Analyse d un Hijackthis [Résolu]

Réponse 1 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

fait quand même ceci :

Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un. Merci.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

El lobo Messages postés 60 Statut Membre

Hi,

Merci de votre message,

voila le rapport Genproc, merci de votre aide

Rapport GenProc 2.351 [1] - 04/02/2009 - Windows XP

Il est impératif de désactiver le résident TeaTimer de Spybot pendant l'ensemble des manipulations qui vont suivre. Aide Tea-Timer : http://ww11.genproc.com/spybot/spybot.html

Il est impératif de désactiver la protection résidente SpywareTerminator pendant l'ensemble des manipulations qui vont suivre. Aide SpywareTerminator : http://ww11.genproc.com/spyware-terminator/spyware_terminator.html

Il est impératif de désactiver le résident de A-Squared pendant l'ensemble des manipulations qui vont suivre. Aide A-Squared : http://ww11.genproc.com/a-squared/a-squared.html

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Brute Force Uninstaller http://merijn.geekstogo.com/files/bfu.zip (Merijn) et décompresse-le sur ton bureau.
Fais un clic droit de souris sur ce lien : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
et choisis "Enregistrer la cible (du lien) sous" afin de télécharger le script WinSoftware.bfu,
que tu placeras à côté de l'icône en forme de boule noire dentée bfu.exe.

Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** utilisateur ***

# Etape 2/

Double-clique sur le fichier BFU.exe en forme de boule noire dentée, sur ton bureau. Clique sur le petit dossier jaune,
à la droite de la boîte "Scriptfile to execute", et double-clique sur le fichier Winsoftware.bfu qui devrait apparaître.
- Dans la boîte "Script to execute", tu devrais maintenant voir le chemin complet du fichier Winsoftware.bfu.
- clique sur "Execute" et laisse-le faire son travail. La réussite de l'opération sera obligatoirement sanctionnée
par un message final "Complete script execution", si ce n'est pas le cas, il faudra le signaler.
- Clique sur OK, puis exit pour fermer le programme BFU.
- Recommence encore une fois.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

____________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

Réponse 2 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

tu peux déjà faire ceci. et me poster les rapports.

El lobo Messages postés 60 Statut Membre

Hi,

voila c fais, voici le new rapport d Hijackthis. C OK? y a des ptires bebettes?
Merci pour ton aide

Logfile of HijackThis v1.99.1
Scan saved at 15:32:00, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 3 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

ya pas de rapport brute force.

El lobo Messages postés 60 Statut Membre

Voila le rapport Brute force, merci encore pour ton suivis

BFU v1.12.0
Windows XP SP3 (WinNT 5.01.2600 SP3)
Script started at 15:23:05, on 04/02/2009

Option Unload Explorer: Yes
Success: ProcessKillByPID 1676
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu
# lazzzy 20/09/2006
# Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect / Adsl Software Limited

OptionUnloadShell

# 1 - Processus

ProcessKill \AdwareProtector.exe|1
ProcessKill \ErrorGuard.exe|1
ProcessKill \ERScw.exe|1
ProcessKill \Malwarrior.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
ProcessKill \sd2006.exe|1
ProcessKill \SDR6cw.exe|1
ProcessKill \SDRmon.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
ProcessKill uwasffNT.exe|1
ProcessKill \was6.exe|1
ProcessKill \WinAV.exe|1
ProcessKill \WinPG2005.exe|1
ProcessKill \WinSpywareProtect.exe|1

# 2 - Services

ServiceStop FWSvc
ServiceDisable FWSvc
ServiceDelete FWSvc

# 3 - Registre

RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MalWarrior
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSpywareProtect (ver. 5.1)

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPDefender
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPFixer
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_0001_N122M2802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_5555_N122M0312
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N122M1202
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N122M1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N129M2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGESV_0001_N122M0303
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|strpmon
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\system32\drivers\uwasfsd.sys

