Analyse d un Hijackthis

Résolu
El lobo Messages postés 61 Date d'inscription   Statut Membre -  
El lobo Messages postés 61 Date d'inscription   Statut Membre -
Bonjour,

Je fais un ptit entretien et cleaning de mon PC
Pourriez vous regarder si le rapport Hijackthis est OK, Merci d avance

Logfile of HijackThis v1.99.1
Scan saved at 13:17:19, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci...
Configuration: Windows XP
Firefox 3.0.5

23 réponses

  • 1
  • 2
Résumé de la discussion

Analyse du rapport HijackThis et du nettoyage en cours met en évidence des éléments suspects sur Windows XP, notamment des clés de démarrage et des modules potentiellement indésirables. Plusieurs éléments signalés par Malwarebytes' Anti-Malware et par le rapport incluent un Trojan.FakeAlert.H dans une clé Run et des fichiers suspects comme hpfsched.exe, nécessitant suppression ou quarantaine. D'autre part, ComboFix a généré un rapport détaillé indiquant des logiciels indésirables et des programmes de sécurité installés, avec des traces de répertoires et drivers supprimés ou déplacés. En cas d'incertitude, il est recommandé de poursuivre le nettoyage avec des outils actualisés et de vérifier les paramètres de démarrage, tout en sauvegardant les données avant toute modification majeure.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    fait quand même ceci :

    Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un. Merci.

    Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
    Dézippe le dossier, double-clique sur GenProc.bat
    En final, poste le contenu du rapport qui s'affiche.
    Comment utiliser GenProc

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Merci de votre message,

      voila le rapport Genproc, merci de votre aide



      Rapport GenProc 2.351 [1] - 04/02/2009 - Windows XP

      Il est impératif de désactiver le résident TeaTimer de Spybot pendant l'ensemble des manipulations qui vont suivre. Aide Tea-Timer : http://ww11.genproc.com/spybot/spybot.html

      Il est impératif de désactiver la protection résidente SpywareTerminator pendant l'ensemble des manipulations qui vont suivre. Aide SpywareTerminator : http://ww11.genproc.com/spyware-terminator/spyware_terminator.html

      Il est impératif de désactiver le résident de A-Squared pendant l'ensemble des manipulations qui vont suivre. Aide A-Squared : http://ww11.genproc.com/a-squared/a-squared.html

      # Etape 1/ Télécharge :

      - CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
      Ce logiciel va permettre de supprimer tous les fichiers temporaires.
      Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
      Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

      - Brute Force Uninstaller http://merijn.geekstogo.com/files/bfu.zip (Merijn) et décompresse-le sur ton bureau.
      Fais un clic droit de souris sur ce lien : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
      et choisis "Enregistrer la cible (du lien) sous" afin de télécharger le script WinSoftware.bfu,
      que tu placeras à côté de l'icône en forme de boule noire dentée bfu.exe.


      Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** utilisateur ***


      # Etape 2/

      Double-clique sur le fichier BFU.exe en forme de boule noire dentée, sur ton bureau. Clique sur le petit dossier jaune,
      à la droite de la boîte "Scriptfile to execute", et double-clique sur le fichier Winsoftware.bfu qui devrait apparaître.
      - Dans la boîte "Script to execute", tu devrais maintenant voir le chemin complet du fichier Winsoftware.bfu.
      - clique sur "Execute" et laisse-le faire son travail. La réussite de l'opération sera obligatoirement sanctionnée
      par un message final "Complete script execution", si ce n'est pas le cas, il faudra le signaler.
      - Clique sur OK, puis exit pour fermer le programme BFU.
      - Recommence encore une fois.

      # Etape 3/

      Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

      # Etape 4/

      Redémarre normalement et poste, dans la même réponse :

      - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

      Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

      ____________________________________________________________________________________________________________

      Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
      0
  2. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    tu peux déjà faire ceci. et me poster les rapports.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      voila c fais, voici le new rapport d Hijackthis. C OK? y a des ptires bebettes?
      Merci pour ton aide

      Logfile of HijackThis v1.99.1
      Scan saved at 15:32:00, on 04/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\WINDOWS\system32\sistray.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Crawler Search - tbr:iemenu
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  3. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ya pas de rapport brute force.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Voila le rapport Brute force, merci encore pour ton suivis

      BFU v1.12.0
      Windows XP SP3 (WinNT 5.01.2600 SP3)
      Script started at 15:23:05, on 04/02/2009

      Option Unload Explorer: Yes
      Success: ProcessKillByPID 1676
      Success: ProcessKill C:\WINDOWS\explorer.exe|1
      Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu
      # lazzzy 20/09/2006
      # Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect / Adsl Software Limited

      OptionUnloadShell

      # 1 - Processus

      ProcessKill \AdwareProtector.exe|1
      ProcessKill \ErrorGuard.exe|1
      ProcessKill \ERScw.exe|1
      ProcessKill \Malwarrior.exe|1
      ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
      ProcessKill \sd2006.exe|1
      ProcessKill \SDR6cw.exe|1
      ProcessKill \SDRmon.exe|1
      ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
      ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
      ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
      ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
      ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
      ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1
      ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
      ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
      ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
      ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
      ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
      ProcessKill uwasffNT.exe|1
      ProcessKill \was6.exe|1
      ProcessKill \WinAV.exe|1
      ProcessKill \WinPG2005.exe|1
      ProcessKill \WinSpywareProtect.exe|1

      # 2 - Services

      ServiceStop FWSvc
      ServiceDisable FWSvc
      ServiceDelete FWSvc

      # 3 - Registre

      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MalWarrior
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSpywareProtect (ver. 5.1)

      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPDefender
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPFixer
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_0001_N122M2802
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_5555_N122M0312
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N122M1202
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N122M1912
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N129M2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGESV_0001_N122M0303
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|strpmon
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005

      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner

      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\system32\drivers\uwasfsd.sys

