Help mémoire infectée
Résolu/Fermé
didou43
-
30 déc. 2008 à 13:13
crapoulou Messages postés 28161 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 - 21 févr. 2009 à 22:41
crapoulou Messages postés 28161 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 - 21 févr. 2009 à 22:41
A voir également:
- Help mémoire infectée
- Mémoire vive - Guide
- Mémoire virtuelle - Guide
- Test memoire pc - Guide
- Nettoyer mémoire ipad - Guide
- Mémoire tampon saturée ✓ - Forum Windows
67 réponses
••RiverToo••
Messages postés
1096
Date d'inscription
mercredi 20 février 2008
Statut
Membre
Dernière intervention
7 janvier 2009
53
30 déc. 2008 à 13:17
30 déc. 2008 à 13:17
Salut
Commence par faire un rapport hijackthis :
• Tu peux le télécharger ici : https://www.commentcamarche.net/telecharger/ 159 hijackthis
• Le dézipper dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < c : ! (Cela permet des back-up en cas de mauvaises suppressions)
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
• L’exécuter puis sur "Do a system scan and save a logfile" (cf. démo)
faire un copier-coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
De plus
• Télécharge rmalwarebyte's antimalware : http://www.commentcamarche.net/telecharger/telechargement 34055379-malwarebytes-anti-malware
• Tuto ici : https://forum.pcastuces.com/sujet.asp?f=31&s=3
poste le rapport complet dans ton prochain poste
Bon courage
••RiverToo••
Commence par faire un rapport hijackthis :
• Tu peux le télécharger ici : https://www.commentcamarche.net/telecharger/ 159 hijackthis
• Le dézipper dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < c : ! (Cela permet des back-up en cas de mauvaises suppressions)
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
• L’exécuter puis sur "Do a system scan and save a logfile" (cf. démo)
faire un copier-coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
De plus
• Télécharge rmalwarebyte's antimalware : http://www.commentcamarche.net/telecharger/telechargement 34055379-malwarebytes-anti-malware
• Tuto ici : https://forum.pcastuces.com/sujet.asp?f=31&s=3
poste le rapport complet dans ton prochain poste
Bon courage
••RiverToo••
••RiverToo••
Messages postés
1096
Date d'inscription
mercredi 20 février 2008
Statut
Membre
Dernière intervention
7 janvier 2009
53
1 janv. 2009 à 15:23
1 janv. 2009 à 15:23
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
post egalement un nouveau rapport hijack this dans ta reponse .
Pour hijackthis :
Télécharge HijackThis ici :
-> https://www.commentcamarche.net/telecharger/ 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
Bon courage
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
post egalement un nouveau rapport hijack this dans ta reponse .
Pour hijackthis :
Télécharge HijackThis ici :
-> https://www.commentcamarche.net/telecharger/ 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
Bon courage
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:16, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {625A1937-9ACC-4757-BF3E-F0D0B027BDA2} - (no file)
O2 - BHO: {c688acbf-d0d1-827b-47e4-e9ae77d5ce46} - {64ec5d77-ea9e-4e74-b728-1d0dfbca886c} - C:\WINDOWS\system32\sqdwcr.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Documents and Settings\colomb\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup -product IncrediMail
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O20 - Winlogon Notify: jkkJdbBU - jkkJdbBU.dll (file missing)
O21 - SSODL: InternetConnection - {51B1FC10-1C65-438A-8EA9-FCE48AE587AC} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ccrgswyely.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Scan saved at 19:36:16, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {625A1937-9ACC-4757-BF3E-F0D0B027BDA2} - (no file)
O2 - BHO: {c688acbf-d0d1-827b-47e4-e9ae77d5ce46} - {64ec5d77-ea9e-4e74-b728-1d0dfbca886c} - C:\WINDOWS\system32\sqdwcr.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Documents and Settings\colomb\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup -product IncrediMail
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O20 - Winlogon Notify: jkkJdbBU - jkkJdbBU.dll (file missing)
O21 - SSODL: InternetConnection - {51B1FC10-1C65-438A-8EA9-FCE48AE587AC} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ccrgswyely.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
••RiverToo••
Messages postés
1096
Date d'inscription
mercredi 20 février 2008
Statut
Membre
Dernière intervention
7 janvier 2009
53
2 janv. 2009 à 01:15
2 janv. 2009 à 01:15
fait combofix stp
voici mon rapport apres scan combofix,
ComboFix 09-01-01.01 - colomb 2009-01-02 12:01:51.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.255.29 [GMT 1:00]
LancÚ depuis: c:\docume~1\colomb\MESDOC~1\DIDIER~1\combofix.exe
Commutateurs utilisÚs :: c:\docume~1\colomb\MESDOC~1\DIDIER~1\combofix.exe
* Un nouveau point de restauration a ÚtÚ crÚÚ
.
[i] ADS - svchost.exe: deleted 32256 bytes in 1 streams. /i
/wow section - STAGE 3
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
c:\documents and settings\colomb\Local Settings\Application Data\gowmw.dat
c:\documents and settings\colomb\Local Settings\Application Data\gowmw.exe
c:\documents and settings\colomb\Local Settings\Application Data\gowmw_nav.dat
c:\documents and settings\colomb\Local Settings\Application Data\gowmw_navps.dat
c:\documents and settings\colomb\Local Settings\Application Data\kuyug.dat
c:\documents and settings\colomb\Local Settings\Application Data\kuyug.exe
c:\documents and settings\colomb\Local Settings\Application Data\kuyug_nav.dat
c:\documents and settings\colomb\Local Settings\Application Data\kuyug_navps.dat
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\aogoyywm.ini
c:\windows\system32\bujlorbc.dll
c:\windows\system32\dfvpjwwq.dll
c:\windows\system32\evscldrd.dll
c:\windows\system32\ggxpfkre.dll
c:\windows\system32\hgsfjfif.ini
c:\windows\system32\jlivotos.ini
c:\windows\system32\kkjmonbd.ini
c:\windows\system32\kmnoYcfe.ini
c:\windows\system32\kmnoYcfe.ini2
c:\windows\system32\kvnsajiy.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nVwvDcfe.ini
c:\windows\system32\nVwvDcfe.ini2
c:\windows\system32\pnwhuo.dll
c:\windows\system32\qxeefwqv.ini
c:\windows\system32\rwcgta.dll
c:\windows\system32\sqdwcr.dll
c:\windows\system32\TDSSmaxt.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\uupmni.dll
c:\windows\system32\vlrahmxv.dll
c:\windows\system32\vqwfeexq.dll
c:\windows\system32\vxmharlv.ini
c:\windows\system32\winscenter.exe
c:\windows\system32\wxqmsf.dll
c:\windows\system32\xgtaabbf.dll
c:\windows\system32\xktenalt.dll
c:\windows\system32\zbjqow.dll
c:\windows\vmreg.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_TDSSSERV.SYS
-------\Service_FCI
-------\Service_ICF
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-12-31 17:50 . 2008-12-31 17:50 <REP> d-------- c:\program files\Trend Micro
2008-12-28 21:22 . 2008-12-28 21:22 135,712 --a------ c:\windows\system32\drivers\ethspfqh.sys
2008-12-27 12:23 . 2008-12-27 12:23 525 --a------ C:\hpfr3420.xml
2008-12-26 13:04 . 2008-12-26 13:04 244 --ah----- C:\sqmnoopt17.sqm
2008-12-26 13:04 . 2008-12-26 13:04 232 --ah----- C:\sqmdata17.sqm
2008-12-26 12:17 . 2008-12-26 12:17 244 --ah----- C:\sqmnoopt16.sqm
2008-12-26 12:17 . 2008-12-26 12:17 232 --ah----- C:\sqmdata16.sqm
2008-12-26 12:15 . 2008-12-26 12:15 244 --ah----- C:\sqmnoopt15.sqm
2008-12-26 12:15 . 2008-12-26 12:15 232 --ah----- C:\sqmdata15.sqm
2008-12-26 11:33 . 2008-12-26 11:33 244 --ah----- C:\sqmnoopt14.sqm
2008-12-26 11:33 . 2008-12-26 11:33 232 --ah----- C:\sqmdata14.sqm
2008-12-26 10:24 . 2008-12-26 10:24 483 --ah----- c:\documents and settings\colomb\hpothb07.dat
2008-12-26 10:24 . 2008-12-26 10:24 187 --ah----- c:\documents and settings\colomb\Application Data\hpothb07.dat