RegDeleteKey HKCR\antiviruscom.avofficeprotect
RegDeleteKey HKCR\antiviruscom.avofficeprotect.1
RegDeleteKey HKCR\avexplorer.shellextension
RegDeleteKey HKCR\avexplorer.shellextension.2
RegDeleteKey HKCR\avexplorer.shellextension\curver
RegDeleteKey HKCR\checkprod.checkproduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
RegDeleteKey HKCR\ComCleanCor.AppCleane
RegDeleteKey HKCR\ComCleanCor.AppCleane.1
RegDeleteKey HKCR\ComCleanCor.CQuickScan
RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
RegDeleteKey HKCR\ComCleanCor.FileCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane.1
RegDeleteKey HKCR\ComCleanCor.RegCleane
RegDeleteKey HKCR\ComCleanCor.RegCleane.1
RegDeleteKey HKCR\ComCleanCor.SystemCleane
RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
RegDeleteKey HKCR\ComCleanCore.FileClean.1
RegDeleteKey HKCR\CompCleanCore.AppCleaner
RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
RegDeleteKey HKCR\CompCleanCore.CCQuickScan
RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
RegDeleteKey HKCR\CompCleanCore.FileCleaner
RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
RegDeleteKey HKCR\CompCleanCore.InetCleaner
RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
RegDeleteKey HKCR\CompCleanCore.RegCleaner
RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
RegDeleteKey HKCR\CompCleanCore.SystemCleaner
RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
RegDeleteKey HKCR\df_fixer.Fixer
RegDeleteKey HKCR\df_fixer.Fixer.1
RegDeleteKey HKCR\df_proxy.DriverManipulate
RegDeleteKey HKCR\df_proxy.DriverManipulate.1
RegDeleteKey HKCR\df_fix.Fix
RegDeleteKey HKCR\df_fix.Fix.1
RegDeleteKey HKCR\df_prx.DriverManipulat
RegDeleteKey HKCR\df_prx.DriverManipulat.1
RegDeleteKey HKCR\escompcleancore.esappcleaner
RegDeleteKey HKCR\escompcleancore.esappcleaner.1
RegDeleteKey HKCR\escompcleancore.esccquickscan
RegDeleteKey HKCR\escompcleancore.esccquickscan.1
RegDeleteKey HKCR\escompcleancore.esfilecleaner
RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
RegDeleteKey HKCR\escompcleancore.esinetcleaner
RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
RegDeleteKey HKCR\escompcleancore.esregcleaner
RegDeleteKey HKCR\escompcleancore.esregcleaner.1
RegDeleteKey HKCR\escompcleancore.essystemcleaner
RegDeleteKey HKCR\escompcleancore.essystemcleaner.1
RegDeleteKey HKCR\esdf_fixer.esfixer
RegDeleteKey HKCR\esdf_fixer.esfixer.1
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
RegDeleteKey HKCR\esffwraper.esffenginwraper
RegDeleteKey HKCR\esffwraper.esffenginwraper.1
RegDeleteKey HKCR\esfixcore.esmmfixcore
RegDeleteKey HKCR\esfixcore.esmmfixcore.1
RegDeleteKey HKCR\esmmfixctrl.escofixengine
RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
RegDeleteKey HKCR\esspchck.esspchck
RegDeleteKey HKCR\esspchck.esspchck.1
RegDeleteKey HKCR\esspcheck.esspcheck
RegDeleteKey HKCR\esspcheck.esspcheck.1
RegDeleteKey HKCR\FFCom.FlFixer
RegDeleteKey HKCR\FFWraper.FFEnginWraper
RegDeleteKey HKCR\FFWrap.FEnginWrape
RegDeleteKey HKCR\FFWrap.FEnginWrape.1
RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
RegDeleteKey HKCR\FFxr_21.FFixr21
RegDeleteKey HKCR\FixCor.MMFxCor
RegDeleteKey HKCR\FixCor.MMFxCor.1
RegDeleteKey HKCR\FixCore.MMFixCore
RegDeleteKey HKCR\FixCore.MMFixCore.1
RegDeleteKey HKCR\FlFxr3.FlFixer3
RegDeleteKey HKCR\flfxr5.flfixer5
RegDeleteKey HKCR\FlFxr15.FlFixer15
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
RegDeleteKey HKCR\FWraper.FFEnginWraper
RegDeleteKey HKCR\FWraper.FFEnginWraper.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e
RegDeleteKey HKCR\FxCore.MMFixCore
RegDeleteKey HKCR\FxCore.MMFixCore.1
RegDeleteKey HKCR\iefwbho.iefw
RegDeleteKey HKCR\iefwbho.iefw.2
RegDeleteKey HKCR\Install.Install
RegDeleteKey HKCR\Install.Install.1
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
RegDeleteKey HKCR\MMFx.CoFxEngin
RegDeleteKey HKCR\MMFx.CoFxEngin.1
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
RegDeleteKey HKCR\systemdoctor.free
RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
RegDeleteKey HKCR\UWFXCheck.UWFXCheck
RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
RegDeleteKey HKCR\wap6.pcheck
RegDeleteKey HKCR\wap6.pcheck.1
RegDeleteKey HKCR\winpgintegrator.ieintegrator
RegDeleteKey HKCR\winpgintegrator.ieintegrator.1

RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
RegDeleteKey HKCR\AppID\CheckProduct2.DLL
RegDeleteKey HKCR\AppID\compcln.dll
RegDeleteKey HKCR\AppID\compclr.dll
RegDeleteKey HKCR\AppID\FFWrapr.DLL
RegDeleteKey HKCR\AppID\FFWraper.DLL
RegDeleteKey HKCR\AppID\FixCore.DLL
RegDeleteKey HKCR\AppID\FxCr.DLL
RegDeleteKey HKCR\AppID\MFix.DLL
RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
RegDeleteKey HKCR\AppID\winpgi.dll appid

RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}
RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}

RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}
RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}

RegDeleteKey HKCU\Software\Adsl Software Limited
RegDeleteKey HKCU\Software\ErrorGuard
RegDeleteKey HKCU\Software\errorsafe
RegDeleteKey HKCU\Software\error safe free
RegDeleteKey HKCU\Software\sysprotect free
RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
RegDeleteKey HKCU\Software\WinFixer 2005
RegDeleteKey HKCU\Software\WinSoftware

RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered

RegDeleteKey HKLM\Software\AXPFixer
RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
RegDeleteKey HKLM\Software\ErrorSafe
RegDeleteKey HKLM\Software\Error Safe Free
RegDeleteKey HKLM\Software\sysprotect
RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKLM\Software\winantivirus pro 2006
RegDeleteKey HKLM\Software\WinSoftware

RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1
RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore
RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
RegDeleteKey HKLM\Software\Classes\UDCShell
RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk

RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD}
RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll

RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7}
RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}

RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E}
RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}

RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd

RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AXPFixer
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalWarrior 2007_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winspywareprotect_is1

RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys

RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd

RegDeleteKey HKUS\Software\DriveCleaner 2006 Free

# 4 - ActiveX

RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024

# 5 - Fichiers

DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
DllUnregister C:\Program Files\SysProtect\compclr.dll|1
DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
DllUnregister C:\Program Files\Fichiers communs\WinFixer 2005\uwappchk.dll|1
DllUnregister C:\WINDOWS\syst32.dll|1