      RegDeleteKey HKCR\antiviruscom.avofficeprotect
      RegDeleteKey HKCR\antiviruscom.avofficeprotect.1
      RegDeleteKey HKCR\avexplorer.shellextension
      RegDeleteKey HKCR\avexplorer.shellextension.2
      RegDeleteKey HKCR\avexplorer.shellextension\curver
      RegDeleteKey HKCR\checkprod.checkproduct
      RegDeleteKey HKCR\CheckProduct2.CheckProduct
      RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
      RegDeleteKey HKCR\ComCleanCor.AppCleane
      RegDeleteKey HKCR\ComCleanCor.AppCleane.1
      RegDeleteKey HKCR\ComCleanCor.CQuickScan
      RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
      RegDeleteKey HKCR\ComCleanCor.FileCleane
      RegDeleteKey HKCR\ComCleanCor.InetCleane
      RegDeleteKey HKCR\ComCleanCor.InetCleane.1
      RegDeleteKey HKCR\ComCleanCor.RegCleane
      RegDeleteKey HKCR\ComCleanCor.RegCleane.1
      RegDeleteKey HKCR\ComCleanCor.SystemCleane
      RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
      RegDeleteKey HKCR\ComCleanCore.FileClean.1
      RegDeleteKey HKCR\CompCleanCore.AppCleaner
      RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
      RegDeleteKey HKCR\CompCleanCore.CCQuickScan
      RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
      RegDeleteKey HKCR\CompCleanCore.FileCleaner
      RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
      RegDeleteKey HKCR\CompCleanCore.InetCleaner
      RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
      RegDeleteKey HKCR\CompCleanCore.RegCleaner
      RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
      RegDeleteKey HKCR\CompCleanCore.SystemCleaner
      RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
      RegDeleteKey HKCR\df_fixer.Fixer
      RegDeleteKey HKCR\df_fixer.Fixer.1
      RegDeleteKey HKCR\df_proxy.DriverManipulate
      RegDeleteKey HKCR\df_proxy.DriverManipulate.1
      RegDeleteKey HKCR\df_fix.Fix
      RegDeleteKey HKCR\df_fix.Fix.1
      RegDeleteKey HKCR\df_prx.DriverManipulat
      RegDeleteKey HKCR\df_prx.DriverManipulat.1
      RegDeleteKey HKCR\escompcleancore.esappcleaner
      RegDeleteKey HKCR\escompcleancore.esappcleaner.1
      RegDeleteKey HKCR\escompcleancore.esccquickscan
      RegDeleteKey HKCR\escompcleancore.esccquickscan.1
      RegDeleteKey HKCR\escompcleancore.esfilecleaner
      RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
      RegDeleteKey HKCR\escompcleancore.esinetcleaner
      RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
      RegDeleteKey HKCR\escompcleancore.esregcleaner
      RegDeleteKey HKCR\escompcleancore.esregcleaner.1
      RegDeleteKey HKCR\escompcleancore.essystemcleaner
      RegDeleteKey HKCR\escompcleancore.essystemcleaner.1
      RegDeleteKey HKCR\esdf_fixer.esfixer
      RegDeleteKey HKCR\esdf_fixer.esfixer.1
      RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate
      RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
      RegDeleteKey HKCR\esffwraper.esffenginwraper
      RegDeleteKey HKCR\esffwraper.esffenginwraper.1
      RegDeleteKey HKCR\esfixcore.esmmfixcore
      RegDeleteKey HKCR\esfixcore.esmmfixcore.1
      RegDeleteKey HKCR\esmmfixctrl.escofixengine
      RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
      RegDeleteKey HKCR\esspchck.esspchck
      RegDeleteKey HKCR\esspchck.esspchck.1
      RegDeleteKey HKCR\esspcheck.esspcheck
      RegDeleteKey HKCR\esspcheck.esspcheck.1
      RegDeleteKey HKCR\FFCom.FlFixer
      RegDeleteKey HKCR\FFWraper.FFEnginWraper
      RegDeleteKey HKCR\FFWrap.FEnginWrape
      RegDeleteKey HKCR\FFWrap.FEnginWrape.1
      RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
      RegDeleteKey HKCR\FFxr_21.FFixr21
      RegDeleteKey HKCR\FixCor.MMFxCor
      RegDeleteKey HKCR\FixCor.MMFxCor.1
      RegDeleteKey HKCR\FixCore.MMFixCore
      RegDeleteKey HKCR\FixCore.MMFixCore.1
      RegDeleteKey HKCR\FlFxr3.FlFixer3
      RegDeleteKey HKCR\flfxr5.flfixer5
      RegDeleteKey HKCR\FlFxr15.FlFixer15
      RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
      RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
      RegDeleteKey HKCR\FWraper.FFEnginWraper
      RegDeleteKey HKCR\FWraper.FFEnginWraper.1
      RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
      RegDeleteKey HKCR\FxCor_e.MMFixCor_e
      RegDeleteKey HKCR\FxCore.MMFixCore
      RegDeleteKey HKCR\FxCore.MMFixCore.1
      RegDeleteKey HKCR\iefwbho.iefw
      RegDeleteKey HKCR\iefwbho.iefw.2
      RegDeleteKey HKCR\Install.Install
      RegDeleteKey HKCR\Install.Install.1
      RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
      RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
      RegDeleteKey HKCR\MMFx.CoFxEngin
      RegDeleteKey HKCR\MMFx.CoFxEngin.1
      RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
      RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
      RegDeleteKey HKCR\systemdoctor.free
      RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
      RegDeleteKey HKCR\UWFXCheck.UWFXCheck
      RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
      RegDeleteKey HKCR\wap6.pcheck
      RegDeleteKey HKCR\wap6.pcheck.1
      RegDeleteKey HKCR\winpgintegrator.ieintegrator
      RegDeleteKey HKCR\winpgintegrator.ieintegrator.1

      RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
      RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
      RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
      RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
      RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
      RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
      RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
      RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
      RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
      RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
      RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
      RegDeleteKey HKCR\AppID\CheckProduct2.DLL
      RegDeleteKey HKCR\AppID\compcln.dll
      RegDeleteKey HKCR\AppID\compclr.dll
      RegDeleteKey HKCR\AppID\FFWrapr.DLL
      RegDeleteKey HKCR\AppID\FFWraper.DLL
      RegDeleteKey HKCR\AppID\FixCore.DLL
      RegDeleteKey HKCR\AppID\FxCr.DLL
      RegDeleteKey HKCR\AppID\MFix.DLL
      RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
      RegDeleteKey HKCR\AppID\winpgi.dll appid

      RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
      RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
      RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
      RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
      RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
      RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
      RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
      RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
      RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
      RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
      RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
      RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
      RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
      RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
      RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
      RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
      RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
      RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
      RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
      RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
      RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
      RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
      RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
      RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
      RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
      RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
      RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
      RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
      RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
      RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
      RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
      RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
      RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
      RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
      RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
      RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
      RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
      RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
      RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
      RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
      RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
      RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
      RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
      RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
      RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
      RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
      RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
      RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
      RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
      RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
      RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
      RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
      RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
      RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
      RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
      RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
      RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
      RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
      RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
      RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
      RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

      RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
      RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
      RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}
      RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
      RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
      RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
      RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
      RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
      RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
      RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
      RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
      RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
      RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
      RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
      RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
      RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
      RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
      RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
      RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
      RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
      RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
      RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
      RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
      RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
      RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
      RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
      RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
      RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
      RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
      RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
      RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
      RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
      RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
      RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
      RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
      RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
      RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
      RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
      RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
      RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
      RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
      RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
      RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
      RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
      RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
      RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
      RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
      RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
      RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
      RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}

      RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
      RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
      RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
      RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
      RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
      RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
      RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
      RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
      RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}
      RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
      RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9}
      RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
      RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
      RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
      RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
      RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
      RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
      RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
      RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
      RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
      RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
      RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
      RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
      RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
      RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
      RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
      RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
      RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
      RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
      RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
      RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}

      RegDeleteKey HKCU\Software\Adsl Software Limited
      RegDeleteKey HKCU\Software\ErrorGuard
      RegDeleteKey HKCU\Software\errorsafe
      RegDeleteKey HKCU\Software\error safe free
      RegDeleteKey HKCU\Software\sysprotect free
      RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
      RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
      RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
      RegDeleteKey HKCU\Software\WinFixer 2005
      RegDeleteKey HKCU\Software\WinSoftware

      RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
      RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

      RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered

      RegDeleteKey HKLM\Software\AXPFixer
      RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
      RegDeleteKey HKLM\Software\ErrorSafe
      RegDeleteKey HKLM\Software\Error Safe Free
      RegDeleteKey HKLM\Software\sysprotect
      RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
      RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
      RegDeleteKey HKLM\Software\winantivirus pro 2006
      RegDeleteKey HKLM\Software\WinSoftware

      RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1
      RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
      RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
      RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
      RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
      RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
      RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
      RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
      RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
      RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
      RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
      RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
      RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
      RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
      RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore
      RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
      RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
      RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
      RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
      RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
      RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
      RegDeleteKey HKLM\Software\Classes\UDCShell
      RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
      RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
      RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
      RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
      RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
      RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
      RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
      RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
      RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
      RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
      RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
      RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk

      RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
      RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
      RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
      RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
      RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD}
      RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll

      RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
      RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
      RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
      RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
      RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
      RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
      RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
      RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
      RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
      RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
      RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
      RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
      RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
      RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
      RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
      RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
      RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
      RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
      RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
      RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
      RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7}
      RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
      RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
      RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
      RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
      RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
      RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
      RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
      RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
      RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
      RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
      RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
      RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
      RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
      RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
      RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
      RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
      RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
      RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
      RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
      RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
      RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
      RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4}
      RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
      RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
      RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
      RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
      RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
      RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}

      RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
      RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
      RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
      RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
      RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
      RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
      RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
      RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
      RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
      RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
      RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
      RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
      RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
      RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
      RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
      RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
      RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
      RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
      RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
      RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
      RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
      RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
      RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
      RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
      RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
      RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
      RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
      RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
      RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
      RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
      RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
      RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
      RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
      RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
      RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
      RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
      RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
      RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E}
      RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
      RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
      RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
      RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
      RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
      RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
      RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
      RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
      RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
      RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
      RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
      RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
      RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
      RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}

      RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd

      RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
      RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}

      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe

      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}

      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AXPFixer
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalWarrior 2007_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winspywareprotect_is1

      RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
      RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys

      RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
      RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
      RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd

      RegDeleteKey HKUS\Software\DriveCleaner 2006 Free

      # 4 - ActiveX

      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024

      # 5 - Fichiers

      DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
      DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1
      DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
      DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
      DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
      DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
      DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
      DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
      DllUnregister C:\Program Files\SysProtect\compclr.dll|1
      DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
      DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
      DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
      DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
      DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
      DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
      DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
      DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
      DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
      DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
      DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
      DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
      DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
      DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
      DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
      DllUnregister C:\Program Files\Fichiers communs\WinFixer 2005\uwappchk.dll|1
      DllUnregister C:\WINDOWS\syst32.dll|1

      FileDelete C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk
      FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
      FileDelete C:\Documents and Settings\utilisateur\Application Data\*drivecleaner*.exe
      FileDelete C:\Documents and Settings\utilisateur\Application Data\*errorsafe*.exe
      FileDelete C:\Documents and Settings\utilisateur\Application Data\*winantispyware*.exe
      FileDelete C:\Documents and Settings\utilisateur\Application Data\*winantivirus*.exe
      FileDelete C:\Documents and Settings\utilisateur\Application Data\install_fr*.exe
      FileDelete C:\Documents and Settings\utilisateur\Application Data\installer_fr[1].exe
      FileDelete C:\Documents and Settings\utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk
      FileDelete C:\Documents and Settings\utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
      FileDelete C:\Documents and Settings\utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
      FileDelete C:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
      FileDelete C:\Documents and Settings\utilisateur\Bureau\*drivecleaner*.exe
      FileDelete C:\Documents and Settings\utilisateur\Bureau\DriveCleaner 2006 Free.lnk
      FileDelete C:\Documents and Settings\utilisateur\Bureau\ErrorGuard.lnk
      FileDelete C:\Documents and Settings\utilisateur\Bureau\ErrorSafe.lnk
      FileDelete C:\Documents and Settings\utilisateur\Bureau\ErrorSafe*.exe
      FileDelete C:\Documents and Settings\utilisateur\Bureau\SystemDoctor*.lnk
      FileDelete C:\Documents and Settings\utilisateur\Bureau\WinAntiSpyware*.lnk
      FileDelete C:\Documents and Settings\utilisateur\Bureau\WinFixer*.exe
      FileDelete C:\Documents and Settings\utilisateur\Bureau\WinFixer*.lnk
      FileDelete C:\Documents and Settings\utilisateur\Mes documents\*drivecleaner*.exe
      FileDelete C:\Documents and Settings\utilisateur\Mes documents\*SystemDoctor*.exe
      FileDelete C:\Documents and Settings\utilisateur\Mes documents\*WinAntiVirusPro*.exe
      FileDelete C:\Program Files\*drivecleaner*.exe
      FileDelete C:\Program Files\*WinAntiVirusPro*.exe
      FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
      FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
      FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
      FileDelete C:\WINDOWS\46241234110.exe
      FileDelete C:\WINDOWS\service32.exe
      FileDelete C:\WINDOWS\syst32.dll
      FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Prefetch\AXPFIXER.EXE*.pf
      FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
      FileDelete C:\WINDOWS\system32\av.cpl
      FileDelete C:\WINDOWS\system32\blackster.scr
      FileDelete C:\WINDOWS\system32\df_kme.exe
      FileDelete C:\WINDOWS\system32\stera.exe
      FileDelete C:\WINDOWS\system32\stera.?o?
      FileDelete C:\WINDOWS\system32\drivers\ApiMon.sys
      FileDelete C:\WINDOWS\system32\drivers\df_kmd.sys
      FileDelete C:\WINDOWS\system32\drivers\ersd.sys
      FileDelete C:\WINDOWS\system32\drivers\erssdd.sys
      FileDelete C:\WINDOWS\system32\drivers\fopn.sys
      FileDelete C:\WINDOWS\system32\drivers\sscan.sys
      FileDelete C:\WINDOWS\system32\drivers\uwasfsd.sys
      FileDelete C:\WINDOWS\system32\drivers\vspf_hk5.sys
      FileDelete C:\WINDOWS\system32\drivers\vspf5.sys
      FileDelete C:\WINDOWS\system32\drivers\wasfsd.sys
      FileDelete C:\WINDOWS\system32\drivers\WFF.sys
      FileDelete C:\systemdoctor*.exe