2008-12-25 00:01 . 2008-12-25 00:01 244 --ah----- C:\sqmnoopt13.sqm
2008-12-25 00:01 . 2008-12-25 00:01 232 --ah----- C:\sqmdata13.sqm
2008-12-24 23:15 . 2008-12-24 23:15 244 --ah----- C:\sqmnoopt12.sqm
2008-12-24 23:15 . 2008-12-24 23:15 232 --ah----- C:\sqmdata12.sqm
2008-12-24 14:58 . 2009-01-02 12:11 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-24 14:58 . 2009-01-02 12:07 1,409 --a------ c:\windows\QTFont.for
2008-12-23 14:39 . 2008-12-23 14:39 134,880 --a------ c:\windows\system32\drivers\ethfdthv.sys
2008-12-22 20:31 . 2008-12-22 20:31 244 --ah----- C:\sqmnoopt11.sqm
2008-12-22 20:31 . 2008-12-22 20:31 232 --ah----- C:\sqmdata11.sqm
2008-12-22 20:03 . 2008-12-22 20:03 244 --ah----- C:\sqmnoopt10.sqm
2008-12-22 20:03 . 2008-12-22 20:03 232 --ah----- C:\sqmdata10.sqm
2008-12-22 19:56 . 2008-12-22 19:56 117 --a------ c:\windows\system32\iwtk.bat
2008-12-22 14:36 . 2008-12-22 14:36 244 --ah----- C:\sqmnoopt09.sqm
2008-12-22 14:36 . 2008-12-22 14:36 232 --ah----- C:\sqmdata09.sqm
2008-12-20 13:09 . 2008-12-20 13:09 244 --ah----- C:\sqmnoopt08.sqm
2008-12-20 13:09 . 2008-12-20 13:09 232 --ah----- C:\sqmdata08.sqm
2008-12-20 11:36 . 2008-12-20 11:36 244 --ah----- C:\sqmnoopt07.sqm
2008-12-20 11:36 . 2008-12-20 11:36 232 --ah----- C:\sqmdata07.sqm
2008-12-20 09:13 . 2008-12-20 09:13 244 --ah----- C:\sqmnoopt06.sqm
2008-12-20 09:13 . 2008-12-20 09:13 232 --ah----- C:\sqmdata06.sqm
2008-12-19 22:14 . 2008-12-19 22:14 244 --ah----- C:\sqmnoopt04.sqm
2008-12-19 22:14 . 2008-12-19 22:14 232 --ah----- C:\sqmdata04.sqm
2008-12-19 22:14 . 2008-12-19 22:14 172 --ah----- C:\sqmnoopt05.sqm
2008-12-19 22:14 . 2008-12-19 22:14 172 --ah----- C:\sqmdata05.sqm
2008-12-19 17:23 . 2008-12-19 17:23 244 --ah----- C:\sqmnoopt03.sqm
2008-12-19 17:23 . 2008-12-19 17:23 232 --ah----- C:\sqmdata03.sqm
2008-12-16 21:29 . 2008-12-16 21:29 244 --ah----- C:\sqmnoopt02.sqm
2008-12-16 21:29 . 2008-12-16 21:29 232 --ah----- C:\sqmdata02.sqm
2008-12-16 20:28 . 2008-12-16 20:28 244 --ah----- C:\sqmnoopt01.sqm
2008-12-16 20:28 . 2008-12-16 20:28 232 --ah----- C:\sqmdata01.sqm
2008-12-16 20:27 . 2008-12-16 20:27 244 --ah----- C:\sqmnoopt00.sqm
2008-12-16 20:27 . 2008-12-16 20:27 232 --ah----- C:\sqmdata00.sqm
2008-12-15 22:27 . 2008-12-15 22:27 102,438 --a------ c:\windows\system32\msvcrt2.dll
2008-12-15 20:15 . 2008-12-15 20:15 128 --a------ c:\windows\system32\zokegx.bat
2008-12-15 19:39 . 2008-12-15 19:39 127 --a------ c:\windows\system32\nhbji.bat
2008-12-15 19:24 . 2008-12-15 19:24 123 --a------ C:\revmsis.bat
2008-12-15 14:32 . 2008-12-24 19:09 2,707 --a------ c:\windows\system32\TDSScfum.dll
2008-12-15 11:03 . 2008-12-15 11:03 <REP> dr-hs---- C:\CONFIG
2008-12-02 20:55 . 2008-12-02 20:55 <REP> d-------- c:\documents and settings\colomb\WINDOWS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 11:17 --------- d-----w c:\program files\Wanadoo
2008-12-29 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-27 16:03 --------- d-----w c:\program files\LimeWire
2008-12-19 21:52 --------- d-----w c:\program files\Norton Security Scan
2008-12-13 22:07 --------- d-----w c:\program files\Incomplete
2008-12-13 22:03 --------- d-----w c:\documents and settings\colomb\Application Data\LimeWire
2008-12-02 19:57 --------- d-----w c:\program files\EHMINSTALL
2008-11-30 11:00 5,632 --sha-w c:\program files\Thumbs.db
2008-11-30 11:00 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-19 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-11-19 18:14 --------- d-----w c:\program files\SweetIM
2008-11-19 18:07 --------- d-----w c:\documents and settings\colomb\Application Data\MessengerSkinner
2008-11-16 20:00 --------- d-----w c:\program files\Fichiers communs\Vivendi Universal Games
2008-11-16 20:00 --------- d-----w c:\documents and settings\All Users\Application Data\Vivendi Universal Games
2008-11-16 18:18 --------- d-----w c:\program files\MSN Messenger
2008-11-16 17:57 95,128 ----a-w c:\documents and settings\colomb\Application Data\GDIPFONTCACHEV1.DAT
2008-11-06 21:48 --------- d-----w c:\program files\Microsoft Works
2008-11-06 21:46 --------- d-----w c:\program files\Microsoft.NET
2008-11-06 19:53 --------- d-----w c:\program files\Yahoo!
2008-11-04 19:37 --------- d-----w c:\program files\Google
2008-11-04 12:23 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-11-04 12:19 --------- d-----w c:\documents and settings\colomb\Application Data\OpenOffice.org2
2008-07-19 12:05 1,148 ----a-w c:\program files\Gamenext Jeux.lnk
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-11-06 151597]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-11-06 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
c:\documents and settings\colomb\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-11-16 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\apps\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-06-20 69632]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sqdwcr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2003-11-06 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-25 111184]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\Drivers\vcsmpdrv.sys [2003-11-06 49024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-28 20560]
R2 OPTENET_FILTER;Orange Contrôle Parental;c:\program files\Controle Parental\bin\optproxy.exe [2008-04-25 624376]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2003-11-06 139264]
S1 ethfdthv;ethfdthv;c:\windows\system32\drivers\ethfdthv.sys [2008-12-23 134880]
S1 ethspfqh;ethspfqh;c:\windows\system32\drivers\ethspfqh.sys [2008-12-28 135712]
S2 bEvtService;bEvtService;c:\windows\System32\bEvtService.exe -k netsvcs []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}]
\Shell\AutoRun\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contenu du dossier 'Tâches planifiées'
2008-08-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1209284961.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
2008-10-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 15:07]
2009-01-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{625A1937-9ACC-4757-BF3E-F0D0B027BDA2} - (no file)
BHO-{64ec5d77-ea9e-4e74-b728-1d0dfbca886c} - c:\windows\system32\sqdwcr.dll
HKCU-Run-gowmw - c:\documents and settings\colomb\local settings\application data\gowmw.exe
HKCU-Run-msnmsgr - ~c:\progra~1\MSNMES~1\msnmsgr.exe
HKCU-Run-unilex04 - (no file)
HKLM-Run-zzz_ImInstaller_IncrediMail - c:\documents and settings\colomb\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe
Notify-jkkJdbBU - jkkJdbBU.dll
SafeBoot-ati5uxxx.sys
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.orange.fr
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: c:\program files\Controle Parental\bin\lsp.dll
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - c:\windows\Downloaded Program Files\CONFLICT.1\zylomgamesplayer.dll
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\CONFLICT.1\ZylomGamesPlayer.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 12:14:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Network1-2678596377-4133434974-3130629362-1007\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\wanmpsvc.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\documents and settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2009-01-02 12:22:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-02 11:22:06
Avant-CF: 56 366 170 112 octets libres
Après-CF: 56,287,916,032 octets libres
287 --- E O F --- 2008-12-29 10:57:10
voilà
ComboFix 09-01-01.01 - colomb 2009-01-02 12:01:51.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.255.29 [GMT 1:00]
LancÚ depuis: c:\docume~1\colomb\MESDOC~1\DIDIER~1\combofix.exe
Commutateurs utilisÚs :: c:\docume~1\colomb\MESDOC~1\DIDIER~1\combofix.exe
* Un nouveau point de restauration a ÚtÚ crÚÚ
.
