AMLTKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AMOOUUKQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AMQOTDSQ.EXE - Deleted C:\WINDOWS\SYSTEM32\APRUAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\ARLQCIBA.EXE - Deleted C:\WINDOWS\SYSTEM32\AUSVMQIK.EXE - Deleted C:\WINDOWS\SYSTEM32\AUUAEWNS.EXE - Deleted C:\WINDOWS\SYSTEM32\AYCJOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AYCPNEEE.EXE - Deleted C:\WINDOWS\SYSTEM32\AYRIAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DATJAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DAVAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DFQYFIJO.EXE - Deleted C:\WINDOWS\SYSTEM32\DJGJRUIH.EXE - Deleted C:\WINDOWS\SYSTEM32\DJLRLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DJLVDAUC.EXE - Deleted C:\WINDOWS\SYSTEM32\DMAYQCOM.EXE - Deleted C:\WINDOWS\SYSTEM32\DNBAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNBIBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNBMACFT.EXE - Deleted C:\WINDOWS\SYSTEM32\DNCUJEWX.EXE - Deleted C:\WINDOWS\SYSTEM32\DNDMDHRP.EXE - Deleted C:\WINDOWS\SYSTEM32\DNDYKMVX.EXE - Deleted C:\WINDOWS\SYSTEM32\DNEVAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNFAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNFIHJEC.EXE - Deleted C:\WINDOWS\SYSTEM32\DNGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHDAGXW.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHISJCM.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHLTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHPKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHRGYEF.EXE - Deleted C:\WINDOWS\SYSTEM32\DNIDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNIHKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNIUPOVW.EXE - Deleted C:\WINDOWS\SYSTEM32\DNJDUYAY.EXE - Deleted C:\WINDOWS\SYSTEM32\DNKPVOPG.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLSDWCF.EXE - Deleted C:\WINDOWS\SYSTEM32\DNNWASOH.EXE - Deleted C:\WINDOWS\SYSTEM32\DNOUQMUK.EXE - Deleted C:\WINDOWS\SYSTEM32\DNPWWDNQ.EXE - Deleted C:\WINDOWS\SYSTEM32\DNQWLESV.EXE - Deleted C:\WINDOWS\SYSTEM32\DNRNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNRRUJDL.EXE - Deleted C:\WINDOWS\SYSTEM32\DNSYIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTOGJGH.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTWYYDG.EXE - Deleted C:\WINDOWS\SYSTEM32\DNVKHIKG.EXE - Deleted C:\WINDOWS\SYSTEM32\DNVRUIUF.EXE - Deleted C:\WINDOWS\SYSTEM32\DNWJLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNWKMYER.EXE - Deleted C:\WINDOWS\SYSTEM32\DNWXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNXFMIQI.EXE - Deleted C:\WINDOWS\SYSTEM32\DNXUAPHL.EXE - Deleted C:\WINDOWS\SYSTEM32\DNXVAGEM.EXE - Deleted C:\WINDOWS\SYSTEM32\DNYIPCLN.EXE - Deleted C:\WINDOWS\SYSTEM32\DNYQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DQNQRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DQWTJSSH.EXE - Deleted C:\WINDOWS\SYSTEM32\DRBCWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRDGLVDX.EXE - Deleted C:\WINDOWS\SYSTEM32\DREEWOJY.EXE - Deleted C:\WINDOWS\SYSTEM32\DRFJGTDJ.EXE - Deleted C:\WINDOWS\SYSTEM32\DRGWTHAU.EXE - Deleted C:\WINDOWS\SYSTEM32\DRHDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRJDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRKAXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRKMJTCM.EXE - Deleted C:\WINDOWS\SYSTEM32\DRKPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRLAWRCF.EXE - Deleted C:\WINDOWS\SYSTEM32\DRMUKTMH.EXE - Deleted C:\WINDOWS\SYSTEM32\DROBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRPAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRPEOURJ.EXE - Deleted C:\WINDOWS\SYSTEM32\DRQAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRQBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRRLFBEK.EXE - Deleted C:\WINDOWS\SYSTEM32\DRRNDMGK.EXE - Deleted C:\WINDOWS\SYSTEM32\DRSCIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRVFTXQL.EXE - Deleted C:\WINDOWS\SYSTEM32\DRVXGKTB.EXE - Deleted C:\WINDOWS\SYSTEM32\DRWSVFMC.EXE - Deleted C:\WINDOWS\SYSTEM32\DRYAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DVAGCSXI.EXE - Deleted C:\WINDOWS\SYSTEM32\DVGWVKXB.EXE - Deleted C:\WINDOWS\SYSTEM32\DVHCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DVNFKAJT.EXE - Deleted C:\WINDOWS\SYSTEM32\DVSBEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DVTPQTGU.EXE - Deleted C:\WINDOWS\SYSTEM32\DVUGWXMH.EXE - Deleted C:\WINDOWS\SYSTEM32\DYJVUPVX.EXE - Deleted C:\WINDOWS\SYSTEM32\GDRUUQWY.EXE - Deleted C:\WINDOWS\SYSTEM32\GGQLVWTJ.EXE - Deleted C:\WINDOWS\SYSTEM32\GKLESAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GLHRBQXS.EXE - Deleted C:\WINDOWS\SYSTEM32\GPAIONUC.EXE - Deleted C:\WINDOWS\SYSTEM32\GPAOAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPBBGOQW.EXE - Deleted C:\WINDOWS\SYSTEM32\GPBITEFG.EXE - Deleted C:\WINDOWS\SYSTEM32\GPBQAAXD.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCGEYTK.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCMXSXG.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCQFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPDNWBQC.EXE - Deleted C:\WINDOWS\SYSTEM32\GPDWWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPEDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPENGTDK.EXE - Deleted C:\WINDOWS\SYSTEM32\GPFCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPFRYSRM.EXE - Deleted C:\WINDOWS\SYSTEM32\GPGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPGPMNDG.EXE - Deleted C:\WINDOWS\SYSTEM32\GPHHBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPHWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPIESPDV.EXE - Deleted C:\WINDOWS\SYSTEM32\GPIXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPIYGCBK.EXE - Deleted C:\WINDOWS\SYSTEM32\GPKCWGNE.EXE - Deleted C:\WINDOWS\SYSTEM32\GPKEATLM.EXE - Deleted C:\WINDOWS\SYSTEM32\GPKJGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPNFGWVN.EXE - Deleted C:\WINDOWS\SYSTEM32\GPOIFIJO.EXE - Deleted C:\WINDOWS\SYSTEM32\GPOJVSMU.EXE - Deleted C:\WINDOWS\SYSTEM32\GPOKIVOT.EXE - Deleted C:\WINDOWS\SYSTEM32\GPPVIDEQ.EXE - Deleted C:\WINDOWS\SYSTEM32\GPRIYNXM.EXE - Deleted C:\WINDOWS\SYSTEM32\GPRQDIJD.EXE - Deleted C:\WINDOWS\SYSTEM32\GPVEMNYU.EXE - Deleted C:\WINDOWS\SYSTEM32\GPVJOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPWAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPWGLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPWXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPYFAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPYLKXYT.EXE - Deleted C:\WINDOWS\SYSTEM32\GTAMYEUU.EXE - Deleted C:\WINDOWS\SYSTEM32\GTAYIOMP.EXE - Deleted C:\WINDOWS\SYSTEM32\GTCAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTEUEFTA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTFKJAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTIGDJXH.EXE - Deleted C:\WINDOWS\SYSTEM32\GTIKDMCD.EXE - Deleted C:\WINDOWS\SYSTEM32\GTISKUXV.EXE - Deleted C:\WINDOWS\SYSTEM32\GTJJFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTKEBSCN.EXE - Deleted C:\WINDOWS\SYSTEM32\GTKQTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTLLUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTLQENCR.EXE - Deleted C:\WINDOWS\SYSTEM32\GTOXSJEL.EXE - Deleted C:\WINDOWS\SYSTEM32\GTPNGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTPRWTVQ.EXE - Deleted C:\WINDOWS\SYSTEM32\GTRNMLOE.EXE - Deleted C:\WINDOWS\SYSTEM32\GTSLDHLU.EXE - Deleted C:\WINDOWS\SYSTEM32\GTTAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTXDMLLR.EXE - Deleted C:\WINDOWS\SYSTEM32\GTXEAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GWBHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GXJGAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GXRBYXYK.EXE - Deleted C:\WINDOWS\SYSTEM32\JBMCAKWR.EXE - Deleted C:\WINDOWS\SYSTEM32\JFBTAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JFCHAKWB.EXE - Deleted C:\WINDOWS\SYSTEM32\JKADFYRQ.EXE - Deleted C:\WINDOWS\SYSTEM32\JKAUQKTP.EXE - Deleted C:\WINDOWS\SYSTEM32\JKBVQTKG.EXE - Deleted C:\WINDOWS\SYSTEM32\JKBXGSBV.EXE - Deleted C:\WINDOWS\SYSTEM32\JKDJBYEI.EXE - Deleted C:\WINDOWS\SYSTEM32\JKDWEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKDWOWCN.EXE - Deleted C:\WINDOWS\SYSTEM32\JKELREEN.EXE - Deleted C:\WINDOWS\SYSTEM32\JKETSQMY.EXE - Deleted C:\WINDOWS\SYSTEM32\JKEXCAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKFAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGDOQUN.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGLSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGVQVGX.EXE - Deleted C:\WINDOWS\SYSTEM32\JKHHXAOQ.EXE - Deleted C:\WINDOWS\SYSTEM32\JKIBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKICSQJK.EXE - Deleted C:\WINDOWS\SYSTEM32\JKIHJGDS.EXE - Deleted C:\WINDOWS\SYSTEM32\JKIRSYIE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKKJSPNM.EXE - Deleted C:\WINDOWS\SYSTEM32\JKKRRUQS.EXE - Deleted C:\WINDOWS\SYSTEM32\JKLHGDBG.EXE - Deleted C:\WINDOWS\SYSTEM32\JKLHSRGR.EXE - Deleted C:\WINDOWS\SYSTEM32\JKLQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKOOAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKPFYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKQFDAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKQLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKQPIAJM.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRGKBFL.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRIAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRSEMFQ.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRXYEIE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKSQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKSSCQNV.EXE - Deleted C:\WINDOWS\SYSTEM32\JKUSHDLE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKVCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKWBPXCE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKYRSTKH.EXE - Deleted C:\WINDOWS\SYSTEM32\JKYVMYWX.EXE - Deleted C:\WINDOWS\SYSTEM32\JOAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOAJOJXX.EXE - Deleted C:\WINDOWS\SYSTEM32\JOAPEPEK.EXE - Deleted C:\WINDOWS\SYSTEM32\JODPGONA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOECKRKW.EXE - Deleted C:\WINDOWS\SYSTEM32\JOFSAFKU.EXE - Deleted C:\WINDOWS\SYSTEM32\JOGGMEQB.EXE - Deleted C:\WINDOWS\SYSTEM32\JOGLIIQU.EXE - Deleted C:\WINDOWS\SYSTEM32\JOIAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOKPPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLLNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLPTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLVQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JONVDFUD.EXE - Deleted C:\WINDOWS\SYSTEM32\JONYRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOPBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOQEDAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOQNSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOQQWLYB.EXE - Deleted C:\WINDOWS\SYSTEM32\JORKWWBJ.EXE - Deleted C:\WINDOWS\SYSTEM32\JORWGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOTKGGFW.EXE - Deleted C:\WINDOWS\SYSTEM32\JOUPJJJW.EXE - Deleted C:\WINDOWS\SYSTEM32\JOUTEJAL.EXE - Deleted C:\WINDOWS\SYSTEM32\JOVBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOXQHNNK.EXE - Deleted C:\WINDOWS\SYSTEM32\JOYECMWK.EXE - Deleted C:\WINDOWS\SYSTEM32\JOYSJICU.EXE - Deleted C:\WINDOWS\SYSTEM32\JSCYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JSDYNRYH.EXE - Deleted C:\WINDOWS\SYSTEM32\JSGWKGVC.EXE - Deleted C:\WINDOWS\SYSTEM32\JSPLEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JVJOJTMK.EXE - Deleted C:\WINDOWS\SYSTEM32\MCACRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCCQLQNB.EXE - Deleted C:\WINDOWS\SYSTEM32\MCDPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCFIOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCIHVVEH.EXE - Deleted C:\WINDOWS\SYSTEM32\MCIUAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCIYTPKY.EXE - Deleted C:\WINDOWS\SYSTEM32\MCJACXUA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCJIYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCLLSAIW.EXE - Deleted C:\WINDOWS\SYSTEM32\MCNQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCNQLDCN.EXE - Deleted C:\WINDOWS\SYSTEM32\MCNUXCGU.EXE - Deleted C:\WINDOWS\SYSTEM32\MCPOBIGJ.EXE - Deleted C:\WINDOWS\SYSTEM32\MCPVSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCQVBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCRBNJNN.EXE - Deleted C:\WINDOWS\SYSTEM32\MCRQMAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCSAQHQP.EXE - Deleted C:\WINDOWS\SYSTEM32\MCTIQOMN.EXE - Deleted C:\WINDOWS\SYSTEM32\MCVJWHAH.EXE - Deleted C:\WINDOWS\SYSTEM32\MCVQVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCVSNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MGHAWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MJOAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MKCVBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MKPAVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MOGGVUEJ.EXE - Deleted C:\WINDOWS\SYSTEM32\MWIAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXAJVTTX.EXE - Deleted C:\WINDOWS\SYSTEM32\MXBLOBXE.EXE - Deleted C:\WINDOWS\SYSTEM32\MXCMEOPA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXDDXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXEOFVEY.EXE - Deleted C:\WINDOWS\SYSTEM32\MXFVAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXGMAEWO.EXE - Deleted C:\WINDOWS\SYSTEM32\MXHNXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXHQYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXITSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXJHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXJNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXJRMPMR.EXE - Deleted C:\WINDOWS\SYSTEM32\MXKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXKWJYBQ.EXE - Deleted C:\WINDOWS\SYSTEM32\MXMQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXMSDNLD.EXE - Deleted C:\WINDOWS\SYSTEM32\MXNHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXOGUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXOWYIWN.EXE - Deleted C:\WINDOWS\SYSTEM32\MXPFEVSY.EXE - Deleted C:\WINDOWS\SYSTEM32\MXRESAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSISBHG.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSQTLIP.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSRRYMQ.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSWSWDK.EXE - Deleted C:\WINDOWS\SYSTEM32\MXTNOJCJ.EXE - Deleted C:\WINDOWS\SYSTEM32\MXTRKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXVIEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXVIMAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXVJIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXWPCNFY.EXE - Deleted C:\WINDOWS\SYSTEM32\MXXPXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXYGCAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PDAHLMXO.EXE - Deleted C:\WINDOWS\SYSTEM32\PEAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEAGMAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBFVADS.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBJTDNR.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBVGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBWRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBXLUPV.EXE - Deleted C:\WINDOWS\SYSTEM32\PECCLCKD.EXE - Deleted C:\WINDOWS\SYSTEM32\PECGAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PECJWUGF.EXE - Deleted C:\WINDOWS\SYSTEM32\PECWJCKT.EXE - Deleted C:\WINDOWS\SYSTEM32\PEDAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEDLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEDWRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEEBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEEQTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEEXOPIU.EXE - Deleted C:\WINDOWS\SYSTEM32\PEFHIJGP.EXE - Deleted C:\WINDOWS\SYSTEM32\PEFLSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGJGBJQ.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGOQWCA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEHCEORN.EXE - Deleted C:\WINDOWS\SYSTEM32\PEHFAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEHVFSNQ.EXE - Deleted C:\WINDOWS\SYSTEM32\PEIMAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEKBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PELAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PELKPNQK.EXE - Deleted C:\WINDOWS\SYSTEM32\PELWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEMYUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PENBPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEOEQQXX.EXE - Deleted C:\WINDOWS\SYSTEM32\PEOQJXCL.EXE - Deleted C:\WINDOWS\SYSTEM32\PEOXEFGF.EXE - Deleted C:\WINDOWS\SYSTEM32\PEQAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEQNKAHB.EXE - Deleted C:\WINDOWS\SYSTEM32\PEQURAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PERCXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PERHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PERIVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PESUGFVE.EXE - Deleted C:\WINDOWS\SYSTEM32\PESUYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PESWNPAB.EXE - Deleted C:\WINDOWS\SYSTEM32\PEUDSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEUPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEUWJPOH.EXE - Deleted C:\WINDOWS\SYSTEM32\PEVWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEWRSVHX.EXE - Deleted C:\WINDOWS\SYSTEM32\PEXABCHJ.EXE - Deleted C:\WINDOWS\SYSTEM32\PEYAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PICNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PICOYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIDSAUCB.EXE - Deleted C:\WINDOWS\SYSTEM32\PIFEOQQL.EXE - Deleted C:\WINDOWS\SYSTEM32\PIGNAEXF.EXE - Deleted C:\WINDOWS\SYSTEM32\PIGQNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIHBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIHXLXXX.EXE - Deleted C:\WINDOWS\SYSTEM32\PIJNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIKCKEWS.EXE - Deleted C:\WINDOWS\SYSTEM32\PIKJFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PILMQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PINUJMTM.EXE - Deleted C:\WINDOWS\SYSTEM32\PIQBXDCT.EXE - Deleted C:\WINDOWS\SYSTEM32\PIQYXVJK.EXE - Deleted C:\WINDOWS\SYSTEM32\PIRPDAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PITEFFNH.EXE - Deleted C:\WINDOWS\SYSTEM32\PIURQHGW.EXE - Deleted C:\WINDOWS\SYSTEM32\PIYRSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIYTEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PMESRKEK.EXE - Deleted C:\WINDOWS\SYSTEM32\PMHNYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PMIXAHID.EXE - Deleted C:\WINDOWS\SYSTEM32\PPTKPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PQOVAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PTKTLLMR.EXE - Deleted C:\WINDOWS\SYSTEM32\PTMPQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PYBEQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PYJQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PYVNFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SBGCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDADSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDAEKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDCSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDDERWTW.EXE - Deleted C:\WINDOWS\SYSTEM32\SDEPYLKN.