      # 6 - Repertoires

      FolderDelete C:\Documents and Settings\utilisateur\Application Data\Adsl Software Limited
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\AXPDefender
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\AXPFixer
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\DriveCleaner Free
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\DriveCleaner 2006 Free
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\systemdoctor 2006 free
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\VirusGarde
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\WinAntiVirus Pro 2006
      FolderDelete C:\Documents and Settings\utilisateur\Application Data\WinAntiVirus Pro 2007
      FolderDelete C:\Documents and Settings\All Users\Application Data\libresystem
      FolderDelete C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
      FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
      FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
      FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
      FolderDelete C:\Program Files\AXPDefender
      FolderDelete C:\Program Files\AXPFixer
      FolderDelete C:\Program Files\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\erroguard
      FolderDelete C:\Program Files\Error Safe
      FolderDelete C:\Program Files\Error Safe Free
      FolderDelete C:\Program Files\ErrorSafe
      FolderDelete C:\Program Files\errorsafe free
      FolderDelete C:\Program Files\MalWarrior*
      FolderDelete C:\Program Files\SysProtect Free
      FolderDelete C:\Program Files\SystemDoctor 2006
      FolderDelete C:\Program Files\SystemDoctor 2006 Free
      FolderDelete C:\Program Files\VirusGarde
      FolderDelete C:\Program Files\WinAntiSpyware 2006
      FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
      FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
      FolderDelete C:\Program Files\WinAntiVirus 2005
      FolderDelete C:\Program Files\WinAntiVirus Pro 2006
      FolderDelete C:\Program Files\WinAntiVirus Pro 2007
      FolderDelete C:\Program Files\WinFixer 2005
      FolderDelete C:\Program Files\WinPopupGuard 2005
      FolderDelete C:\Program Files\winspywareprotect
      FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
      FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
      FolderDelete C:\Program Files\Archivos comunes\ErrClean
      FolderDelete C:\Program Files\Archivos comunes\Error Safe
      FolderDelete C:\Program Files\Archivos comunes\erroguard
      FolderDelete C:\Program Files\Archivos comunes\errorguard
      FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
      FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
      FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
      FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
      FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
      FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
      FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
      FolderDelete C:\Program Files\Archivos comunes\WinSoftware
      FolderDelete C:\Program Files\Archivos comunes\winspywareprotect
      FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\Common Files\ErrClean
      FolderDelete C:\Program Files\Common Files\erroguard
      FolderDelete C:\Program Files\Common Files\errorguard
      FolderDelete C:\Program Files\Common Files\ErrorSafe
      FolderDelete C:\Program Files\Common Files\SysProtect
      FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
      FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
      FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
      FolderDelete C:\Program Files\Common Files\WinFixer 2005
      FolderDelete C:\Program Files\Common Files\WinSoftware
      FolderDelete C:\Program Files\Common Files\winspywareprotect
      FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
      FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\Fichiers communs\DriveCleaner Free
      FolderDelete C:\Program Files\Fichiers communs\ErrClean
      FolderDelete C:\Program Files\Fichiers communs\Error Safe
      FolderDelete C:\Prog
      0
  4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    et ba y en avais des truc je regarde ça et te donne la suite.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hope rien de grave..
      Thanksss
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Ensuite fait ceci :

    Telecharge malwarebytes

    NB : S'il te manque COMCTL32.OCX alors télécharge le ici

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log

    Tutoriaux

    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Voila, je viens de terminer le scan, ca a pris du temps mais bon j espere que c est OK now.
      Merci pour ton aide

      Que me conseille tu de faire avec ces infections??


      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1725
      Windows 5.1.2600 Service Pack 3

      04/02/2009 21:37:20
      Report 04022009

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 116042
      Temps écoulé: 2 hour(s), 9 minute(s), 0 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpfsched (Trojan.FakeAlert.H) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\hpfsched.exe (Trojan.FakeAlert.H) -> No action taken.
      C:\Documents and Settings\utilisateur\Bureau\GenProc\GenProc\outil\curl.exe (Trojan.Agent) -> No action taken.
      0
  7. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Maintenant affiher rapport puis supprimer le tout et vider la quarantaine.

    Ensuite :

    faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

    Puis :

    Télécharge Superantispyware (SAS) en cliquant sur ce lien :

    Choisis "enregistrer" et enregistre-le sur ton bureau.

    Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

    Créé une icône sur le bureau.

    Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

    - Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    - Sous Configuration and Preferences, clique sur le bouton "Preferences"
    - Clique sur l'onglet "Scanning Control "
    - Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

    Close browsers before scanning
    Scan for tracking cookies
    Terminate memory threats before quarantining
    - Laisse les autres lignes décochées.

    - Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

    - Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

    Dans la colonne de gauche, coche C:\Fixed Drive.

    Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

    Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

    A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

    Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

    Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

    Pour recopier les informations sur le forum, fais ceci :

    - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
    - Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

    - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

    - Copie son contenu dans ta réponse.

    Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Merci pour ta reponse rapide, j attaquerai cela demain.

      Bonne soiree a vous
      0
    2. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hiya,

      Voici donc le raport.
      Merci de ton aide.Y a t il encore des bebetes??



      SUPERAntiSpyware Scan Log
      https://www.superantispyware.com/

      Generated 02/05/2009 at 00:25 AM

      Application Version : 4.25.1012

      Core Rules Database Version : 3743
      Trace Rules Database Version: 1711

      Scan type : Complete Scan
      Total Scan Time : 02:01:07

      Memory items scanned : 531
      Memory threats detected : 0
      Registry items scanned : 5505
      Registry threats detected : 20
      File items scanned : 59166
      File threats detected : 0

      Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
      0
  8. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Regarde bien le tuto SAS c'est très bien expliquer su comment supprimer tout ce qu'il à trouvé ensuite un nouvel hijackthsi. Merci.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Il y avait un trojan Winantispyware/Winantivirus 2006 2007, je l ai mis en quarantaine,

      Voici le new rapport Hijackthis, merci pour ton aide...


      Logfile of HijackThis v1.99.1
      Scan saved at 22:21:11, on 08/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Microsoft Office\Office\WINWORD.EXE
      C:\Program Files\Microsoft Works\WkDStore.exe
      C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Crawler Search - tbr:iemenu
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  9. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ta version d'hijackthis n'est plus bonne télécharge la version 2 Télécharge le fichier d'installation d'HijackThis.