[i] ADS - svchost.exe: deleted 32256 bytes in 1 streams. /i
/wow section - STAGE 3
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
c:\documents and settings\colomb\Local Settings\Application Data\gowmw.dat
c:\documents and settings\colomb\Local Settings\Application Data\gowmw.exe
c:\documents and settings\colomb\Local Settings\Application Data\gowmw_nav.dat
c:\documents and settings\colomb\Local Settings\Application Data\gowmw_navps.dat
c:\documents and settings\colomb\Local Settings\Application Data\kuyug.dat
c:\documents and settings\colomb\Local Settings\Application Data\kuyug.exe
c:\documents and settings\colomb\Local Settings\Application Data\kuyug_nav.dat
c:\documents and settings\colomb\Local Settings\Application Data\kuyug_navps.dat
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\aogoyywm.ini
c:\windows\system32\bujlorbc.dll
c:\windows\system32\dfvpjwwq.dll
c:\windows\system32\evscldrd.dll
c:\windows\system32\ggxpfkre.dll
c:\windows\system32\hgsfjfif.ini
c:\windows\system32\jlivotos.ini
c:\windows\system32\kkjmonbd.ini
c:\windows\system32\kmnoYcfe.ini
c:\windows\system32\kmnoYcfe.ini2
c:\windows\system32\kvnsajiy.dll
c:\windows\system32\MabryObj.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nVwvDcfe.ini
c:\windows\system32\nVwvDcfe.ini2
c:\windows\system32\pnwhuo.dll
c:\windows\system32\qxeefwqv.ini
c:\windows\system32\rwcgta.dll
c:\windows\system32\sqdwcr.dll
c:\windows\system32\TDSSmaxt.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\uupmni.dll
c:\windows\system32\vlrahmxv.dll
c:\windows\system32\vqwfeexq.dll
c:\windows\system32\vxmharlv.ini
c:\windows\system32\winscenter.exe
c:\windows\system32\wxqmsf.dll
c:\windows\system32\xgtaabbf.dll
c:\windows\system32\xktenalt.dll
c:\windows\system32\zbjqow.dll
c:\windows\vmreg.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_TDSSSERV.SYS
-------\Service_FCI
-------\Service_ICF
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-12-31 17:50 . 2008-12-31 17:50 <REP> d-------- c:\program files\Trend Micro
2008-12-28 21:22 . 2008-12-28 21:22 135,712 --a------ c:\windows\system32\drivers\ethspfqh.sys
2008-12-27 12:23 . 2008-12-27 12:23 525 --a------ C:\hpfr3420.xml
2008-12-26 13:04 . 2008-12-26 13:04 244 --ah----- C:\sqmnoopt17.sqm
2008-12-26 13:04 . 2008-12-26 13:04 232 --ah----- C:\sqmdata17.sqm
2008-12-26 12:17 . 2008-12-26 12:17 244 --ah----- C:\sqmnoopt16.sqm
2008-12-26 12:17 . 2008-12-26 12:17 232 --ah----- C:\sqmdata16.sqm
2008-12-26 12:15 . 2008-12-26 12:15 244 --ah----- C:\sqmnoopt15.sqm
2008-12-26 12:15 . 2008-12-26 12:15 232 --ah----- C:\sqmdata15.sqm
2008-12-26 11:33 . 2008-12-26 11:33 244 --ah----- C:\sqmnoopt14.sqm
2008-12-26 11:33 . 2008-12-26 11:33 232 --ah----- C:\sqmdata14.sqm
2008-12-26 10:24 . 2008-12-26 10:24 483 --ah----- c:\documents and settings\colomb\hpothb07.dat
2008-12-26 10:24 . 2008-12-26 10:24 187 --ah----- c:\documents and settings\colomb\Application Data\hpothb07.dat
2008-12-25 00:01 . 2008-12-25 00:01 244 --ah----- C:\sqmnoopt13.sqm
2008-12-25 00:01 . 2008-12-25 00:01 232 --ah----- C:\sqmdata13.sqm
2008-12-24 23:15 . 2008-12-24 23:15 244 --ah----- C:\sqmnoopt12.sqm
2008-12-24 23:15 . 2008-12-24 23:15 232 --ah----- C:\sqmdata12.sqm
2008-12-24 14:58 . 2009-01-02 12:11 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-24 14:58 . 2009-01-02 12:07 1,409 --a------ c:\windows\QTFont.for
2008-12-23 14:39 . 2008-12-23 14:39 134,880 --a------ c:\windows\system32\drivers\ethfdthv.sys
2008-12-22 20:31 . 2008-12-22 20:31 244 --ah----- C:\sqmnoopt11.sqm
2008-12-22 20:31 . 2008-12-22 20:31 232 --ah----- C:\sqmdata11.sqm
2008-12-22 20:03 . 2008-12-22 20:03 244 --ah----- C:\sqmnoopt10.sqm
2008-12-22 20:03 . 2008-12-22 20:03 232 --ah----- C:\sqmdata10.sqm
2008-12-22 19:56 . 2008-12-22 19:56 117 --a------ c:\windows\system32\iwtk.bat
2008-12-22 14:36 . 2008-12-22 14:36 244 --ah----- C:\sqmnoopt09.sqm
2008-12-22 14:36 . 2008-12-22 14:36 232 --ah----- C:\sqmdata09.sqm
2008-12-20 13:09 . 2008-12-20 13:09 244 --ah----- C:\sqmnoopt08.sqm
2008-12-20 13:09 . 2008-12-20 13:09 232 --ah----- C:\sqmdata08.sqm
2008-12-20 11:36 . 2008-12-20 11:36 244 --ah----- C:\sqmnoopt07.sqm
2008-12-20 11:36 . 2008-12-20 11:36 232 --ah----- C:\sqmdata07.sqm
2008-12-20 09:13 . 2008-12-20 09:13 244 --ah----- C:\sqmnoopt06.sqm
2008-12-20 09:13 . 2008-12-20 09:13 232 --ah----- C:\sqmdata06.sqm
2008-12-19 22:14 . 2008-12-19 22:14 244 --ah----- C:\sqmnoopt04.sqm
2008-12-19 22:14 . 2008-12-19 22:14 232 --ah----- C:\sqmdata04.sqm
2008-12-19 22:14 . 2008-12-19 22:14 172 --ah----- C:\sqmnoopt05.sqm
2008-12-19 22:14 . 2008-12-19 22:14 172 --ah----- C:\sqmdata05.sqm
2008-12-19 17:23 . 2008-12-19 17:23 244 --ah----- C:\sqmnoopt03.sqm
2008-12-19 17:23 . 2008-12-19 17:23 232 --ah----- C:\sqmdata03.sqm
2008-12-16 21:29 . 2008-12-16 21:29 244 --ah----- C:\sqmnoopt02.sqm
2008-12-16 21:29 . 2008-12-16 21:29 232 --ah----- C:\sqmdata02.sqm
2008-12-16 20:28 . 2008-12-16 20:28 244 --ah----- C:\sqmnoopt01.sqm
2008-12-16 20:28 . 2008-12-16 20:28 232 --ah----- C:\sqmdata01.sqm
2008-12-16 20:27 . 2008-12-16 20:27 244 --ah----- C:\sqmnoopt00.sqm
2008-12-16 20:27 . 2008-12-16 20:27 232 --ah----- C:\sqmdata00.sqm
2008-12-15 22:27 . 2008-12-15 22:27 102,438 --a------ c:\windows\system32\msvcrt2.dll
2008-12-15 20:15 . 2008-12-15 20:15 128 --a------ c:\windows\system32\zokegx.bat
2008-12-15 19:39 . 2008-12-15 19:39 127 --a------ c:\windows\system32\nhbji.bat
2008-12-15 19:24 . 2008-12-15 19:24 123 --a------ C:\revmsis.bat
2008-12-15 14:32 . 2008-12-24 19:09 2,707 --a------ c:\windows\system32\TDSScfum.dll
2008-12-15 11:03 . 2008-12-15 11:03 <REP> dr-hs---- C:\CONFIG
2008-12-02 20:55 . 2008-12-02 20:55 <REP> d-------- c:\documents and settings\colomb\WINDOWS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 11:17 --------- d-----w c:\program files\Wanadoo
2008-12-29 10:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-27 16:03 --------- d-----w c:\program files\LimeWire
2008-12-19 21:52 --------- d-----w c:\program files\Norton Security Scan
2008-12-13 22:07 --------- d-----w c:\program files\Incomplete
2008-12-13 22:03 --------- d-----w c:\documents and settings\colomb\Application Data\LimeWire
2008-12-02 19:57 --------- d-----w c:\program files\EHMINSTALL
2008-11-30 11:00 5,632 --sha-w c:\program files\Thumbs.db
2008-11-30 11:00 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-19 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-11-19 18:14 --------- d-----w c:\program files\SweetIM
2008-11-19 18:07 --------- d-----w c:\documents and settings\colomb\Application Data\MessengerSkinner
2008-11-16 20:00 --------- d-----w c:\program files\Fichiers communs\Vivendi Universal Games
2008-11-16 20:00 --------- d-----w c:\documents and settings\All Users\Application Data\Vivendi Universal Games
2008-11-16 18:18 --------- d-----w c:\program files\MSN Messenger
2008-11-16 17:57 95,128 ----a-w c:\documents and settings\colomb\Application Data\GDIPFONTCACHEV1.DAT
2008-11-06 21:48 --------- d-----w c:\program files\Microsoft Works
2008-11-06 21:46 --------- d-----w c:\program files\Microsoft.NET
2008-11-06 19:53 --------- d-----w c:\program files\Yahoo!