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFIJKNB.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFIRDFE.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFNCOVW.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFUWJQI.EXE - Deleted C:\WINDOWS\SYSTEM32\SDGPCPQP.EXE - Deleted C:\WINDOWS\SYSTEM32\SDIBHRQE.EXE - Deleted C:\WINDOWS\SYSTEM32\SDIGYGKH.EXE - Deleted C:\WINDOWS\SYSTEM32\SDIIGBIN.EXE - Deleted C:\WINDOWS\SYSTEM32\SDILCOGV.EXE - Deleted C:\WINDOWS\SYSTEM32\SDJHJQLO.EXE - Deleted C:\WINDOWS\SYSTEM32\SDJLWYWK.EXE - Deleted C:\WINDOWS\SYSTEM32\SDKONQSE.EXE - Deleted C:\WINDOWS\SYSTEM32\SDKVPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDLHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDMCBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDMIKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDMJAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDNCTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDOVFERS.EXE - Deleted C:\WINDOWS\SYSTEM32\SDPBRRVR.EXE - Deleted C:\WINDOWS\SYSTEM32\SDPPVRAQ.EXE - Deleted C:\WINDOWS\SYSTEM32\SDQCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDQCKKIT.EXE - Deleted C:\WINDOWS\SYSTEM32\SDQRUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDRCORFK.EXE - Deleted C:\WINDOWS\SYSTEM32\SDRCWBSX.EXE - Deleted C:\WINDOWS\SYSTEM32\SDSRLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDSVAJCO.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTGBTIH.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTKHBFW.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTRWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDVADSAM.EXE - Deleted C:\WINDOWS\SYSTEM32\SDWBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDXACAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDYAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SGIBNGBE.EXE - Deleted C:\WINDOWS\SYSTEM32\SHAIXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHASXEHD.EXE - Deleted C:\WINDOWS\SYSTEM32\SHBBSKOC.EXE - Deleted C:\WINDOWS\SYSTEM32\SHBEQUYR.EXE - Deleted C:\WINDOWS\SYSTEM32\SHCSQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHDPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHDUIDAX.EXE - Deleted C:\WINDOWS\SYSTEM32\SHEBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHECQVHP.EXE - Deleted C:\WINDOWS\SYSTEM32\SHEIIUEX.EXE - Deleted C:\WINDOWS\SYSTEM32\SHGVUIYI.EXE - Deleted C:\WINDOWS\SYSTEM32\SHIDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHKDBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHKHDRVC.EXE - Deleted C:\WINDOWS\SYSTEM32\SHKKUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHLFMTUB.EXE - Deleted C:\WINDOWS\SYSTEM32\SHLKKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHMTBXEJ.EXE - Deleted C:\WINDOWS\SYSTEM32\SHPAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHPQLURR.EXE - Deleted C:\WINDOWS\SYSTEM32\SHQAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHSHYLCP.EXE - Deleted C:\WINDOWS\SYSTEM32\SHSQXNHW.EXE - Deleted C:\WINDOWS\SYSTEM32\SHTVNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHUCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHVRAFDD.EXE - Deleted C:\WINDOWS\SYSTEM32\SHWFHAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SKKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SLGXYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SLHTJOEQ.EXE - Deleted C:\WINDOWS\SYSTEM32\SLLBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SLOERAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SQVKTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SSGBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\STVAOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SUUMILEC.EXE - Deleted C:\WINDOWS\SYSTEM32\VBEENAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VCMDEJIK.EXE - Deleted C:\WINDOWS\SYSTEM32\VDDDNNUH.EXE - Deleted C:\WINDOWS\SYSTEM32\VDKSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VDMCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VDSXODEV.EXE - Deleted C:\WINDOWS\SYSTEM32\VDYMLXQA.EXE - Deleted C:\WINDOWS\SYSTEM32\VHIIACPG.EXE - Deleted C:\WINDOWS\SYSTEM32\VHLNUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VHTNBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VKEMVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VPYYSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VQDYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VTOYDECU.EXE - Deleted C:\WINDOWS\SYSTEM32\VUAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUAFNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUANDIMH.EXE - Deleted C:\WINDOWS\SYSTEM32\VUBAMALU.EXE - Deleted C:\WINDOWS\SYSTEM32\VUCLWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUDMPFMR.EXE - Deleted C:\WINDOWS\SYSTEM32\VUEIQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUEXIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUFYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUGYBVIJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VUIEOXTE.EXE - Deleted C:\WINDOWS\SYSTEM32\VUIHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUJKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VULNRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUMFLRFF.EXE - Deleted C:\WINDOWS\SYSTEM32\VUMLGBAL.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNHTFNL.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNJRWGJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNKKHNV.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNQJAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNXLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUOAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUOLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPJLXTO.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPRUCBT.EXE - Deleted C:\WINDOWS\SYSTEM32\VUQDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUQQUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUQXAOMO.EXE - Deleted C:\WINDOWS\SYSTEM32\VURDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VURLGWLC.EXE - Deleted C:\WINDOWS\SYSTEM32\VURXJXTP.EXE - Deleted C:\WINDOWS\SYSTEM32\VUSQDUBE.EXE - Deleted C:\WINDOWS\SYSTEM32\VUSVYXMY.EXE - Deleted C:\WINDOWS\SYSTEM32\VUTAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUTFKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUTITXPY.EXE - Deleted C:\WINDOWS\SYSTEM32\VUUWWJPW.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVHTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVSBJYN.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVVCANJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VUXAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUXFBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUYMPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYACDGVW.EXE - Deleted C:\WINDOWS\SYSTEM32\VYDCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYDSUSAH.EXE - Deleted C:\WINDOWS\SYSTEM32\VYEEAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYEWXCMU.EXE - Deleted C:\WINDOWS\SYSTEM32\VYGSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYIFXQQS.EXE - Deleted C:\WINDOWS\SYSTEM32\VYJJGXSA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYJYTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYLKBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYNSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYNXYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYNYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYODGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYPFRUAJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VYPSPLIL.EXE - Deleted C:\WINDOWS\SYSTEM32\VYQAEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYSAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYSRAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYULALHX.EXE - Deleted C:\WINDOWS\SYSTEM32\VYWPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYXLVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYXVJCYG.EXE - Deleted C:\WINDOWS\SYSTEM32\IDHVHRI.DLL - Deleted C:\WINDOWS\SYSTEM32\AEAEAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEAUKOYH.EXE - Deleted C:\WINDOWS\SYSTEM32\AEBFAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEBKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECCTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECSIGFN.EXE - Deleted C:\WINDOWS\SYSTEM32\AECSKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AECXJWJX.EXE - Deleted C:\WINDOWS\SYSTEM32\AEDDXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEDVKASD.EXE - Deleted C:\WINDOWS\SYSTEM32\AEDYGQCX.EXE - Deleted C:\WINDOWS\SYSTEM32\AEEAOHRF.EXE - Deleted C:\WINDOWS\SYSTEM32\AEELRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEEQGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEGMAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEIYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEJAXQWG.EXE - Deleted C:\WINDOWS\SYSTEM32\AEKJAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEKJHAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEKVHDET.EXE - Deleted C:\WINDOWS\SYSTEM32\AELDSOYO.EXE - Deleted C:\WINDOWS\SYSTEM32\AEMAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEMOLFEV.EXE - Deleted C:\WINDOWS\SYSTEM32\AEMWXUCY.EXE - Deleted C:\WINDOWS\SYSTEM32\AENRNJWO.EXE - Deleted C:\WINDOWS\SYSTEM32\AEOPPMNH.EXE - Deleted C:\WINDOWS\SYSTEM32\AEPIJRXI.EXE - Deleted C:\WINDOWS\SYSTEM32\AEPYUCGH.EXE - Deleted C:\WINDOWS\SYSTEM32\AEQDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEQRQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AERAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AESLFYNQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AESOUWUK.EXE - Deleted C:\WINDOWS\SYSTEM32\AESQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AESWFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEUCVPMX.EXE - Deleted C:\WINDOWS\SYSTEM32\AEUJJAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEUQGWYM.EXE - Deleted C:\WINDOWS\SYSTEM32\AEVGKTVK.EXE - Deleted C:\WINDOWS\SYSTEM32\AEWNOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEWUAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEXPLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEXQGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AEYHLAMQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AIBAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AICPCAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIDRUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIFKXBGB.EXE - Deleted C:\WINDOWS\SYSTEM32\AIGBEJVH.EXE - Deleted C:\WINDOWS\SYSTEM32\AIGJOXNX.EXE - Deleted C:\WINDOWS\SYSTEM32\AIIAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIKABAPK.EXE - Deleted C:\WINDOWS\SYSTEM32\AILRAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIMHJRSY.EXE - Deleted C:\WINDOWS\SYSTEM32\AIMMFAMX.EXE - Deleted C:\WINDOWS\SYSTEM32\AINSEQIU.EXE - Deleted C:\WINDOWS\SYSTEM32\AIODHGVQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AIPBXEAI.EXE - Deleted C:\WINDOWS\SYSTEM32\AIPTCEXK.EXE - Deleted C:\WINDOWS\SYSTEM32\AIPXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIRGBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIRVGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AISCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIWHTPDR.EXE - Deleted C:\WINDOWS\SYSTEM32\AIWSVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AIXHPLOL.EXE - Deleted C:\WINDOWS\SYSTEM32\AIXMVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AMDRVQDI.EXE - Deleted C:\WINDOWS\SYSTEM32\AMLTKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AMOOUUKQ.EXE - Deleted C:\WINDOWS\SYSTEM32\AMQOTDSQ.EXE - Deleted C:\WINDOWS\SYSTEM32\APRUAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\ARLQCIBA.EXE - Deleted C:\WINDOWS\SYSTEM32\AUSVMQIK.EXE - Deleted C:\WINDOWS\SYSTEM32\AUUAEWNS.EXE - Deleted C:\WINDOWS\SYSTEM32\AYCJOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\AYCPNEEE.EXE - Deleted C:\WINDOWS\SYSTEM32\AYRIAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DATJAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DAVAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DFQYFIJO.EXE - Deleted C:\WINDOWS\SYSTEM32\DJGJRUIH.EXE - Deleted C:\WINDOWS\SYSTEM32\DJLRLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DJLVDAUC.EXE - Deleted C:\WINDOWS\SYSTEM32\DMAYQCOM.EXE - Deleted C:\WINDOWS\SYSTEM32\DNBAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNBIBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNBMACFT.EXE - Deleted C:\WINDOWS\SYSTEM32\DNCUJEWX.EXE - Deleted C:\WINDOWS\SYSTEM32\DNDMDHRP.EXE - Deleted C:\WINDOWS\SYSTEM32\DNDYKMVX.EXE - Deleted C:\WINDOWS\SYSTEM32\DNEVAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNFAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNFIHJEC.EXE - Deleted C:\WINDOWS\SYSTEM32\DNGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHDAGXW.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHISJCM.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHLTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHPKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNHRGYEF.EXE - Deleted C:\WINDOWS\SYSTEM32\DNIDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNIHKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNIUPOVW.EXE - Deleted C:\WINDOWS\SYSTEM32\DNJDUYAY.EXE - Deleted C:\WINDOWS\SYSTEM32\DNKPVOPG.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNLSDWCF.EXE - Deleted C:\WINDOWS\SYSTEM32\DNNWASOH.EXE - Deleted C:\WINDOWS\SYSTEM32\DNOUQMUK.EXE - Deleted C:\WINDOWS\SYSTEM32\DNPWWDNQ.EXE - Deleted C:\WINDOWS\SYSTEM32\DNQWLESV.EXE - Deleted C:\WINDOWS\SYSTEM32\DNRNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNRRUJDL.EXE - Deleted C:\WINDOWS\SYSTEM32\DNSYIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTOGJGH.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNTWYYDG.EXE - Deleted C:\WINDOWS\SYSTEM32\DNVKHIKG.EXE - Deleted C:\WINDOWS\SYSTEM32\DNVRUIUF.EXE - Deleted C:\WINDOWS\SYSTEM32\DNWJLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNWKMYER.EXE - Deleted C:\WINDOWS\SYSTEM32\DNWXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DNXFMIQI.EXE - Deleted C:\WINDOWS\SYSTEM32\DNXUAPHL.EXE - Deleted C:\WINDOWS\SYSTEM32\DNXVAGEM.EXE - Deleted C:\WINDOWS\SYSTEM32\DNYIPCLN.EXE - Deleted C:\WINDOWS\SYSTEM32\DNYQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DQNQRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DQWTJSSH.EXE - Deleted C:\WINDOWS\SYSTEM32\DRBCWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRDGLVDX.EXE - Deleted C:\WINDOWS\SYSTEM32\DREEWOJY.EXE - Deleted C:\WINDOWS\SYSTEM32\DRFJGTDJ.EXE - Deleted C:\WINDOWS\SYSTEM32\DRGWTHAU.EXE - Deleted C:\WINDOWS\SYSTEM32\DRHDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRJDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRKAXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRKMJTCM.EXE - Deleted C:\WINDOWS\SYSTEM32\DRKPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRLAWRCF.EXE - Deleted C:\WINDOWS\SYSTEM32\DRMUKTMH.EXE - Deleted C:\WINDOWS\SYSTEM32\DROBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRPAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRPEOURJ.EXE - Deleted C:\WINDOWS\SYSTEM32\DRQAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRQBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRRLFBEK.EXE - Deleted C:\WINDOWS\SYSTEM32\DRRNDMGK.EXE - Deleted C:\WINDOWS\SYSTEM32\DRSCIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DRVFTXQL.EXE - Deleted C:\WINDOWS\SYSTEM32\DRVXGKTB.EXE - Deleted C:\WINDOWS\SYSTEM32\DRWSVFMC.EXE - Deleted C:\WINDOWS\SYSTEM32\DRYAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DVAGCSXI.EXE - Deleted C:\WINDOWS\SYSTEM32\DVGWVKXB.EXE - Deleted C:\WINDOWS\SYSTEM32\DVHCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DVNFKAJT.EXE - Deleted C:\WINDOWS\SYSTEM32\DVSBEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\DVTPQTGU.EXE - Deleted C:\WINDOWS\SYSTEM32\DVUGWXMH.EXE - Deleted C:\WINDOWS\SYSTEM32\DYJVUPVX.EXE - Deleted C:\WINDOWS\SYSTEM32\GDRUUQWY.EXE - Deleted C:\WINDOWS\SYSTEM32\GGQLVWTJ.EXE - Deleted C:\WINDOWS\SYSTEM32\GKLESAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GLHRBQXS.EXE - Deleted C:\WINDOWS\SYSTEM32\GPAIONUC.EXE - Deleted C:\WINDOWS\SYSTEM32\GPAOAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPBBGOQW.EXE - Deleted C:\WINDOWS\SYSTEM32\GPBITEFG.EXE - Deleted C:\WINDOWS\SYSTEM32\GPBQAAXD.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCGEYTK.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCMXSXG.EXE - Deleted C:\WINDOWS\SYSTEM32\GPCQFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPDNWBQC.EXE - Deleted C:\WINDOWS\SYSTEM32\GPDWWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPEDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPENGTDK.EXE - Deleted C:\WINDOWS\SYSTEM32\GPFCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPFRYSRM.EXE - Deleted C:\WINDOWS\SYSTEM32\GPGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPGPMNDG.EXE - Deleted C:\WINDOWS\SYSTEM32\GPHHBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPHWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPIESPDV.EXE - Deleted C:\WINDOWS\SYSTEM32\GPIXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPIYGCBK.EXE - Deleted C:\WINDOWS\SYSTEM32\GPKCWGNE.EXE - Deleted C:\WINDOWS\SYSTEM32\GPKEATLM.EXE - Deleted C:\WINDOWS\SYSTEM32\GPKJGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPNFGWVN.EXE - Deleted C:\WINDOWS\SYSTEM32\GPOIFIJO.EXE - Deleted C:\WINDOWS\SYSTEM32\GPOJVSMU.EXE - Deleted C:\WINDOWS\SYSTEM32\GPOKIVOT.EXE - Deleted C:\WINDOWS\SYSTEM32\GPPVIDEQ.EXE - Deleted C:\WINDOWS\SYSTEM32\GPRIYNXM.EXE - Deleted C:\WINDOWS\SYSTEM32\GPRQDIJD.EXE - Deleted C:\WINDOWS\SYSTEM32\GPVEMNYU.EXE - Deleted C:\WINDOWS\SYSTEM32\GPVJOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPWAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPWGLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPWXAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPYFAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GPYLKXYT.EXE - Deleted C:\WINDOWS\SYSTEM32\GTAMYEUU.EXE - Deleted C:\WINDOWS\SYSTEM32\GTAYIOMP.EXE - Deleted C:\WINDOWS\SYSTEM32\GTCAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTEUEFTA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTFKJAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTIGDJXH.EXE - Deleted C:\WINDOWS\SYSTEM32\GTIKDMCD.EXE - Deleted C:\WINDOWS\SYSTEM32\GTISKUXV.EXE - Deleted C:\WINDOWS\SYSTEM32\GTJJFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTKEBSCN.EXE - Deleted C:\WINDOWS\SYSTEM32\GTKQTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTLLUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTLQENCR.EXE - Deleted C:\WINDOWS\SYSTEM32\GTOXSJEL.EXE - Deleted C:\WINDOWS\SYSTEM32\GTPNGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTPRWTVQ.EXE - Deleted C:\WINDOWS\SYSTEM32\GTRNMLOE.EXE - Deleted C:\WINDOWS\SYSTEM32\GTSLDHLU.EXE - Deleted C:\WINDOWS\SYSTEM32\GTTAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GTXDMLLR.EXE - Deleted C:\WINDOWS\SYSTEM32\GTXEAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GWBHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GXJGAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\GXRBYXYK.EXE - Deleted C:\WINDOWS\SYSTEM32\JBMCAKWR.EXE - Deleted C:\WINDOWS\SYSTEM32\JFBTAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JFCHAKWB.EXE - Deleted C:\WINDOWS\SYSTEM32\JKADFYRQ.EXE - Deleted C:\WINDOWS\SYSTEM32\JKAUQKTP.EXE - Deleted C:\WINDOWS\SYSTEM32\JKBVQTKG.EXE - Deleted C:\WINDOWS\SYSTEM32\JKBXGSBV.EXE - Deleted C:\WINDOWS\SYSTEM32\JKDJBYEI.EXE - Deleted C:\WINDOWS\SYSTEM32\JKDWEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKDWOWCN.EXE - Deleted C:\WINDOWS\SYSTEM32\JKELREEN.EXE - Deleted C:\WINDOWS\SYSTEM32\JKETSQMY.EXE - Deleted C:\WINDOWS\SYSTEM32\JKEXCAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKFAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGDOQUN.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGLSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKGVQVGX.EXE - Deleted C:\WINDOWS\SYSTEM32\JKHHXAOQ.EXE - Deleted C:\WINDOWS\SYSTEM32\JKIBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKICSQJK.EXE - Deleted C:\WINDOWS\SYSTEM32\JKIHJGDS.EXE - Deleted C:\WINDOWS\SYSTEM32\JKIRSYIE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKKJSPNM.EXE - Deleted C:\WINDOWS\SYSTEM32\JKKRRUQS.EXE - Deleted C:\WINDOWS\SYSTEM32\JKLHGDBG.EXE - Deleted C:\WINDOWS\SYSTEM32\JKLHSRGR.EXE - Deleted C:\WINDOWS\SYSTEM32\JKLQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKOOAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKPFYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKQFDAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKQLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKQPIAJM.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRGKBFL.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRIAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRSEMFQ.EXE - Deleted C:\WINDOWS\SYSTEM32\JKRXYEIE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKSQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKSSCQNV.EXE - Deleted C:\WINDOWS\SYSTEM32\JKUSHDLE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKVCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JKWBPXCE.EXE - Deleted C:\WINDOWS\SYSTEM32\JKYRSTKH.EXE - Deleted C:\WINDOWS\SYSTEM32\JKYVMYWX.EXE - Deleted C:\WINDOWS\SYSTEM32\JOAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOAJOJXX.EXE - Deleted C:\WINDOWS\SYSTEM32\JOAPEPEK.EXE - Deleted C:\WINDOWS\SYSTEM32\JODPGONA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOECKRKW.EXE - Deleted C:\WINDOWS\SYSTEM32\JOFSAFKU.EXE - Deleted C:\WINDOWS\SYSTEM32\JOGGMEQB.EXE - Deleted C:\WINDOWS\SYSTEM32\JOGLIIQU.EXE - Deleted C:\WINDOWS\SYSTEM32\JOIAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOKPPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLLNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLPTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOLVQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JONVDFUD.EXE - Deleted C:\WINDOWS\SYSTEM32\JONYRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOPBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOQEDAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOQNSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOQQWLYB.EXE - Deleted C:\WINDOWS\SYSTEM32\JORKWWBJ.EXE - Deleted C:\WINDOWS\SYSTEM32\JORWGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOTKGGFW.EXE - Deleted C:\WINDOWS\SYSTEM32\JOUPJJJW.EXE - Deleted C:\WINDOWS\SYSTEM32\JOUTEJAL.EXE - Deleted C:\WINDOWS\SYSTEM32\JOVBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JOXQHNNK.EXE - Deleted C:\WINDOWS\SYSTEM32\JOYECMWK.EXE - Deleted C:\WINDOWS\SYSTEM32\JOYSJICU.EXE - Deleted C:\WINDOWS\SYSTEM32\JSCYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JSDYNRYH.EXE - Deleted C:\WINDOWS\SYSTEM32\JSGWKGVC.EXE - Deleted C:\WINDOWS\SYSTEM32\JSPLEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\JVJOJTMK.EXE - Deleted C:\WINDOWS\SYSTEM32\MCACRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCCQLQNB.EXE - Deleted C:\WINDOWS\SYSTEM32\MCDPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCFIOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCIHVVEH.EXE - Deleted C:\WINDOWS\SYSTEM32\MCIUAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCIYTPKY.EXE - Deleted C:\WINDOWS\SYSTEM32\MCJACXUA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCJIYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCLLSAIW.EXE - Deleted C:\WINDOWS\SYSTEM32\MCNQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCNQLDCN.EXE - Deleted C:\WINDOWS\SYSTEM32\MCNUXCGU.EXE - Deleted C:\WINDOWS\SYSTEM32\MCPOBIGJ.EXE - Deleted C:\WINDOWS\SYSTEM32\MCPVSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCQVBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCRBNJNN.EXE - Deleted C:\WINDOWS\SYSTEM32\MCRQMAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCSAQHQP.EXE - Deleted C:\WINDOWS\SYSTEM32\MCTIQOMN.EXE - Deleted C:\WINDOWS\SYSTEM32\MCVJWHAH.EXE - Deleted C:\WINDOWS\SYSTEM32\MCVQVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MCVSNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MGHAWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MJOAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MKCVBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MKPAVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MOGGVUEJ.EXE - Deleted C:\WINDOWS\SYSTEM32\MWIAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXAJVTTX.EXE - Deleted C:\WINDOWS\SYSTEM32\MXBLOBXE.EXE - Deleted C:\WINDOWS\SYSTEM32\MXCMEOPA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXDDXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXEOFVEY.EXE - Deleted C:\WINDOWS\SYSTEM32\MXFVAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXGMAEWO.EXE - Deleted C:\WINDOWS\SYSTEM32\MXHNXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXHQYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXITSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXJHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXJNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXJRMPMR.EXE - Deleted C:\WINDOWS\SYSTEM32\MXKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXKWJYBQ.EXE - Deleted C:\WINDOWS\SYSTEM32\MXMQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXMSDNLD.EXE - Deleted C:\WINDOWS\SYSTEM32\MXNHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXOGUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXOWYIWN.EXE - Deleted C:\WINDOWS\SYSTEM32\MXPFEVSY.EXE - Deleted C:\WINDOWS\SYSTEM32\MXRESAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSISBHG.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSQTLIP.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSRRYMQ.EXE - Deleted C:\WINDOWS\SYSTEM32\MXSWSWDK.EXE - Deleted C:\WINDOWS\SYSTEM32\MXTNOJCJ.EXE - Deleted C:\WINDOWS\SYSTEM32\MXTRKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXVIEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXVIMAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXVJIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXWPCNFY.EXE - Deleted C:\WINDOWS\SYSTEM32\MXXPXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\MXYGCAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PDAHLMXO.EXE - Deleted C:\WINDOWS\SYSTEM32\PEAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEAGMAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBFVADS.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBJTDNR.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBVGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBWRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEBXLUPV.EXE - Deleted C:\WINDOWS\SYSTEM32\PECCLCKD.EXE - Deleted C:\WINDOWS\SYSTEM32\PECGAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PECJWUGF.EXE - Deleted C:\WINDOWS\SYSTEM32\PECWJCKT.EXE - Deleted C:\WINDOWS\SYSTEM32\PEDAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEDLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEDWRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEEBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEEQTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEEXOPIU.EXE - Deleted C:\WINDOWS\SYSTEM32\PEFHIJGP.EXE - Deleted C:\WINDOWS\SYSTEM32\PEFLSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGJGBJQ.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGOQWCA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEGWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEHCEORN.EXE - Deleted C:\WINDOWS\SYSTEM32\PEHFAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEHVFSNQ.EXE - Deleted C:\WINDOWS\SYSTEM32\PEIMAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEKBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PELAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PELKPNQK.EXE - Deleted C:\WINDOWS\SYSTEM32\PELWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEMYUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PENBPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEOEQQXX.EXE - Deleted C:\WINDOWS\SYSTEM32\PEOQJXCL.EXE - Deleted C:\WINDOWS\SYSTEM32\PEOXEFGF.EXE - Deleted C:\WINDOWS\SYSTEM32\PEQAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEQNKAHB.EXE - Deleted C:\WINDOWS\SYSTEM32\PEQURAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PERCXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PERHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PERIVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PESUGFVE.EXE - Deleted C:\WINDOWS\SYSTEM32\PESUYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PESWNPAB.EXE - Deleted C:\WINDOWS\SYSTEM32\PEUDSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEUPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEUWJPOH.EXE - Deleted C:\WINDOWS\SYSTEM32\PEVWAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PEWRSVHX.EXE - Deleted C:\WINDOWS\SYSTEM32\PEXABCHJ.EXE - Deleted C:\WINDOWS\SYSTEM32\PEYAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PICNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PICOYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIDSAUCB.EXE - Deleted C:\WINDOWS\SYSTEM32\PIFEOQQL.EXE - Deleted C:\WINDOWS\SYSTEM32\PIGNAEXF.EXE - Deleted C:\WINDOWS\SYSTEM32\PIGQNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIHBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIHXLXXX.EXE - Deleted C:\WINDOWS\SYSTEM32\PIJNAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIKCKEWS.EXE - Deleted C:\WINDOWS\SYSTEM32\PIKJFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PILMQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PINUJMTM.EXE - Deleted C:\WINDOWS\SYSTEM32\PIQBXDCT.EXE - Deleted C:\WINDOWS\SYSTEM32\PIQYXVJK.EXE - Deleted C:\WINDOWS\SYSTEM32\PIRPDAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PITEFFNH.EXE - Deleted C:\WINDOWS\SYSTEM32\PIURQHGW.EXE - Deleted C:\WINDOWS\SYSTEM32\PIYRSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PIYTEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PMESRKEK.EXE - Deleted C:\WINDOWS\SYSTEM32\PMHNYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PMIXAHID.EXE - Deleted C:\WINDOWS\SYSTEM32\PPTKPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PQOVAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PTKTLLMR.EXE - Deleted C:\WINDOWS\SYSTEM32\PTMPQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PYBEQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PYJQAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\PYVNFAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SBGCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDADSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDAEKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDCSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDDERWTW.EXE - Deleted C:\WINDOWS\SYSTEM32\SDEPYLKN.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFIJKNB.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFIRDFE.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFNCOVW.EXE - Deleted C:\WINDOWS\SYSTEM32\SDFUWJQI.EXE - Deleted C:\WINDOWS\SYSTEM32\SDGPCPQP.EXE - Deleted C:\WINDOWS\SYSTEM32\SDIBHRQE.EXE - Deleted C:\WINDOWS\SYSTEM32\SDIGYGKH.EXE - Deleted C:\WINDOWS\SYSTEM32\SDIIGBIN.EXE - Deleted C:\WINDOWS\SYSTEM32\SDILCOGV.EXE - Deleted C:\WINDOWS\SYSTEM32\SDJHJQLO.EXE - Deleted C:\WINDOWS\SYSTEM32\SDJLWYWK.EXE - Deleted C:\WINDOWS\SYSTEM32\SDKONQSE.EXE - Deleted C:\WINDOWS\SYSTEM32\SDKVPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDLHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDMCBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDMIKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDMJAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDNCTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDOVFERS.EXE - Deleted C:\WINDOWS\SYSTEM32\SDPBRRVR.EXE - Deleted C:\WINDOWS\SYSTEM32\SDPPVRAQ.EXE - Deleted C:\WINDOWS\SYSTEM32\SDQCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDQCKKIT.EXE - Deleted C:\WINDOWS\SYSTEM32\SDQRUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDRCORFK.EXE - Deleted C:\WINDOWS\SYSTEM32\SDRCWBSX.EXE - Deleted C:\WINDOWS\SYSTEM32\SDSRLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDSVAJCO.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTGBTIH.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTKHBFW.EXE - Deleted C:\WINDOWS\SYSTEM32\SDTRWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDVADSAM.EXE - Deleted C:\WINDOWS\SYSTEM32\SDWBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDXACAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SDYAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SGIBNGBE.EXE - Deleted C:\WINDOWS\SYSTEM32\SHAIXAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHASXEHD.EXE - Deleted C:\WINDOWS\SYSTEM32\SHBBSKOC.EXE - Deleted C:\WINDOWS\SYSTEM32\SHBEQUYR.EXE - Deleted C:\WINDOWS\SYSTEM32\SHCSQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHDPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHDUIDAX.EXE - Deleted C:\WINDOWS\SYSTEM32\SHEBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHECQVHP.EXE - Deleted C:\WINDOWS\SYSTEM32\SHEIIUEX.EXE - Deleted C:\WINDOWS\SYSTEM32\SHGVUIYI.EXE - Deleted C:\WINDOWS\SYSTEM32\SHIDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHKDBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHKHDRVC.EXE - Deleted C:\WINDOWS\SYSTEM32\SHKKUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHLFMTUB.EXE - Deleted C:\WINDOWS\SYSTEM32\SHLKKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHMTBXEJ.EXE - Deleted C:\WINDOWS\SYSTEM32\SHPAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHPQLURR.EXE - Deleted C:\WINDOWS\SYSTEM32\SHQAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHSHYLCP.EXE - Deleted C:\WINDOWS\SYSTEM32\SHSQXNHW.EXE - Deleted C:\WINDOWS\SYSTEM32\SHTVNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHUCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SHVRAFDD.EXE - Deleted C:\WINDOWS\SYSTEM32\SHWFHAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SKKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SLGXYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SLHTJOEQ.EXE - Deleted C:\WINDOWS\SYSTEM32\SLLBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SLOERAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SQVKTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SSGBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\STVAOAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\SUUMILEC.EXE - Deleted C:\WINDOWS\SYSTEM32\VBEENAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VCMDEJIK.EXE - Deleted C:\WINDOWS\SYSTEM32\VDDDNNUH.EXE - Deleted C:\WINDOWS\SYSTEM32\VDKSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VDMCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VDSXODEV.EXE - Deleted C:\WINDOWS\SYSTEM32\VDYMLXQA.EXE - Deleted C:\WINDOWS\SYSTEM32\VHIIACPG.EXE - Deleted C:\WINDOWS\SYSTEM32\VHLNUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VHTNBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VKEMVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VPYYSAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VQDYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VTOYDECU.EXE - Deleted C:\WINDOWS\SYSTEM32\VUAAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUAFNAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUANDIMH.EXE - Deleted C:\WINDOWS\SYSTEM32\VUBAMALU.EXE - Deleted C:\WINDOWS\SYSTEM32\VUCLWAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUDMPFMR.EXE - Deleted C:\WINDOWS\SYSTEM32\VUEIQAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUEXIAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUFYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUGYBVIJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VUIEOXTE.EXE - Deleted C:\WINDOWS\SYSTEM32\VUIHAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUJKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VULNRAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUMFLRFF.EXE - Deleted C:\WINDOWS\SYSTEM32\VUMLGBAL.