    Puis refait un scan. Merci.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi, voila voila


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:39:18, on 08/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Crawler Search - tbr:iemenu
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  10. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Téléchargez SmitfraudFix et enregistrez-le sur le bureau
    * Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
    * Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
    * A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.

    Regarde bien le tuto qui est avec

    /!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.

    En mode sans echec la suppression des fichiers présents.

    process.exe
    est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    http://www.beyondlogic.org/consulting/processutil/processutil.htm
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Voila voila


      SmitFraudFix v2.394

      Rapport fait à 22:55:11,98, 08/02/2009
      Executé à partir de C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Real\RealPlayer\RecordingManager.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      Fichier hosts corrompu !

      127.0.0.1 www.legal-at-spybot.info
      127.0.0.1 legal-at-spybot.info
      127.0.0.1 www.spywareinfo.com
      127.0.0.1 spywareinfo.com

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\Userinit.exe"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: PRISM 802.11g Adapter (3886) - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 212.76.224.172
      DNS Server Search Order: 82.216.111.122
      DNS Server Search Order: 82.216.111.121
      DNS Server Search Order: 82.216.111.123

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
      0
  11. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharge HostsXpert sur ton Bureau :
    http://www.funkytoad.com/download/HostsXpert.zip

    ---> Décompresse-le (Clic droit >> Extraire ici)

    ---> Double-clique sur HostsXpert pour le lancer

    ---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

    PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

    Ensuite :

    Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    Relance SmitfraudFix Puis choisi l'option 2 suppression.

    Et ensuite l'option 5.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Voila le rapport


      SmitFraudFix v2.394

      Rapport fait à 0:29:23,76, 09/02/2009
      Executé à partir de C:\Documents and Settings\utilisateur\Bureau\PC Security\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

      Description: PRISM 802.11g Adapter (3886) - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 212.76.224.172
      DNS Server Search Order: 82.216.111.122
      DNS Server Search Order: 82.216.111.121
      DNS Server Search Order: 82.216.111.123

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123

      »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

      Description: PRISM 802.11g Adapter (3886) - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 212.76.224.172
      DNS Server Search Order: 82.216.111.122
      DNS Server Search Order: 82.216.111.121
      DNS Server Search Order: 82.216.111.123

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      0
  12. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    et le rapport après suppression mode 2.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi, voila


      SmitFraudFix v2.394

      Rapport fait à 0:07:58,42, 09/02/2009
      Executé à partir de C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  13. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonsoir,

    Je vais aller me coucher donc je te donne la suite, tu me fait un nouvel hijackthis. Merci.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Bien dormie?

      Voila le rapport comme demande, merci pour ton aide et ton suivi


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 09:13:51, on 09/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Crawler Search - tbr:iemenu
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  14. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    ( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.

    * double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
    * Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
    * Choisis l'option 1 ( "recherche") et tapes "entrée" .
    * Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
    de son contenu dans ta prochaine réponse ...
    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi ,

      Voila le rapport



      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Mobile AMD Athlon(tm) 64 Processor 3200+ )
      BIOS : BIOS Date: 02/01/05 09:42:07 Ver: 08.00.11
      USER : utilisateur ( Administrator )
      BOOT : Normal boot
      Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
      Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
      C:\ (Local Disk) - NTFS - Total:74 Go (Free:24 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 09/02/2009|16:05 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr/"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
      "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
      "Search Bar"="http://www.bing.com/spresults.aspx"
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Url"="http://www.microsoft.com/athome/community/rss.xml"
      "Url"="http://www.microsoft.com/atwork/community/rss.xml"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="https://www.google.com/?gws_rd=ssl"
      "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
      "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
      "Search Bar"="http://www.bing.com/spresults.aspx"


      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      C:\DOCUME~1\UTILIS~1\Mes documents\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Keygen-CloneDVD.exe
      C:\DOCUME~1\UTILIS~1\Mes documents\Ma musique\ABBA\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).wma



      1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:06 - Option : [1]

      -----------\\ Fin du rapport a 16:06:34,96
      0
  15. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Ceci à effacer de suite source de virus :

    C:\DOCUME~1\UTILIS~1\Mes documents\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Keygen-CloneDVD.exe
    C:\DOCUME~1\UTILIS~1\Mes documents\Ma musique\ABBA\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).wma

    Ensuite :

    Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    Relances Toolbar-S&D en double-cliquant sur le raccourci.
    -->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

    Note : ne touches à rien lors de la suppression !

    Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
    accompagné d'un nouveau rapport hijackthis pour analyse ...

    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Voila les 2 rapports.


      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Mobile AMD Athlon(tm) 64 Processor 3200+ )
      BIOS : BIOS Date: 02/01/05 09:42:07 Ver: 08.00.11
      USER : utilisateur ( Administrator )
      BOOT : Fail-safe boot
      Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
      Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
      C:\ (Local Disk) - NTFS - Total:74 Go (Free:24 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [2] ( 09/02/2009|16:26 )

      -----------\\ SUPPRESSION

      Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr/"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
      "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
      "Search Bar"="http://www.bing.com/spresults.aspx"
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Url"="http://www.microsoft.com/athome/community/rss.xml"
      "Url"="http://www.microsoft.com/atwork/community/rss.xml"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr/"
      "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
      "CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
      "Search Bar"="http://www.bing.com/spresults.aspx"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:06 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 09/02/2009|16:27 - Option : [2]

      -----------\\ Fin du rapport a 16:27:47,43









      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:28:47, on 09/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Safe mode

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  16. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Ensuite :

    * Téléchargez et enregistrez Navilog1 sur le bureau.
    * Sous XP : double-cliquez dessus pour l'installer et le lancer.
    * Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
    * Quand il sera installé, appuyez sur F pour Français.
    * Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
    * Tapez 1 pour exécuter une recherche.
    * Laissez le programme travailler, il pourrait durer une dizaine de minutes.
    * Un rapport va être généré dans le bloc note à la fin de l'analyse
    * Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
    * Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :

    http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
  17. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    y a rien sur le navilog.

    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Voila voila


      ------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

      Updated by C_XX on 07/02/2009 at 14:30

      Start at: 19:42:34 | Lun 09/02/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
      Boot mode: Normal
      Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
      Pc: UTILISAT-CB53FB | User: utilisateur ( Current user is an administrator)
      Drive(s):
      - C:\ (File System: NTFS)
      System Drive: C:\
      Windows Directory: C:\WINDOWS\
      System Directory: C:\WINDOWS\System32\

      --- Running Processes: 54

      +--------------------| Boonty/Boonty Games Elements Found:

      .
      .

      +--------------------| Eorezo Elements Found:

      .

      +--------------------| Infected Poker Softwares Elements Found:

      .

      +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

      .
      .

      +--------------------| It's TV Elements Found:

      .

      +--------------------| Sweetim Elements Found:

      .