2008-11-04 19:37 --------- d-----w c:\program files\Google
2008-11-04 12:23 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-11-04 12:19 --------- d-----w c:\documents and settings\colomb\Application Data\OpenOffice.org2
2008-07-19 12:05 1,148 ----a-w c:\program files\Gamenext Jeux.lnk
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-11-06 151597]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-10-08 111928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-11-06 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
c:\documents and settings\colomb\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-11-16 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - c:\apps\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-06-20 69632]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sqdwcr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2003-11-06 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-25 111184]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\Drivers\vcsmpdrv.sys [2003-11-06 49024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-28 20560]
R2 OPTENET_FILTER;Orange Contrôle Parental;c:\program files\Controle Parental\bin\optproxy.exe [2008-04-25 624376]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2003-11-06 139264]
S1 ethfdthv;ethfdthv;c:\windows\system32\drivers\ethfdthv.sys [2008-12-23 134880]
S1 ethspfqh;ethspfqh;c:\windows\system32\drivers\ethspfqh.sys [2008-12-28 135712]
S2 bEvtService;bEvtService;c:\windows\System32\bEvtService.exe -k netsvcs []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}]
\Shell\AutoRun\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - f:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}]
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
.
Contenu du dossier 'Tâches planifiées'
2008-08-01 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1209284961.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
2008-10-25 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-19 15:07]
2009-01-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{625A1937-9ACC-4757-BF3E-F0D0B027BDA2} - (no file)
BHO-{64ec5d77-ea9e-4e74-b728-1d0dfbca886c} - c:\windows\system32\sqdwcr.dll
HKCU-Run-gowmw - c:\documents and settings\colomb\local settings\application data\gowmw.exe
HKCU-Run-msnmsgr - ~c:\progra~1\MSNMES~1\msnmsgr.exe
HKCU-Run-unilex04 - (no file)
HKLM-Run-zzz_ImInstaller_IncrediMail - c:\documents and settings\colomb\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe
Notify-jkkJdbBU - jkkJdbBU.dll
SafeBoot-ati5uxxx.sys
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.orange.fr
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: c:\program files\Controle Parental\bin\lsp.dll
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - c:\windows\Downloaded Program Files\CONFLICT.1\zylomgamesplayer.dll
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game14.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\CONFLICT.1\ZylomGamesPlayer.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 12:14:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\Network1-2678596377-4133434974-3130629362-1007\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\wanmpsvc.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\progra~1\Wanadoo\GestionnaireInternet.exe
c:\documents and settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Heure de fin: 2009-01-02 12:22:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-02 11:22:06
Avant-CF: 56 366 170 112 octets libres
Après-CF: 56,287,916,032 octets libres
287 --- E O F --- 2008-12-29 10:57:10
voilà
Voilà aussi le nouveau rapport hyjack this :
*Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:53, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
*Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:53, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
2 janv. 2009 à 13:37
2 janv. 2009 à 13:37
Salut, pour avancer :
Télécharge sur le bureau Navilog1 (Merci à IL-MAFIOSO)
= = = = >>> En cliquant ici <<< = = = =
* La console noire de Navilog1 doit s’ouvrir après l’installation
* Sinon, pour l’ouvrir, double-clique sur le raccourci « Navilog1 » sur ton bureau
* Appuie sur la lettre F de ton clavier puis sur la touche Entrée
* Appuie sur une touche de ton clavier pour continuer...
* Tape 1, puis appuie sur la touche Entrée de ton clavier
* Ainsi, Navilog1 va effectuer la recherche des fichiers infectieux sur ton PC.
* NE PAS UTILISER L’OPTION 2, 3, 4 SANS AVIS
* Sois patient, cela peut prendre une dizaine de minutes
* Navilog1 t’informe que la recherche est terminée
* Appuie sur une touche de ton clavier pour afficher le rapport qu’il a généré
* Le rapport sera sauvegardé dans le fichier suivant : « fixnavi.txt » à la racine de ton disque dur (C:\fixnavi.txt).
* Poste le rapport généré
Télécharge sur le bureau Navilog1 (Merci à IL-MAFIOSO)
= = = = >>> En cliquant ici <<< = = = =
* La console noire de Navilog1 doit s’ouvrir après l’installation
* Sinon, pour l’ouvrir, double-clique sur le raccourci « Navilog1 » sur ton bureau
* Appuie sur la lettre F de ton clavier puis sur la touche Entrée
* Appuie sur une touche de ton clavier pour continuer...
* Tape 1, puis appuie sur la touche Entrée de ton clavier
* Ainsi, Navilog1 va effectuer la recherche des fichiers infectieux sur ton PC.
* NE PAS UTILISER L’OPTION 2, 3, 4 SANS AVIS
* Sois patient, cela peut prendre une dizaine de minutes
* Navilog1 t’informe que la recherche est terminée
* Appuie sur une touche de ton clavier pour afficher le rapport qu’il a généré
* Le rapport sera sauvegardé dans le fichier suivant : « fixnavi.txt » à la racine de ton disque dur (C:\fixnavi.txt).
* Poste le rapport généré
voici le rapport navilog1 :
Search Navipromo version 3.7.0 commencé le 02/01/2009 à 16:42:17,35
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : colomb ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081229-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:51 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
Favorit
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\colomb\applic~1" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "C:\Documents and Settings\colomb\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\colomb\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\colomb\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\colomb\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 02/01/2009 à 16:48:34,45 ***
Search Navipromo version 3.7.0 commencé le 02/01/2009 à 16:42:17,35
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : colomb ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081229-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:51 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
Favorit
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\colomb\applic~1" ***
...\MessengerSkinner trouvé !
*** Recherche dossiers dans "C:\Documents and Settings\colomb\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\colomb\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\colomb\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\colomb\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 02/01/2009 à 16:48:34,45 ***
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
2 janv. 2009 à 18:39
2 janv. 2009 à 18:39
Nettoyage :
* Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
* Relance Navilog en faisant un clic droit sur le raccourci Navilog présent sur ton bureau et en choisissant
« Exécuter en tant qu’administrateur ». (si tu as Vista)
* Au menu principal, choisis 2 et valide.
* Il va t’informer qu’il va alors redémarrer ton PC
* Appuie sur une touche comme demandé (Si ton Pc ne redémarre pas automatiquement, fais le toi même)
* Au redémarrage de ton PC, choisis ta session habituelle.
* Patiente jusqu’au message :
*** Nettoyage Termine le ..... ***
* Le bloc note va s’ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.
* Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
* Relance Navilog en faisant un clic droit sur le raccourci Navilog présent sur ton bureau et en choisissant
« Exécuter en tant qu’administrateur ». (si tu as Vista)
* Au menu principal, choisis 2 et valide.
* Il va t’informer qu’il va alors redémarrer ton PC
* Appuie sur une touche comme demandé (Si ton Pc ne redémarre pas automatiquement, fais le toi même)
* Au redémarrage de ton PC, choisis ta session habituelle.
* Patiente jusqu’au message :
*** Nettoyage Termine le ..... ***
* Le bloc note va s’ouvrir, copie/colle ici le rapport, comme tu l’as fait pour l’autre.
voici le rapport :
Clean Navipromo version 3.7.0 commencé le 02/01/2009 à 19:30:34,25
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : colomb ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090102-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:51 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\colomb\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\colomb\applic~1" ***
...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !
*** Suppression dossiers dans "C:\Documents and Settings\colomb\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\colomb\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\colomb\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\colomb\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 02/01/2009 à 19:37:41,60 ***
Clean Navipromo version 3.7.0 commencé le 02/01/2009 à 19:30:34,25
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : colomb ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090102-0] 4.8.1296 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:51 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\colomb\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\colomb\applic~1" ***
...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !