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNBAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNHTFNL.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNJRWGJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNKKHNV.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNQJAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUNXLAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUOAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUOLAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPJLXTO.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUPRUCBT.EXE - Deleted C:\WINDOWS\SYSTEM32\VUQDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUQQUAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUQXAOMO.EXE - Deleted C:\WINDOWS\SYSTEM32\VURDAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VURLGWLC.EXE - Deleted C:\WINDOWS\SYSTEM32\VURXJXTP.EXE - Deleted C:\WINDOWS\SYSTEM32\VUSQDUBE.EXE - Deleted C:\WINDOWS\SYSTEM32\VUSVYXMY.EXE - Deleted C:\WINDOWS\SYSTEM32\VUTAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUTFKAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUTITXPY.EXE - Deleted C:\WINDOWS\SYSTEM32\VUUWWJPW.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVHTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVKAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVSBJYN.EXE - Deleted C:\WINDOWS\SYSTEM32\VUVVCANJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VUXAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUXFBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VUYMPAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYACDGVW.EXE - Deleted C:\WINDOWS\SYSTEM32\VYDCAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYDSUSAH.EXE - Deleted C:\WINDOWS\SYSTEM32\VYEEAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYEWXCMU.EXE - Deleted C:\WINDOWS\SYSTEM32\VYGSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYIFXQQS.EXE - Deleted C:\WINDOWS\SYSTEM32\VYJJGXSA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYJYTAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYKAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYLKBAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYNSAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYNXYAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYNYAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYODGAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYPFRUAJ.EXE - Deleted C:\WINDOWS\SYSTEM32\VYPSPLIL.EXE - Deleted C:\WINDOWS\SYSTEM32\VYQAEAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYSAAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYSRAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYULALHX.EXE - Deleted C:\WINDOWS\SYSTEM32\VYWPAAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYXLVAAA.EXE - Deleted C:\WINDOWS\SYSTEM32\VYXVJCYG.EXE - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\HP_PRO~1\Bureau\SDFix\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\Program Files\AOL 9.0\aolphx.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\AOL 9.0\RBM.exe C:\Program Files\AOL 9.0a\aolphx.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\AOL 9.0a\RBM.exe C:\Program Files\AOL 9.0b\aolphx.exe C:\Program Files\AOL 9.0b\aoltray.exe C:\Program Files\AOL 9.0b\RBM.exe C:\Program Files\AOL 9.0c\aolphx.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\AOL 9.0c\RBM.exe C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe C:\WINDOWS\SMINST\HPCD.sys C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\SIV2.tmp C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\SIV3.tmp C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\SIV3EA.tmp C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\SIV3EB.tmp C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\SIV3ED.tmp C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\SIV4.tmp C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\SIV4D5.tmp C:\Documents and Settings\All Users\Documents\cris\cl‚usb\Disque amovible (J)\~WRL3914.tmp C:\Marie-Claude\professionnel2de\dev_2d\~WRL0002.tmp C:\Marie-Claude\professionnelTS\dev_TS\~WRL2883.tmp C:\Marie-Claude\professionnel\amath\AMATH97\~WRL2801.tmp C:\SAUV COMPAQ\Sauv G‚n‚alogie Documents Compaq\Mes documents\Divers\~WRL0002.tmp C:\SAUV COMPAQ\Sauv G‚n‚alogie Documents Compaq\Mes documents\G‚n‚alogie\Patronymes et lieux d'origine\~WRL2398.tmp C:\SAUV COMPAQ\Sauv G‚n‚alogie Documents Compaq\Mes documents\G‚n‚alogie\Patronymes et lieux d'origine\~WRL3217.tmp C:\SAUV COMPAQ\Sauv Type Compaq\Mes documents\Divers\~WRL0002.tmp C:\SAUV COMPAQ\Sauv Type Compaq\Mes documents\G‚n‚alogie\Patronymes et lieux d'origine\~WRL2398.tmp C:\SAUV COMPAQ\Sauv Type Compaq\Mes documents\G‚n‚alogie\Patronymes et lieux d'origine\~WRL3217.tmp C:\SAUV COMPAQ\Sauv Type Compaq\Mes documents\Professionnel\Paierie\~WRL1413.tmp C:\SAUV COMPAQ\Sauv Type Compaq\Mes documents\Professionnel\Paierie\~WRL1892.tmp Add/Remove Programs List: Adobe Download Manager 2.0 (Supprimer uniquement) Ecran de veille AOL Photos AOL Coach Version 1.0(Build:20040229.1 fr) ATI Display Driver AVG Anti-Spyware 7.5 CCleaner (remove only) Derive 5 DivX Content Uploader Geoplan-Geospace Compl‚ments d'aide et de support HijackThis 1.99.1 HP Imaging Device Functions 5.3 HP Image Zone 5.3 HP Solution Center & Imaging Support Tools 5.3 PC-Doctor for Windows Connexion Facile … Internet iTunes IomegaWare Correctif Windows XP - KB867282 Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885250 Correctif Windows XP - KB885295 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 High Definition Audio - KB888111 Correctif Windows XP - KB888113 Correctif Windows XP - KB888239 Correctif Windows XP - KB890175 Correctif Windows XP - KB891781 Enhanced Multimedia Keyboard Solution LiveUpdate 2.5 (Symantec Corporation) C-Dilla Licence Management System Microsoft .NET Framework 1.1 Mozilla Firefox (2.0.0.1) Mozilla Thunderbird (1.5) AOL - Assistant de d‚sinstallation Intel® PRO Network Connections Drivers PS2 Python 2.2.3 Python 2.2 pywin32 extensions (build 203) QuickTime RealPlayer Basic SereneScreen Marine Aquarium 2.6 Shockwave Adobe Flash Player 9 Learn2 Player (Uninstall Only) Ultra soft Viewpoint Media Player Lecteur Windows Mediaÿ10 Archiveur WinRAR Yahoo! Toolbar Yahoo! Toolbar ZoneAlarm Microsoft Office 2000 Professional Timbres de France PhotoGallery CP_Package_Variety1 Sonic RecordNow Data Destinations ATI Control Panel Scan ScannerCopy HP Software Update Fax AutoUpdate PC-Doctor for Windows InstantShare Copy CP_Package_Variety3 Sonic MyDVD Plus Sonic_PrimoSDK CP_Panorama1Config CameraDrivers cp_dwShrek2Albums1 cp_dwSharkTaleAlbums1 HP Deskjet Printer Preload Unload Sonic Update Manager TrayApp J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 9 InstantShareDevices HP Photosmart 330,380,420,470,7800,8000,8200 Series HP PSC & OfficeJet 4.7 CP_CalendarTemplates1 cp_dwSharkTaleCards1 InterVideo WinDVD Player PSPrinters06 Readme Adobe© Photoshop© Album Edition D‚couverte 3.0 Palm Desktop Documents To Go FullDPAppQFolder CP_PLSBusinessFlyers RandMap WebReg CP_Package_Basic1 DeviceFunctionQFolder CreativeProjects AiO_Scan Sonic Express Labeler SkinsHP1 eSupportQFolder Oxilog CD Ripper cp_dwShrek2Cards1 PSTAPlugin PSPrinters08 HPSystemDiagnostics Palm VersaMail DivX Codec CP_AtenaShokunin1Config Connexion Facile … Internet AiOSoftware QFolder Universalis 9 DivX Player DocProc InterVideo WinDVD Player Microsoft .NET Framework 1.1 French Language Pack QuickProjects PrintScreen CameraDrivers CueTour HP Help and Support 4.0 Photosmart 320,370,7400,8100,8400 Series (fra) DeviceManagementQFolder Sonic RecordNow Audio HP Appareils photos Photosmart 4.5 Adobe Reader 7.0.8 - Fran‡ais Sonic RecordNow Copy DivX Converter PanoStandAlone DivX Web Player CP_Package_Variety2 BufferChm iTunes Symantec Network Drivers Update Microsoft .NET Framework 1.1 DocumentViewer TomTom HOME Microsoft Money 2001 HpSdpAppCoreApp BitDefender Internet Security v10 HPProductAssistant