      +--------------------| Added Scan:

      ---- Mozilla FireFox Version 3.0.5 ----

      ProfilePath: n50g6e4k.default
      .
      Prefs.js: Browser.Search.DefaultEngineName: "Crawler Search"
      Prefs.js: Browser.Search.SelectedEngine: "Crawler Search"
      .
      .
      .
      .
      .

      ---- Internet Explorer Version 7.0.5730.11 ----

      +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://go.microsoft.com/fwlink/?linkid=677

      +-[HKEY_USERS\S-1-5-21-1993962763-1326574676-725345543-1003\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://go.microsoft.com/fwlink/?linkid=677

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://www.msn.com/

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: hxxp://ieframe.dll/tabswelcome.htm

      +---------------------------------------------------------------------------+

      [~2854 Bytes] - "C:\Ad-Report-Scan-09.02.2009.log"
      -

      End at: 19:44:43 | 09/02/2009
      .
      +--------------------| E.O.F - 62 Lines
      .
      0
  18. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ! Déconnectes toi et fermes toutes applications en cours !

    Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    * Relances "Ad-remover" : au menu principal choisi l'option "B" .

    --> le programme va travailler ...

    * Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

    ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      ------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

      Updated by C_XX on 07/02/2009 at 14:30

      *** LIMITED TO ***

      Boonty/BoontyGames
      Eorezo
      Infected Poker Softwares
      FunWebProduct/MyWay/MyWebSearch
      It's TV
      Sweetim

      ******************

      Start at: 20:10:14 | Lun 09/02/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
      Boot mode: MSE
      Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
      Pc: UTILISAT-CB53FB | User: utilisateur ( Current user is an administrator)
      Drive(s):
      - C:\ (File System: NTFS)
      System Drive: C:\
      Windows Directory: C:\WINDOWS\
      System Directory: C:\WINDOWS\System32\

      --- Running Processes: 15

      (!) ---- IE start pages/Tabs reset

      +--------------------| Boonty/Boonty Games Elements Deleted :

      .
      .

      +--------------------| Eorezo Elements Deleted :

      .

      +--------------------| Infected Poker Softwares Elements Deleted :

      .

      +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

      .
      .

      +--------------------| It's TV Elements Deleted :

      .

      +--------------------| Sweetim Elements Deleted :

      .

      (!) ---- Temp files deleted.
      (!) ---- Recycle bin emptied in all drives.


      +--------------------| Added Scan :

      ---- Mozilla FireFox Version 3.0.5 ----

      ProfilePath: n50g6e4k.default
      .
      Prefs.js: Browser.Search.DefaultEngineName: "Crawler Search"
      Prefs.js: Browser.Search.SelectedEngine: "Crawler Search"
      .
      .
      .
      .
      .

      ---- Internet Explorer Version 7.0.5730.11 ----

      +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      +-[HKEY_USERS\S-1-5-21-1993962763-1326574676-725345543-1003\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://fr.msn.com/

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: hxxp://ieframe.dll/tabswelcome.htm

      +---------------------------------------------------------------------------+

      [~3206 Bytes] - "C:\Ad-Report-Clean-09.02.2009.log"
      [~2989 Bytes] - "C:\Ad-Report-Scan-09.02.2009.log"
      -

      End at: 20:13:50 | 09/02/2009
      .
      +--------------------| E.O.F - 73 Lines
      .
      0
  19. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    reposte moi un hijackthis.
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:29:53, on 09/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  20. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    * Télécharger ComboFix (par sUBs) sur le Bureau.
    * Double-cliquer combofix.exe.
    * Il est vivement recommandé d'installer la Console de récupération !
    * Appuyer sur la touche Y (Yes) pour démarrer le scan.
    * Le rapport sera crée dans: C:\Combofix.txt.
    * Refaire un rapport HijackThis, et fixer les lignes correspondantes comme indiqué plus haut.

    Le tutoriel officiel

    Sous Vista :

    * Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
    * Aller dans démarrer puis panneau de configuration.
    * Double-cliquer sur l'icône Comptes d'utilisateurs.
    * Cliquer ensuite sur désactiver et valider.
    * Faire un clic-droit sur ComboFix présent sur le Bureau et choisir Exécuter en tant qu'administrateur.
    * Double-cliquer sur combofix.exe.
    * Appuyer sur la touche Y (Yes) pour démarrer le scan.
    * Le rapport sera crée dans: C:\Combofix.txt
    o En cas de difficulté à dépouiller les résultats du rapport seul, il est conseillé de le poster en forum afin qu'une personne avertie vous guide dans l'utilisation et l'analyse des rapports. La "puissance" et la difficulté à analyser les résultats des rapports en font un fix à utiliser avec précaution.

    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Hi,

      Voila, il y a 2 rapport combo car premiere manip j avais desactive les anti virus et autre mais la connectioni internet, puis j ai refais combo une deuxieme fois.

      J ai mis apres le rapport hijackthis, merci encore pour toute ton aide

      ComboFix 09-02-08.02 - utilisateur 2009-02-09 22:59:29.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.479.196 [GMT 1:00]
      Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
      AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
      AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
      FW: ZoneAlarm Firewall *disabled*
      * Un nouveau point de restauration a été créé

      AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\404Fix.exe
      c:\windows\system32\Agent.OMZ.Fix.exe
      c:\windows\system32\dumphive.exe
      c:\windows\system32\IEDFix.C.exe
      c:\windows\system32\IEDFix.exe
      c:\windows\system32\o4Patch.exe
      c:\windows\system32\QTWMCI32.DLL
      c:\windows\system32\SrchSTS.exe
      c:\windows\system32\tmp.reg
      c:\windows\system32\VACFix.exe
      c:\windows\system32\VCCLSID.exe
      c:\windows\system32\WS2Fix.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_FOPN
      -------\Legacy_NPF


      ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
      .