*** Suppression dossiers dans "C:\Documents and Settings\colomb\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\colomb\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\colomb\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
* Dans "C:\Documents and Settings\colomb\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 02/01/2009 à 19:37:41,60 ***
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
2 janv. 2009 à 19:56
2 janv. 2009 à 19:56
Très bien, poste un nouveau rapport hijackthis stp.
voici le rapport hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:38, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:38, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
2 janv. 2009 à 20:30
2 janv. 2009 à 20:30
Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =
- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
- Enregistres le sur le bureau
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-cliques sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu cliques dessus pour l’afficher une fois affiché
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller
Si tu as besoin d’aide regarde ce tutorial ICI
= = = = >>> En cliquant ici <<< = = = =
- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
- Enregistres le sur le bureau
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-cliques sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu cliques dessus pour l’afficher une fois affiché
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller
Si tu as besoin d’aide regarde ce tutorial ICI
voici le rapport :
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1597
Windows 5.1.2600 Service Pack 3
02/01/2009 22:43:17
mbam-log-2009-01-02 (22-43-17).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 132379
Temps écoulé: 49 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 328
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ggxpfkre.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rwcgta.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winscenter.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wxqmsf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xgtaabbf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xktenalt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zbjqow.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0173134.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207103.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207115.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207131.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207168.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207185.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0207200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0208199.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0211200.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212195.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212210.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0213209.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0213210.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0214209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212211.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0215209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0216209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0217209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0218209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218218.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218220.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218289.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218298.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218299.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0218310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0219310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0220310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0221307.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0221613.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0222613.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0222614.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0222663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0222664.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0223667.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0224659.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0224673.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0225669.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0225755.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226067.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226194.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226055.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226063.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226064.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226065.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226066.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226069.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226070.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226071.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226072.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226073.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226074.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226075.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226108.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226118.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0227191.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227276.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227576.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227584.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227585.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227586.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227587.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227590.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227591.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227592.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227593.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227594.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227595.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227596.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227612.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227613.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227614.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227622.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227625.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227588.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227930.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227931.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0228928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0228932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0229928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0230928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0230933.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0231931.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0231932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0232931.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0232937.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0233931.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0233932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0234932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0236930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0237930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0239930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0242145.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244324.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0241116.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0241140.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0242139.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244139.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244222.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244228.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244229.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244246.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244256.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244258.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244259.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244293.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244323.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244325.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244326.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244327.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244328.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244329.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244330.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244331.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244332.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244333.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244334.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244335.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244336.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244337.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244338.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244339.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244340.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244341.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244342.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244343.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244344.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244345.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244346.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244347.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244348.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244349.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244350.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244351.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244355.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244364.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0245363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0245364.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245367.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245375.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245376.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246375.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246388.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246389.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246394.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246401.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246420.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246423.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246427.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246428.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246429.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246426.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP377\A0247502.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP377\A0247503.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\colomb\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1597
Windows 5.1.2600 Service Pack 3
02/01/2009 22:43:17
mbam-log-2009-01-02 (22-43-17).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 132379
Temps écoulé: 49 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 328
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ggxpfkre.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rwcgta.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winscenter.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wxqmsf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xgtaabbf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xktenalt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zbjqow.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP343\A0173134.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207103.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207115.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207131.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207168.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP360\A0207185.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0207200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0208199.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0211200.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212195.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212210.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0213209.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0213210.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0214209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0212211.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0215209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0216209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0217209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP361\A0218209.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218218.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218220.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218289.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218298.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP362\A0218299.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0218310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0219310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0220310.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0221307.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0221613.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0222613.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP363\A0222614.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0222663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0222664.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0223667.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0224659.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0224673.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP365\A0225669.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0225755.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226067.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226194.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226055.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226063.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226064.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226065.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226066.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226069.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226070.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226071.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226072.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226073.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226074.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226075.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226108.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0226118.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP366\A0227191.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227276.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227576.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227584.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227585.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227586.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227587.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227590.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227591.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227592.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227593.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227594.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227595.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227596.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227612.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227613.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227614.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227622.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227625.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227588.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227930.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0227931.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0228928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0228932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0229928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0230928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0230933.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0231931.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0231932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0232931.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP367\A0232937.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0233931.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0233932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0234932.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0236930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0237930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0239930.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0242145.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244306.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244324.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0241116.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0241140.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0242139.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244139.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244149.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244150.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244151.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244154.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244168.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244175.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244177.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244182.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244183.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244185.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244188.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244191.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244193.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244196.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244197.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244207.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244217.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244218.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244219.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244222.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244223.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244228.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244229.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244230.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244239.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244240.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244245.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244246.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244256.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244258.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244259.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244275.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244292.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244293.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244300.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244303.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244305.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244313.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244323.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244325.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244326.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244327.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244328.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244329.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244330.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244331.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244332.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244333.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244334.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244335.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244336.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244337.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244338.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244339.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244340.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244341.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244342.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244343.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244344.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244345.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244346.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244347.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244348.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244349.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244350.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP368\A0244351.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244355.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0244364.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0245363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP369\A0245364.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245367.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245375.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0245376.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246375.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246388.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP370\A0246389.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246394.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246401.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246420.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246423.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246427.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246428.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246429.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP372\A0246426.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP377\A0247502.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP377\A0247503.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\colomb\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
2 janv. 2009 à 23:08
2 janv. 2009 à 23:08
Pour vérification :
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur
* Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Si t’as besoin d’un tuto, clic ICI
************************
Télécharges Ad-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
= = = =>>> En cliquant ici <<<= = = =
/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. (C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparaît à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur
* Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Si t’as besoin d’un tuto, clic ICI
************************
Télécharges Ad-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
= = = =>>> En cliquant ici <<<= = = =
/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. (C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparaît à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
voici le rapport sdfix :
[b]SDFix: Version 1.240 [/b]
Run by colomb on 03/01/2009 at 00:00
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 00:13:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 6 Nov 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 4 Aug 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Mon 4 Aug 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Mon 4 Aug 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Mon 4 Aug 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Sat 18 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 4 Aug 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Tue 15 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Mon 15 Dec 2008 480,478 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0004.tmp"
Sat 13 Dec 2008 125,709 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0005.tmp"
Sat 13 Dec 2008 205,597 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0847.tmp"
[b]Finished![/b]
le rapport AD REMOVER suivra demain samedi.
a+
[b]SDFix: Version 1.240 [/b]
Run by colomb on 03/01/2009 at 00:00
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 00:13:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 6 Nov 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 4 Aug 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Mon 4 Aug 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Mon 4 Aug 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Mon 4 Aug 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Sat 18 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 4 Aug 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Tue 15 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Mon 15 Dec 2008 480,478 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0004.tmp"
Sat 13 Dec 2008 125,709 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0005.tmp"
Sat 13 Dec 2008 205,597 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0847.tmp"
[b]Finished![/b]
le rapport AD REMOVER suivra demain samedi.
a+
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
3 janv. 2009 à 00:37
3 janv. 2009 à 00:37
Clic droit sur son icone "A", puis "arrêter la protection résidente".
Même manipulation pour le réactiver après.
Même manipulation pour le réactiver après.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
3 janv. 2009 à 00:52
3 janv. 2009 à 00:52
En bas à droite dans la barre tes tâches !
Si tu n'y arrive vraiment pas essaye sans le désactiver mais si tu as une alerte d'Avast au moment où tu lances Ad-aware, accepte l'accès, ignore l'alerte.
Si tu n'y arrive vraiment pas essaye sans le désactiver mais si tu as une alerte d'Avast au moment où tu lances Ad-aware, accepte l'accès, ignore l'alerte.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
3 janv. 2009 à 20:21
3 janv. 2009 à 20:21
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. (tdss)
= = = = >>> En cliquant ici <<< = = = =
Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur
* Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Si t’as besoin d’un tuto, clic ICI
= = = = >>> En cliquant ici <<< = = = =
Une fois sauvegardé sur ton bureau, double clique sur SDFix.exe et choisis Install pour l’extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
* Redémarre ton ordinateur
* Après avoir entendu l’ordinateur biper lors du démarrage, mais avant que l’icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d’être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d’appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu’à l’accoutumée car l’outil va continuer à s’exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l’outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l’exécution du script et charger les icônes de ton Bureau.
* Les icônes du Bureau affichées, le rapport SDFix s’ouvrira à l’écran et s’enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Si t’as besoin d’un tuto, clic ICI
voici le 2 eme rapport SDFIX //
[b]SDFix: Version 1.240 [/b]
Run by colomb on 03/01/2009 at 21:50
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 22:09:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 6 Nov 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 4 Aug 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Mon 4 Aug 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Mon 4 Aug 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Mon 4 Aug 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Sat 18 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 4 Aug 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Tue 15 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Mon 15 Dec 2008 480,478 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0004.tmp"
Sat 13 Dec 2008 125,709 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0005.tmp"
Sat 13 Dec 2008 205,597 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0847.tmp"
[b]Finished![/b]
[b]SDFix: Version 1.240 [/b]
Run by colomb on 03/01/2009 at 21:50
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 22:09:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Thu 6 Nov 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 4 Aug 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Mon 4 Aug 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Mon 4 Aug 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Mon 4 Aug 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Sat 18 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 4 Aug 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Tue 15 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 4 Aug 2003 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"
Mon 15 Dec 2008 480,478 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0004.tmp"
Sat 13 Dec 2008 125,709 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0005.tmp"
Sat 13 Dec 2008 205,597 ...H. --- "C:\Documents and Settings\colomb\Mes documents\colomb ana‹s\COLLEGE\Italien\~WRL0847.tmp"
[b]Finished![/b]
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
3 janv. 2009 à 22:31
3 janv. 2009 à 22:31
Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.
= = = = >>> En cliquant ici <<< = = = =
* Double-clique sur RSIT.exe pour le lancer.
* Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).
* Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.
* Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).
* Poste le contenu de log.txt (c’est celui qui apparaît à l’écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
= = = = >>> En cliquant ici <<< = = = =
* Double-clique sur RSIT.exe pour le lancer.
* Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).
* Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.
* Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).