SolutionCenter PS8200 Status muvee autoProducer 4.0 CreativeProjectsTemplates Finished -------------------------------------------------------------------------------------------------------------------------------------------------- RAPPORT HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 12:19:20, on 25/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe ------------------------------------------------------------------------------------------------------------------------------------------------- RAPPORT KASPERSKY KASPERSKY ON-LINE SCANNER REPORT Sunday, February 25, 2007 3:04:16 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 25/02/2007 Enregistrements dans la base antivirus Kaspersky : 257882 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ G:\ H:\ I:\ J:\ L:\ Statistiques de l'analyse Total d'objets analysés 83219 Nombre de virus trouvés 3 Nombre d'objets infectés 4 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:43:20 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b8d6e74bd1fbd7047c156df49536a41_2f8e4ef9-1179-4f61-87a5-89e94e8caf92 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b8d6e74bd1fbd7047c156df49536a41_40379e10-66ef-4863-8d09-57e81df4f4a3 L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012007022520070226\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\JETAE8.tmp L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_hphtra07.log L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DF321E.tmp L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Softwin\BitDefender Firewall\bdfirewall.txt L'objet est verrouillé ignoré C:\Program Files\HijackThis\backups\backup-20070225-101312-135-MS_update_0612_KB74062.exe Infecté : Trojan-Downloader.Win32.Murlo.ek ignoré C:\Program Files\Softwin\BitDefender10\aspdict.dat L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001227.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001350.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0001352.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002518.exe Infecté : Trojan-Downloader.Win32.Murlo.ek ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002557.dll L'objet est verrouillé ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002621.dll Infecté : Trojan.Win32.Agent.fd ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\A0002622.dll Infecté : Trojan-Spy.Win32.Small.ez ignoré C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP1\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\bdss.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\tmp00007102\tmp00000000 L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.
- le 25 février 2007
- 45 réponses
Ras le bol BehavesLike !

Cmonnom a posté un sujet dans Analyses et éradication malwares

Bonjour, Je n'avais pas connu l'infection jusqu'alors mais là ! Entre BehavesLike et Downloader.Agent.ATK, j'ai ma dose ! Et encore, j'ai détruit 5 autres virus qui traînaient avec Antivir. Alors grand merci pour votre aide. D'autant qu'entre chevaux de Troie, virus ... ce n'est pas trop ma spécialité. J'ai procédé à la pré-désinfection avec Antivir comme vous le recommandez et je vous envoie le rapport HijackThis. A toutes fins utiles également le rapport sorti par mon propre antivirus Bitdefender. Logfile of HijackThis v1.99.1 Scan saved at 20:27:00, on 24/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TomTom HOME\TomTomHOME.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Money\System\Money Express.exe C:\Program Files\AOL 9.0c\aoltray.exe C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Iomega\Tools\IMGICON.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\HP_Propriétaire\1115223057.dll (file missing) O2 - BHO: (no name) - {36645342-9475-2663-166A-466739207346} - C:\WINDOWS\system32\ipv6mote.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {86E934E0-EB40-4A21-8B9A-C6C83ACFBFFE} - C:\WINDOWS\system32\dkdadkd.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [vulsekpx] C:\WINDOWS\system32\vulsekpx.exe O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166563800\ee\AOLSoftware.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [WinUpgrade] "C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\96046.exe " O4 - HKCU\..\Run: [WinUpdate] "C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\95953.exe " O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0c\aoltray.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE O4 - Global Startup: IomegaWare.lnk = C:\Program Files\Iomega\Iomegaware\COMMANDER.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MS_update_0612_KB74062.exe O4 - Global Startup: Options de démarrage Iomega.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE O4 - Global Startup: QuikSync.lnk = C:\Program Files\Iomega\QuikSync\QUIKSYNC.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O20 - Winlogon Notify: nhzlzjhg - C:\WINDOWS\SYSTEM32\dkdadkd.dll O21 - SSODL: IEFilter - {9BCBD488-0E7F-42AE-BF65-93D89DB044FF} - C:\WINDOWS\system32\IEFilter.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe ---------------------------------------------------------------------------------------------------------------------------------------------- RAPPORT BITDEFENDER //----------------------------------------------------------------- // // Produit BitDefender Internet Security v10 // Produit 10.2 // // Créé le: 24/02/2007 21:12:03 // //----------------------------------------------------------------- Statistiques Chemin cible: C:\ D:\ Dossiers : 6578 Fichiers : 47323 Processus Mémoire analysés : 28 Archives : 7 Fichiers enpaquetés : 3923 Virus trouvés : 2 Fichiers infectés : 3 Processus Mémoire infectés : 0 Fichiers suspects : 0 Alertes : 0 Fichiers désinfectés : 0 Fichiers effacés : 0 Fichiers déplacés : 2 Erreurs I/O : 8 Temps d'analyse :=00:18:39 Fichiers/seconde :42 Statistiques Spywares Registres analysés : 1618 Registres infectés : 45 Cookies analysés : 171 Cookies infectés : 0 Fichiers spyware infectés : 0 Menaces Spyware détectées : 1 Définitions virus : 31352 Plugins d'analyse : 16 Plugins archives : 41 Plug-ins décompression : 6 Plug-ins messagerie : 6 Plug-ins système : 5 Options d'analyse Détection [X] Analyser le secteur de boot [X] Processus mémoire [ ] Analyser les archives [X] Analyser les fichiers enpaquetés [X] Analyser la messagerie Masque fichiers [X] Programmes [ ] Tous les fichiers [ ] Extensions définies par l'utilisateur: [ ] Exclure les extensions: ; Action Objets infectés [ ] Ignorer [X] Désinfecter [ ] Effacer [ ] Mettre en quarantaine [ ] Demander l'action Seconde action [ ] Ignorer [ ] Effacer [X] Mettre en quarantaine [ ] Demander l'action Options d'analyse [X] Activer les alertes [ ] Activer l'heuristique [ ] Afficher tous les fichiers dans le journal [X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1172347923.log Options d'analyse Spyware [X] Analyse contre les risques non-viraux [ ] Ecarter de l'analyse les dialers et les applications [X] Clés de registres [X] Cookies Résumé: <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ALG\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ASPNET_STATE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\BITS\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\CISVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DMADMIN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\ERSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\IMAPISERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\INTCAZAUDADDSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\IRENUM\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SRSERVICE\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\SSDPSRV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WMDMPMSN\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Détecté: BehavesLike:Win32.ExplorerHijack <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Désinfection impossible <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\XMLPROV\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICE.EXE Déplacement impossible C:\Program Files\Softwin\BitDefender10\Quarantine\socks_dll.dll Infecté: Trojan.Spy.Agent.QK C:\Program Files\Softwin\BitDefender10\Quarantine\socks_dll.dll Désinfection impossible C:\Program Files\Softwin\BitDefender10\Quarantine\socks_dll.dll Déplacement impossible C:\WINDOWS\system32\Service.exe Infecté: BehavesLike:Win32.ExplorerHijack C:\WINDOWS\system32\Service.exe Désinfection impossible C:\WINDOWS\system32\Service.exe Déplacé C:\WINDOWS\system32\socks_dll.dll Infecté: Trojan.Spy.Agent.QK C:\WINDOWS\system32\socks_dll.dll Désinfection impossible C:\WINDOWS\system32\socks_dll.dll Déplacé ----------------------------------------------------------------------------------------------------------------------------------------------------
- le 24 février 2007
- 45 réponses

Connexion

Cmonnom

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par Cmonnom

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Ras le bol BehavesLike !

Zebulon

Outils en ligne

Naviguer