      2009-02-09 19:41 . 2009-02-09 20:08 <REP> d-------- c:\program files\Ad-remover
      2009-02-09 17:12 . 2009-02-09 17:18 <REP> d-------- c:\program files\Navilog1
      2009-02-09 16:04 . 2009-02-09 16:27 <REP> d-------- C:\ToolBar SD
      2009-02-08 22:38 . 2009-02-08 22:38 <REP> d-------- c:\program files\Trend Micro
      2009-02-05 22:53 . 2005-03-15 17:04 161,792 --------- c:\windows\system32\drivers\ov530vid.sys
      2009-02-05 22:53 . 2004-08-05 17:34 61,440 --------- c:\windows\ov530dib.dll
      2009-02-05 22:53 . 2005-09-30 09:42 40,960 --------- c:\windows\system32\ov530ext.dll
      2009-02-05 22:53 . 2004-11-09 00:37 25,177 --------- c:\windows\system32\drivers\ov530cmd.sys
      2009-02-05 22:53 . 2005-09-30 09:56 18,972 --------- c:\windows\system32\ov530ext.ax
      2009-02-05 22:53 . 2004-07-20 01:50 16,440 --------- c:\windows\system32\ov530usd.dll
      2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\program files\SUPERAntiSpyware
      2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\utilisateur\Application Data\SUPERAntiSpyware.com
      2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
      2009-02-04 19:17 . 2009-02-04 21:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Malwarebytes
      2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-02-04 19:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2009-02-04 19:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2009-02-04 14:29 . 2009-02-04 14:29 <REP> d-------- c:\program files\CCleaner
      2009-02-04 12:18 . 2009-02-04 12:18 <REP> d-------- c:\program files\Spybot - Search & Destroy
      2009-02-04 11:25 . 2009-02-04 11:51 <REP> d-------- c:\windows\SxsCaPendDel
      2009-02-03 20:54 . 2009-02-03 20:54 <REP> d-------- c:\program files\Fichiers communs\xing shared
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-02-09 22:16 11,827,232 --sha-w c:\windows\system32\drivers\fidbox.dat
      2009-02-09 22:05 140,552 --sha-w c:\windows\system32\drivers\fidbox.idx
      2009-02-09 21:30 --------- d-----w c:\documents and settings\utilisateur\Application Data\Skype
      2009-02-09 18:19 --------- d-----w c:\documents and settings\utilisateur\Application Data\skypePM
      2009-02-09 11:56 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
      2009-02-08 21:09 29,116 ----a-w c:\documents and settings\utilisateur\Application Data\wklnhst.dat
      2009-02-08 15:01 --------- d-----w c:\documents and settings\utilisateur\Application Data\Spyware Terminator
      2009-02-04 21:15 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
      2009-02-04 14:21 --------- d-----w c:\program files\ewido anti-malware
      2009-02-04 14:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-02-04 13:23 --------- d-----w c:\program files\a-squared Free
      2009-02-04 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
      2009-02-04 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
      2009-02-04 10:24 --------- d-----w c:\program files\Java
      2009-02-04 10:20 --------- d-----w c:\program files\eMule
      2009-02-03 19:53 --------- d-----w c:\program files\Fichiers communs\Real
      2008-12-31 15:41 --------- d-----w c:\program files\DJ Mix Lite
      2008-12-16 20:24 --------- d-----w c:\documents and settings\utilisateur\Application Data\VoipRaider
      2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
      2008-06-03 18:15 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
      2008-04-27 13:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
      2008-02-10 20:21 0 -c--a-w c:\documents and settings\Invité\Application Data\wklnhst.dat
      2006-02-25 14:16 212,843 -c--a-w c:\program files\hijackthis_199.zip
      2006-01-03 21:06 57,664 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
      "VoipRaider"="c:\program files\VoipRaider.com\VoipRaider\VoipRaider.exe" [2008-12-08 9016112]
      "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
      "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-09-02 249856]
      "FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2005-12-01 360448]
      "Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
      "CMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-05-07 40960]
      "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-20 1817600]
      "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
      "SiSPower"="SiSPower.dll" [2004-09-02 c:\windows\system32\SiSPower.dll]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      BlueSoleil.lnk - c:\program files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
      NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-05-01 118784]
      Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-11-18 331776]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.MJPG"= jl_mjpg2.drv

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
      "c:\\Program Files\\Browser MOUSE\\mouse32a.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
      "c:\\Program Files\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\MSN Messenger\\livecall.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
      R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-09 141312]
      R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2005-11-18 191092]
      R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2005-11-18 6100]
      R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
      S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-09-25 52800]
      S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2005-05-09 71336]
      S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [2009-02-05 161792]
      S3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\drivers\PRISMA00.sys [2005-11-18 393280]
      S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2005-11-24 17616]
      S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2005-11-24 69680]
      .
      Contenu du dossier 'Tâches planifiées'

      2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

      2009-02-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKCU-Run-<NO NAME> - (no file)
      HKLM-Run-NWEReboot - (no file)


      .
      ------- Examen supplémentaire -------
      .
      mWindow Title =
      IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Crawler Search
      FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\
      FF - prefs.js: browser.search.selectedEngine - Crawler Search
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
      FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60327&qkw=
      FF - prefs.js: network.proxy.type - 4
      FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
      FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-02-09 23:10:25
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(544)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared Free\a2service.exe
      c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
      c:\program files\Sitecom\IVT BlueSoleil\BTNtService.exe
      c:\program files\ewido anti-malware\ewidoctrl.exe
      c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Spyware Terminator\sp_rsser.exe
      c:\windows\system32\PAStiSvc.exe
      c:\windows\system32\rundll32.exe
      c:\windows\system32\wbem\wmiapsrv.exe
      c:\program files\Skype\Plugin Manager\skypePM.exe
      .
      **************************************************************************
      .
      Heure de fin: 2009-02-09 23:21:43 - La machine a redémarré
      ComboFix-quarantined-files.txt 2009-02-09 22:21:37

      Avant-CF: 26 632 593 408 octets libres
      Après-CF: 26,538,663,936 octets libres

      219 --- E O F --- 2009-02-04 09:45:23


      2ieme rapport Combo

      ComboFix 09-02-08.02 - utilisateur 2009-02-09 23:30:52.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.479.148 [GMT 1:00]
      Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
      AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
      AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
      FW: ZoneAlarm Firewall *disabled*
      .

      ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
      .