* Poste le contenu de log.txt (c’est celui qui apparaît à l’écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Voici le rapport log bloc notes :
info.txt logfile of random's system information tool 1.05 2009-01-03 23:15:02
======Uninstall list======
-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1036
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Fichiers communs\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe"
-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barbie(TM) Horse Adventures(TM)-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\HorseUn.exe
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}
CCleaner (remove only)-->"C:\Documents and Settings\colomb\Mes documents\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Contrôle Parental-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enjoy 4e-->C:\WINDOWS\Enjoy 4e Uninstaller.exe
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
Favorit-->"c:\documents and settings\colomb\local settings\application data\kuyug.exe" -uninstall
Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
iFinger 2.0-->C:\PROGRA~1\iFinger\UNINSTD.EXE C:\PROGRA~1\iFinger\INSTDICS.LOG
Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
Micro Application - La grande Encyclopédie 2004-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\La grande Encyclopédie 2004\Uninst.isu"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Navilog1 3.7.0-->"C:\Program Files\Navilog1\unins000.exe"
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}
Packard Bell InfoCentre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SweetIM for Messenger 2.6-->MsiExec.exe /X{5549C19D-46FE-4975-AD54-5B37E87FF6E2}
SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Version d'évaluation de Microsoft Office Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Votre Budget 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76246D41-471B-46DF-8904-AF3EA8954BA9}\Setup.exe" -l0x40c
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Live Toolbar-->MsiExec.exe /X{05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090102-0]
System event log
Computer Name: SN100948140001
Event Code: 26
Message: Application popup : : Machine Check: Regs
Record Number: 1229
Source Name: Application Popup
Time Written: 20081226212743.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 26
Message: Application popup : : Machine Check:
Record Number: 1228
Source Name: Application Popup
Time Written: 20081226212743.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 1227
Source Name: EventLog
Time Written: 20081226212716.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1226
Source Name: EventLog
Time Written: 20081226212716.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 26
Message: Application popup : : Machine Check: Regs
Record Number: 1225
Source Name: Application Popup
Time Written: 20081226212521.000000+060
Event Type: Informations
User:
Application event log
Computer Name: SN100948140001
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 5
Source Name: usnjsvc
Time Written: 20081210163617.000000+060
Event Type:
User:
Computer Name: SN100948140001
Event Code: 2002
Message: Le service EAPOL a été arrêté correctement.
Record Number: 4
Source Name: EAPOL
Time Written: 20081210160802.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 2003
Message: Le service EAPOL est en cours d'exécution
Record Number: 3
Source Name: EAPOL
Time Written: 20081210160801.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2
Source Name: SecurityCenter
Time Written: 20081210160531.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 105
Message: The service was started.
Record Number: 1
Source Name: ATI Smart
Time Written: 20081210160429.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\TVNAVI~1;C:\Program Files\Fichiers communs\Ulead Systems\MPEG
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"="i\QTJava.zip"
"QTJAVA"="i\QTJava.zip"
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
et le log :
Logfile of random's system information tool 1.05 (written by random/random)
Run by colomb at 2009-01-03 23:14:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 52 GB (72%) free of 72 GB
Total RAM: 255 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:56, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\colomb\Bureau\rsit.exe
C:\Program Files\Trend Micro\HijackThis\colomb.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
info.txt logfile of random's system information tool 1.05 2009-01-03 23:15:02
======Uninstall list======
-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1036
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Fichiers communs\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\Setup.exe"
-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barbie(TM) Horse Adventures(TM)-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\HorseUn.exe
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}
Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}
CCleaner (remove only)-->"C:\Documents and Settings\colomb\Mes documents\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Contrôle Parental-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93094D10-9388-11D4-9886-0000B43F396D}\Setup.exe" -l0x40c
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}
Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enjoy 4e-->C:\WINDOWS\Enjoy 4e Uninstaller.exe
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8}
Favorit-->"c:\documents and settings\colomb\local settings\application data\kuyug.exe" -uninstall
Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
iFinger 2.0-->C:\PROGRA~1\iFinger\UNINSTD.EXE C:\PROGRA~1\iFinger\INSTDICS.LOG
Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu"
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}
Micro Application - La grande Encyclopédie 2004-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\La grande Encyclopédie 2004\Uninst.isu"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Navilog1 3.7.0-->"C:\Program Files\Navilog1\unins000.exe"
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}
Packard Bell InfoCentre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SweetIM for Messenger 2.6-->MsiExec.exe /X{5549C19D-46FE-4975-AD54-5B37E87FF6E2}
SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Version d'évaluation de Microsoft Office Professional 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Votre Budget 2006-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76246D41-471B-46DF-8904-AF3EA8954BA9}\Setup.exe" -l0x40c
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Live Toolbar-->MsiExec.exe /X{05AE605F-3146-46ED-BC52-0A14EBF57962}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 090102-0]
System event log
Computer Name: SN100948140001
Event Code: 26
Message: Application popup : : Machine Check: Regs
Record Number: 1229
Source Name: Application Popup
Time Written: 20081226212743.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 26
Message: Application popup : : Machine Check:
Record Number: 1228
Source Name: Application Popup
Time Written: 20081226212743.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 1227
Source Name: EventLog
Time Written: 20081226212716.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 1226
Source Name: EventLog
Time Written: 20081226212716.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 26
Message: Application popup : : Machine Check: Regs
Record Number: 1225
Source Name: Application Popup
Time Written: 20081226212521.000000+060
Event Type: Informations
User:
Application event log
Computer Name: SN100948140001
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 5
Source Name: usnjsvc
Time Written: 20081210163617.000000+060
Event Type:
User:
Computer Name: SN100948140001
Event Code: 2002
Message: Le service EAPOL a été arrêté correctement.
Record Number: 4
Source Name: EAPOL
Time Written: 20081210160802.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 2003
Message: Le service EAPOL est en cours d'exécution
Record Number: 3
Source Name: EAPOL
Time Written: 20081210160801.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2
Source Name: SecurityCenter
Time Written: 20081210160531.000000+060
Event Type: Informations
User:
Computer Name: SN100948140001
Event Code: 105
Message: The service was started.
Record Number: 1
Source Name: ATI Smart
Time Written: 20081210160429.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\TVNAVI~1;C:\Program Files\Fichiers communs\Ulead Systems\MPEG
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"="i\QTJava.zip"
"QTJAVA"="i\QTJava.zip"
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
et le log :
Logfile of random's system information tool 1.05 (written by random/random)
Run by colomb at 2009-01-03 23:14:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 52 GB (72%) free of 72 GB
Total RAM: 255 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:56, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\colomb\Bureau\rsit.exe
C:\Program Files\Trend Micro\HijackThis\colomb.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
3 janv. 2009 à 23:33
3 janv. 2009 à 23:33
Télécharge UsbFix sur ton bureau :
= = = = >>> En cliquant ici <<< = = = =
=> Lance l’installation avec les paramètres par défaut
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d’avoir été infectés sans les ouvrir
=> Double clic sur le raccourci UsbFix sur ton bureau
=> Sélectionne l’option 1 : Nettoyage
=> Le PC va redémarrer
=>Après redémarrage poste le rapport UsbFix.txt
Notes :
* Le rapport UsbFix.txt est sauvegardé a la racine du disque
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche", tape explorer.exe et valide.
******************
- Fais un scan en ligne avec Kaspersky = = = = >>> En cliquant ici <<< = = = = (avec Internet Explorer)
- En bas à droite, clique sur Démarrer Online-scaner
- Dans la nouvelle fenêtre qui s’affiche, clique sur J’accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t’aider à utiliser le scan en ligne, tu as un tuto ICI
Note :
Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
= = = = >>> En cliquant ici <<< = = = =
=> Lance l’installation avec les paramètres par défaut
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d’avoir été infectés sans les ouvrir
=> Double clic sur le raccourci UsbFix sur ton bureau
=> Sélectionne l’option 1 : Nettoyage
=> Le PC va redémarrer
=>Après redémarrage poste le rapport UsbFix.txt
Notes :
* Le rapport UsbFix.txt est sauvegardé a la racine du disque
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche", tape explorer.exe et valide.
******************
- Fais un scan en ligne avec Kaspersky = = = = >>> En cliquant ici <<< = = = = (avec Internet Explorer)
- En bas à droite, clique sur Démarrer Online-scaner
- Dans la nouvelle fenêtre qui s’affiche, clique sur J’accepte
- Accepte les Contrôles ActiveX
- Choisis Poste de travail pour le scan.
- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport
- Pour t’aider à utiliser le scan en ligne, tu as un tuto ICI
Note :
Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
4 janv. 2009 à 00:52
4 janv. 2009 à 00:52
Oui tu peux la brancher sans souci !
Concernant IE, tu ne l'as pas du tout ?! Comment ça se fait ?!
Concernant IE, tu ne l'as pas du tout ?! Comment ça se fait ?!
voici le rapport usb.fix :
-------------- UsbFix V2.413.8 ---------------
* User : colomb - SN100948140001
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 10:42:05 le 04/01/2009
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
F: - Lecteur amovible
+- Contenu de l'autorun : F:\autorun.inf
[autorun]
open=CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\default=1
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[16/10/2002 09:52][--a------] C:\GETBOOTD.BAT
[16/10/2002 09:52][--a------] C:\revmsis.bat
[26/04/2008 13:58][-rahs----] C:\NTDETECT.COM
[09/03/2000 09:06][--a------] C:\FLIPART.EXE
[09/03/2000 09:06][--a------] C:\GETDRIVE.EXE
[09/03/2000 09:06][--a------] C:\karafun_118.exe
[15/12/2008 15:43][--ahs----] C:\BOOT.INI
[02/01/2009 19:37][--a------] C:\cleannavi.txt
[02/01/2009 19:37][--a------] C:\ComboFix.txt
[02/01/2009 19:37][--a------] C:\DWNLOG.TXT
[02/01/2009 19:37][--a------] C:\fixnavi.txt
[02/01/2009 19:37][--a------] C:\UsbFix.txt
[][] C:\hiberfil.sys
[][] C:\IO.SYS
[][] C:\MSDOS.SYS
[][] C:\pagefile.sys
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[17/12/2008 22:56][-rahs----] F:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
msnmsgr=~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
F:\autorun.inf ~> fichier appelé : "F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe" ( présent ! )
Supprimé ! - F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
Supprimé ! - [09/03/2000 09:06][--a------] C:\FLIPART.EXE
Supprimé ! - [16/10/2002 09:52][--a------] C:\GETBOOTD.BAT
Supprimé ! - [17/12/2008 22:56][-rahs----] F:\autorun.inf
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[15/12/2008 19:24][--a------] C:\revmsis.bat
[26/04/2008 13:58][-rahs----] C:\NTDETECT.COM
[29/08/2002 15:03][--a------] C:\GETDRIVE.EXE
[29/08/2002 15:03][--a------] C:\karafun_118.exe
[15/12/2008 15:43][--ahs----] C:\BOOT.INI
--------------- ! Fin du rapport ! ----------------
-------------- UsbFix V2.413.8 ---------------
* User : colomb - SN100948140001
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 10:42:05 le 04/01/2009
* Windows Xp - Internet Explorer 7.0.5730.13
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
F: - Lecteur amovible
+- Contenu de l'autorun : F:\autorun.inf
[autorun]
open=CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
shell\open\default=1
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[16/10/2002 09:52][--a------] C:\GETBOOTD.BAT
[16/10/2002 09:52][--a------] C:\revmsis.bat
[26/04/2008 13:58][-rahs----] C:\NTDETECT.COM
[09/03/2000 09:06][--a------] C:\FLIPART.EXE
[09/03/2000 09:06][--a------] C:\GETDRIVE.EXE
[09/03/2000 09:06][--a------] C:\karafun_118.exe
[15/12/2008 15:43][--ahs----] C:\BOOT.INI
[02/01/2009 19:37][--a------] C:\cleannavi.txt
[02/01/2009 19:37][--a------] C:\ComboFix.txt
[02/01/2009 19:37][--a------] C:\DWNLOG.TXT
[02/01/2009 19:37][--a------] C:\fixnavi.txt
[02/01/2009 19:37][--a------] C:\UsbFix.txt
[][] C:\hiberfil.sys
[][] C:\IO.SYS
[][] C:\MSDOS.SYS
[][] C:\pagefile.sys
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[17/12/2008 22:56][-rahs----] F:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
msnmsgr=~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WOOWATCH=C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON=C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff1964f1-42ba-11dd-ab4c-00038a000015}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
F:\autorun.inf ~> fichier appelé : "F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe" ( présent ! )
Supprimé ! - F:\CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
Supprimé ! - [09/03/2000 09:06][--a------] C:\FLIPART.EXE
Supprimé ! - [16/10/2002 09:52][--a------] C:\GETBOOTD.BAT
Supprimé ! - [17/12/2008 22:56][-rahs----] F:\autorun.inf
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[15/12/2008 19:24][--a------] C:\revmsis.bat
[26/04/2008 13:58][-rahs----] C:\NTDETECT.COM
[29/08/2002 15:03][--a------] C:\GETDRIVE.EXE
[29/08/2002 15:03][--a------] C:\karafun_118.exe
[15/12/2008 15:43][--ahs----] C:\BOOT.INI
--------------- ! Fin du rapport ! ----------------
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
4 janv. 2009 à 12:49
4 janv. 2009 à 12:49
Essaye de faire un scan en ligne ICI
Avec Mozilla Firefox.
Avec Mozilla Firefox.
voici le rapport kaspersky :
Fri Dec 26 10:09:31 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 10:40:08 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 11:07:30 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 11:48:28 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 12:26:21 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 12:46:23 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 13:05:51 2008 [ERR] Generic exception caught
Fri Dec 26 21:32:34 2008 [ERR] Error connecting to the StatusToApply server
Fri Dec 26 21:32:35 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 21:44:31 2008 [ERR] Error connecting to the StatusToApply server
Fri Dec 26 21:44:35 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 09:02:42 2008 [ERR] Error connecting to the StatusToApply server
Sat Dec 27 09:59:45 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 10:27:48 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 10:48:54 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 10:54:07 2008 [WRN] Error reading pwd.conf data
Sat Dec 27 11:03:06 2008 [ERR] Error connecting to the StatusToApply server
Sat Dec 27 11:03:06 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 12:02:01 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 12:22:02 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 13:28:31 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 14:21:20 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 15:03:08 2008 [ERR] Error connecting to the license server
Sat Dec 27 15:54:52 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 18:25:12 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 19:03:09 2008 [ERR] Error connecting to the license server
Sat Dec 27 20:25:15 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 20:45:16 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 23:03:09 2008 [ERR] Error connecting to the license server
Sun Dec 28 09:55:24 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 09:55:25 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 10:15:27 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 10:44:35 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 10:44:36 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 19:53:13 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 19:53:14 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 20:03:50 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 20:04:08 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 21:12:21 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 11:47:35 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 12:01:55 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 13:29:47 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 13:29:49 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 15:34:07 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 15:34:40 2008 [ERR] Generic exception caught
Mon Dec 29 15:52:49 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 15:55:38 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 16:10:30 2008 [ERR] Generic exception caught
Mon Dec 29 18:59:55 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 19:00:01 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 19:51:58 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 20:00:13 2008 [ERR] Generic exception caught
Mon Dec 29 21:21:32 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 22:09:44 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 23:25:57 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 23:49:13 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 00:09:17 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 00:29:20 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 08:51:14 2008 [ERR] Error connecting to the StatusToApply server
Tue Dec 30 08:53:23 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 09:13:30 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 09:47:00 2008 [ERR] Error connecting to the StatusToApply server
Tue Dec 30 09:49:36 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 10:47:03 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 10:47:03 2008 [ERR] Error connecting to the StatusToApply server
Tue Dec 30 12:47:04 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 13:07:06 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 17:42:28 2008 [ERR] Error connecting to the license server
Tue Dec 30 20:03:30 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 21:26:11 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 21:46:12 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 23:07:18 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 23:27:19 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 23:47:20 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 00:07:22 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 00:27:24 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 12:56:35 2008 [ERR] Error connecting to the StatusToApply server
Wed Dec 31 13:01:30 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 14:09:16 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 14:28:35 2008 [ERR] Generic exception caught
Wed Dec 31 14:35:05 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 14:35:10 2008 [ERR] Error connecting to the StatusToApply server
Wed Dec 31 15:17:42 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 15:40:23 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 16:04:43 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 16:41:19 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 17:27:32 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 18:02:46 2008 [WRN] Generic error in connection/blocksock
Thu Jan 01 14:38:38 2009 [ERR] Error connecting to the StatusToApply server
Thu Jan 01 14:41:08 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 15:01:10 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 15:21:11 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 15:53:07 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 16:25:57 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 16:54:00 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 17:14:01 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 17:34:02 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 17:54:03 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 18:14:04 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 18:34:05 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 18:54:08 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 19:20:40 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 20:24:07 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 20:51:02 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 22:15:48 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 23:50:23 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 00:10:25 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 00:30:28 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 09:52:20 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 10:59:46 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 11:20:50 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 12:15:08 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 12:21:11 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 12:41:12 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 13:21:13 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 13:42:51 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 14:05:01 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 14:27:11 2009 [ERR] Generic exception caught
Fri Jan 02 14:31:51 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 14:31:55 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 14:58:57 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 15:25:38 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 15:45:45 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 16:05:48 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 16:25:49 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 16:56:01 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 17:16:02 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 17:36:03 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 18:13:50 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 18:39:20 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 18:59:23 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 19:19:25 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 19:42:10 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 20:42:37 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 21:30:57 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 21:32:04 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 21:52:07 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 22:12:12 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 22:32:15 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 22:54:27 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 22:55:34 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 23:22:57 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 23:22:58 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 00:10:16 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 00:10:17 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 09:20:53 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 09:20:54 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 09:40:56 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 10:00:57 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 18:32:04 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 19:11:17 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 19:39:49 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 19:59:51 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 20:39:52 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 20:59:54 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 21:57:38 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 21:57:39 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 22:32:40 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 23:46:23 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 00:06:24 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 00:26:26 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 09:58:41 2009 [ERR] Error connecting to the StatusToApply server