      2009-02-09 19:41 . 2009-02-09 20:08 <REP> d-------- c:\program files\Ad-remover
      2009-02-09 17:12 . 2009-02-09 17:18 <REP> d-------- c:\program files\Navilog1
      2009-02-09 16:04 . 2009-02-09 16:27 <REP> d-------- C:\ToolBar SD
      2009-02-08 22:38 . 2009-02-08 22:38 <REP> d-------- c:\program files\Trend Micro
      2009-02-05 22:53 . 2005-03-15 17:04 161,792 --------- c:\windows\system32\drivers\ov530vid.sys
      2009-02-05 22:53 . 2004-08-05 17:34 61,440 --------- c:\windows\ov530dib.dll
      2009-02-05 22:53 . 2005-09-30 09:42 40,960 --------- c:\windows\system32\ov530ext.dll
      2009-02-05 22:53 . 2004-11-09 00:37 25,177 --------- c:\windows\system32\drivers\ov530cmd.sys
      2009-02-05 22:53 . 2005-09-30 09:56 18,972 --------- c:\windows\system32\ov530ext.ax
      2009-02-05 22:53 . 2004-07-20 01:50 16,440 --------- c:\windows\system32\ov530usd.dll
      2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\program files\SUPERAntiSpyware
      2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\utilisateur\Application Data\SUPERAntiSpyware.com
      2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
      2009-02-04 19:17 . 2009-02-04 21:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
      2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Malwarebytes
      2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
      2009-02-04 19:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
      2009-02-04 19:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
      2009-02-04 14:29 . 2009-02-04 14:29 <REP> d-------- c:\program files\CCleaner
      2009-02-04 12:18 . 2009-02-04 12:18 <REP> d-------- c:\program files\Spybot - Search & Destroy
      2009-02-04 11:25 . 2009-02-04 11:51 <REP> d-------- c:\windows\SxsCaPendDel
      2009-02-03 20:54 . 2009-02-03 20:54 <REP> d-------- c:\program files\Fichiers communs\xing shared
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
      2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-02-09 22:34 11,896,864 --sha-w c:\windows\system32\drivers\fidbox.dat
      2009-02-09 22:33 --------- d-----w c:\documents and settings\utilisateur\Application Data\Skype
      2009-02-09 22:05 140,552 --sha-w c:\windows\system32\drivers\fidbox.idx
      2009-02-09 18:19 --------- d-----w c:\documents and settings\utilisateur\Application Data\skypePM
      2009-02-09 11:56 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
      2009-02-08 21:09 29,116 ----a-w c:\documents and settings\utilisateur\Application Data\wklnhst.dat
      2009-02-08 15:01 --------- d-----w c:\documents and settings\utilisateur\Application Data\Spyware Terminator
      2009-02-04 21:15 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
      2009-02-04 14:21 --------- d-----w c:\program files\ewido anti-malware
      2009-02-04 14:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2009-02-04 14:11 649,216 ----a-w c:\windows\Internet Logs\xDB1.tmp
      2009-02-04 14:11 2,110,464 ----a-w c:\windows\Internet Logs\xDB2.tmp
      2009-02-04 13:23 --------- d-----w c:\program files\a-squared Free
      2009-02-04 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
      2009-02-04 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
      2009-02-04 10:24 --------- d-----w c:\program files\Java
      2009-02-04 10:20 --------- d-----w c:\program files\eMule
      2009-02-03 19:53 --------- d-----w c:\program files\Fichiers communs\Real
      2009-01-28 21:22 7,504,697 -c--a-w c:\windows\Internet Logs\tvDebug.zip
      2008-12-31 15:41 --------- d-----w c:\program files\DJ Mix Lite
      2008-12-22 17:44 410,984 ----a-w c:\windows\system32\deploytk.dll
      2008-12-16 20:24 --------- d-----w c:\documents and settings\utilisateur\Application Data\VoipRaider
      2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
      2008-06-03 18:15 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
      2008-04-27 13:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
      2008-02-10 20:21 0 -c--a-w c:\documents and settings\Invité\Application Data\wklnhst.dat
      2006-02-25 14:16 212,843 -c--a-w c:\program files\hijackthis_199.zip
      2006-01-03 21:06 57,664 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
      "VoipRaider"="c:\program files\VoipRaider.com\VoipRaider\VoipRaider.exe" [2008-12-08 9016112]
      "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
      "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
      "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-09-02 249856]
      "FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2005-12-01 360448]
      "Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
      "CMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-05-07 40960]
      "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-20 1817600]
      "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
      "SiSPower"="SiSPower.dll" [2004-09-02 c:\windows\system32\SiSPower.dll]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      BlueSoleil.lnk - c:\program files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
      NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-05-01 118784]
      Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-11-18 331776]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.MJPG"= jl_mjpg2.drv

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
      "c:\\Program Files\\Browser MOUSE\\mouse32a.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
      "c:\\Program Files\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\MSN Messenger\\livecall.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
      R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-09 141312]
      R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2005-11-18 191092]
      R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2005-11-18 6100]
      R3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\drivers\PRISMA00.sys [2005-11-18 393280]
      R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
      S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-09-25 52800]
      S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2005-05-09 71336]
      S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [2009-02-05 161792]
      S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2005-11-24 17616]
      S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2005-11-24 69680]
      .
      Contenu du dossier 'Tâches planifiées'

      2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

      2009-02-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
      .
      .
      ------- Examen supplémentaire -------
      .
      mWindow Title =
      IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: Crawler Search
      FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\
      FF - prefs.js: browser.search.selectedEngine - Crawler Search
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
      FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60327&qkw=
      FF - prefs.js: network.proxy.type - 4
      FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
      FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-02-09 23:33:42
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(544)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      .
      Heure de fin: 2009-02-09 23:37:51
      ComboFix-quarantined-files.txt 2009-02-09 22:37:39
      ComboFix2.txt 2009-02-09 22:21:47

      Avant-CF: 26 525 126 656 octets libres
      Après-CF: 26,511,069,184 octets libres

      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=AlwaysOff /fastdetect

      190 --- E O F --- 2009-02-04 09:45:23


      Hijackthis

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:39:36, on 09/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      c:\program files\a-squared free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      C:\Program Files\ewido anti-malware\ewidoctrl.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\System32\PAStiSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\keyhook.exe
      C:\Program Files\Browser MOUSE\mouse32a.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
      C:\WINDOWS\system32\sistray.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
      O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  21. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

    Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
    Puis copies ce qui se trouve en citation ci-dessous,

    :Processes
    explorer.exe

    :Files
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\QTWMCI32.DLL
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

    et colles le dans le cadre de gauche de OTMoveIt3 :
    Paste Instructions for items to be moved.
    (ne touche à rien d'autre !)

    -> cliques sur MoveIt! pour lancer la suppression.
    -> laisses travailler l'outil ...

    ( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

    -> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

    Ton PC va redémarrer de lui même ...

    -->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
    ( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).
    0
    1. El lobo Messages postés 61 Date d'inscription   Statut Membre
       
      Bonjour,

      voila le rapport OT move.merci pour ton aide

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File/Folder c:\windows\system32\404Fix.exe not found.
      File/Folder c:\windows\system32\Agent.OMZ.Fix.exe not found.
      File/Folder c:\windows\system32\dumphive.exe not found.
      File/Folder c:\windows\system32\IEDFix.C.exe not found.
      File/Folder c:\windows\system32\IEDFix.exe not found.
      File/Folder c:\windows\system32\o4Patch.exe not found.
      File/Folder c:\windows\system32\QTWMCI32.DLL not found.
      File/Folder c:\windows\system32\SrchSTS.exe not found.
      File/Folder c:\windows\system32\tmp.reg not found.
      File/Folder c:\windows\system32\VACFix.exe not found.
      File/Folder c:\windows\system32\VCCLSID.exe not found.
      File/Folder c:\windows\system32\WS2Fix.exe not found.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\etilqs_P8guxGvoJdrw8EcT8IpT scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Perflib_Perfdata_10c.dat scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Perflib_Perfdata_494.dat scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\~DF328F.tmp scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\~DFD66C.tmp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3b0.dat scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\ZLT04597.TMP scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\ZLT0459b.TMP scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02102009_144921
      0
  • 1
  • 2