Sun Jan 04 09:59:58 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 10:20:00 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 10:44:30 2009 [ERR] Error connecting to the StatusToApply server
Sun Jan 04 11:13:53 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 11:36:05 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 11:57:49 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 12:38:49 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 13:06:24 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 13:15:40 2009 [ERR] Error connecting to the StatusToApply server
Sun Jan 04 13:19:46 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 13:39:48 2009 [WRN] Generic error in connection/blocksock
Fri Dec 26 10:09:31 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 10:40:08 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 11:07:30 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 11:48:28 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 12:26:21 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 12:46:23 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 13:05:51 2008 [ERR] Generic exception caught
Fri Dec 26 21:32:34 2008 [ERR] Error connecting to the StatusToApply server
Fri Dec 26 21:32:35 2008 [WRN] Generic error in connection/blocksock
Fri Dec 26 21:44:31 2008 [ERR] Error connecting to the StatusToApply server
Fri Dec 26 21:44:35 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 09:02:42 2008 [ERR] Error connecting to the StatusToApply server
Sat Dec 27 09:59:45 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 10:27:48 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 10:48:54 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 10:54:07 2008 [WRN] Error reading pwd.conf data
Sat Dec 27 11:03:06 2008 [ERR] Error connecting to the StatusToApply server
Sat Dec 27 11:03:06 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 12:02:01 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 12:22:02 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 13:28:31 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 14:21:20 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 15:03:08 2008 [ERR] Error connecting to the license server
Sat Dec 27 15:54:52 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 18:25:12 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 19:03:09 2008 [ERR] Error connecting to the license server
Sat Dec 27 20:25:15 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 20:45:16 2008 [WRN] Generic error in connection/blocksock
Sat Dec 27 23:03:09 2008 [ERR] Error connecting to the license server
Sun Dec 28 09:55:24 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 09:55:25 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 10:15:27 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 10:44:35 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 10:44:36 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 19:53:13 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 19:53:14 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 20:03:50 2008 [WRN] Generic error in connection/blocksock
Sun Dec 28 20:04:08 2008 [ERR] Error connecting to the StatusToApply server
Sun Dec 28 21:12:21 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 11:47:35 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 12:01:55 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 13:29:47 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 13:29:49 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 15:34:07 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 15:34:40 2008 [ERR] Generic exception caught
Mon Dec 29 15:52:49 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 15:55:38 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 16:10:30 2008 [ERR] Generic exception caught
Mon Dec 29 18:59:55 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 19:00:01 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 19:51:58 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 20:00:13 2008 [ERR] Generic exception caught
Mon Dec 29 21:21:32 2008 [ERR] Error connecting to the StatusToApply server
Mon Dec 29 22:09:44 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 23:25:57 2008 [WRN] Generic error in connection/blocksock
Mon Dec 29 23:49:13 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 00:09:17 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 00:29:20 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 08:51:14 2008 [ERR] Error connecting to the StatusToApply server
Tue Dec 30 08:53:23 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 09:13:30 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 09:47:00 2008 [ERR] Error connecting to the StatusToApply server
Tue Dec 30 09:49:36 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 10:47:03 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 10:47:03 2008 [ERR] Error connecting to the StatusToApply server
Tue Dec 30 12:47:04 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 13:07:06 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 17:42:28 2008 [ERR] Error connecting to the license server
Tue Dec 30 20:03:30 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 21:26:11 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 21:46:12 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 23:07:18 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 23:27:19 2008 [WRN] Generic error in connection/blocksock
Tue Dec 30 23:47:20 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 00:07:22 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 00:27:24 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 12:56:35 2008 [ERR] Error connecting to the StatusToApply server
Wed Dec 31 13:01:30 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 14:09:16 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 14:28:35 2008 [ERR] Generic exception caught
Wed Dec 31 14:35:05 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 14:35:10 2008 [ERR] Error connecting to the StatusToApply server
Wed Dec 31 15:17:42 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 15:40:23 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 16:04:43 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 16:41:19 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 17:27:32 2008 [WRN] Generic error in connection/blocksock
Wed Dec 31 18:02:46 2008 [WRN] Generic error in connection/blocksock
Thu Jan 01 14:38:38 2009 [ERR] Error connecting to the StatusToApply server
Thu Jan 01 14:41:08 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 15:01:10 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 15:21:11 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 15:53:07 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 16:25:57 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 16:54:00 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 17:14:01 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 17:34:02 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 17:54:03 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 18:14:04 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 18:34:05 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 18:54:08 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 19:20:40 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 20:24:07 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 20:51:02 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 22:15:48 2009 [WRN] Generic error in connection/blocksock
Thu Jan 01 23:50:23 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 00:10:25 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 00:30:28 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 09:52:20 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 10:59:46 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 11:20:50 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 12:15:08 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 12:21:11 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 12:41:12 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 13:21:13 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 13:42:51 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 14:05:01 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 14:27:11 2009 [ERR] Generic exception caught
Fri Jan 02 14:31:51 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 14:31:55 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 14:58:57 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 15:25:38 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 15:45:45 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 16:05:48 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 16:25:49 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 16:56:01 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 17:16:02 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 17:36:03 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 18:13:50 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 18:39:20 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 18:59:23 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 19:19:25 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 19:42:10 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 20:42:37 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 21:30:57 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 21:32:04 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 21:52:07 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 22:12:12 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 22:32:15 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 22:54:27 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 22:55:34 2009 [WRN] Generic error in connection/blocksock
Fri Jan 02 23:22:57 2009 [ERR] Error connecting to the StatusToApply server
Fri Jan 02 23:22:58 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 00:10:16 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 00:10:17 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 09:20:53 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 09:20:54 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 09:40:56 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 10:00:57 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 18:32:04 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 19:11:17 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 19:39:49 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 19:59:51 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 20:39:52 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 20:59:54 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 21:57:38 2009 [ERR] Error connecting to the StatusToApply server
Sat Jan 03 21:57:39 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 22:32:40 2009 [WRN] Generic error in connection/blocksock
Sat Jan 03 23:46:23 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 00:06:24 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 00:26:26 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 09:58:41 2009 [ERR] Error connecting to the StatusToApply server
Sun Jan 04 09:59:58 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 10:20:00 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 10:44:30 2009 [ERR] Error connecting to the StatusToApply server
Sun Jan 04 11:13:53 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 11:36:05 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 11:57:49 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 12:38:49 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 13:06:24 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 13:15:40 2009 [ERR] Error connecting to the StatusToApply server
Sun Jan 04 13:19:46 2009 [WRN] Generic error in connection/blocksock
Sun Jan 04 13:39:48 2009 [WRN] Generic error in connection/blocksock
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
4 janv. 2009 à 15:20
4 janv. 2009 à 15:20
Euh, c'est le scan kaspersky avec internet explorer ça ?
Il a détecté des virus ?!
Si non, fais avec Mozilla sur le lien donné oui.
Il a détecté des virus ?!
Si non, fais avec Mozilla sur le lien donné oui.
j ai fait scan en ligne trend micro :
il y a 21 cookies HTTP et 3 infections
faut il supprimer les cookies ou les nettoyer? Enettoyer les infections?
il y a 21 cookies HTTP et 3 infections
faut il supprimer les cookies ou les nettoyer? Enettoyer les infections?
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
4 janv. 2009 à 23:34
4 janv. 2009 à 23:34
Supprime tout et copie colle s'il y a un rapport pour que je vois les infections et leurs localisations.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
4 janv. 2009 à 23:53
4 janv. 2009 à 23:53
euh non, pas trop.
Repostes un rapport hijackthis.
Repostes un rapport hijackthis.
VOICI LE RAPPORT :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:10, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:10, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Controle Parental\bin\OPTGui.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\colomb\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: sqdwcr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: bEvtService - Unknown owner - C:\WINDOWS\System32\bEvtService.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
5 janv. 2009 à 00:02
5 janv. 2009 à 00:02
Relance un examen complet de malwarebytes anti malware mis à jour stp.
voici le rapport ::
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1617
Windows 5.1.2600 Service Pack 3
05/01/2009 13:46:39
mbam-log-2009-01-05 (13-46-39).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 136536
Temps écoulé: 1 hour(s), 25 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1617
Windows 5.1.2600 Service Pack 3
05/01/2009 13:46:39
mbam-log-2009-01-05 (13-46-39).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 136536
Temps écoulé: 1 hour(s), 25 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
31 déc. 2008 à 17:10
pour les 4 premiers liens, impossible d y accéder. faut il faire qu avec le 5 eme lien seulement?
MERCI
31 déc. 2008 à 18:03
et avec je fais un scan only.