FileDelete C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk
FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
FileDelete C:\Documents and Settings\utilisateur\Application Data\*drivecleaner*.exe
FileDelete C:\Documents and Settings\utilisateur\Application Data\*errorsafe*.exe
FileDelete C:\Documents and Settings\utilisateur\Application Data\*winantispyware*.exe
FileDelete C:\Documents and Settings\utilisateur\Application Data\*winantivirus*.exe
FileDelete C:\Documents and Settings\utilisateur\Application Data\install_fr*.exe
FileDelete C:\Documents and Settings\utilisateur\Application Data\installer_fr[1].exe
FileDelete C:\Documents and Settings\utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk
FileDelete C:\Documents and Settings\utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\utilisateur\Application Data\setup_fr[1].exe
FileDelete C:\Documents and Settings\utilisateur\Bureau\*drivecleaner*.exe
FileDelete C:\Documents and Settings\utilisateur\Bureau\DriveCleaner 2006 Free.lnk
FileDelete C:\Documents and Settings\utilisateur\Bureau\ErrorGuard.lnk
FileDelete C:\Documents and Settings\utilisateur\Bureau\ErrorSafe.lnk
FileDelete C:\Documents and Settings\utilisateur\Bureau\ErrorSafe*.exe
FileDelete C:\Documents and Settings\utilisateur\Bureau\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\utilisateur\Bureau\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\utilisateur\Bureau\WinFixer*.exe
FileDelete C:\Documents and Settings\utilisateur\Bureau\WinFixer*.lnk
FileDelete C:\Documents and Settings\utilisateur\Mes documents\*drivecleaner*.exe
FileDelete C:\Documents and Settings\utilisateur\Mes documents\*SystemDoctor*.exe
FileDelete C:\Documents and Settings\utilisateur\Mes documents\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\*drivecleaner*.exe
FileDelete C:\Program Files\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
FileDelete C:\WINDOWS\46241234110.exe
FileDelete C:\WINDOWS\service32.exe
FileDelete C:\WINDOWS\syst32.dll
FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Prefetch\AXPFIXER.EXE*.pf
FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
FileDelete C:\WINDOWS\system32\av.cpl
FileDelete C:\WINDOWS\system32\blackster.scr
FileDelete C:\WINDOWS\system32\df_kme.exe
FileDelete C:\WINDOWS\system32\stera.exe
FileDelete C:\WINDOWS\system32\stera.?o?
FileDelete C:\WINDOWS\system32\drivers\ApiMon.sys
FileDelete C:\WINDOWS\system32\drivers\df_kmd.sys
FileDelete C:\WINDOWS\system32\drivers\ersd.sys
FileDelete C:\WINDOWS\system32\drivers\erssdd.sys
FileDelete C:\WINDOWS\system32\drivers\fopn.sys
FileDelete C:\WINDOWS\system32\drivers\sscan.sys
FileDelete C:\WINDOWS\system32\drivers\uwasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\vspf_hk5.sys
FileDelete C:\WINDOWS\system32\drivers\vspf5.sys
FileDelete C:\WINDOWS\system32\drivers\wasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\WFF.sys
FileDelete C:\systemdoctor*.exe

# 6 - Repertoires

FolderDelete C:\Documents and Settings\utilisateur\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\utilisateur\Application Data\AXPDefender
FolderDelete C:\Documents and Settings\utilisateur\Application Data\AXPFixer
FolderDelete C:\Documents and Settings\utilisateur\Application Data\DriveCleaner Free
FolderDelete C:\Documents and Settings\utilisateur\Application Data\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\utilisateur\Application Data\systemdoctor 2006 free
FolderDelete C:\Documents and Settings\utilisateur\Application Data\VirusGarde
FolderDelete C:\Documents and Settings\utilisateur\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\utilisateur\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Application Data\libresystem
FolderDelete C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
FolderDelete C:\Program Files\AXPDefender
FolderDelete C:\Program Files\AXPFixer
FolderDelete C:\Program Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\erroguard
FolderDelete C:\Program Files\Error Safe
FolderDelete C:\Program Files\Error Safe Free
FolderDelete C:\Program Files\ErrorSafe
FolderDelete C:\Program Files\errorsafe free
FolderDelete C:\Program Files\MalWarrior*
FolderDelete C:\Program Files\SysProtect Free
FolderDelete C:\Program Files\SystemDoctor 2006
FolderDelete C:\Program Files\SystemDoctor 2006 Free
FolderDelete C:\Program Files\VirusGarde
FolderDelete C:\Program Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
FolderDelete C:\Program Files\WinAntiVirus 2005
FolderDelete C:\Program Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\WinFixer 2005
FolderDelete C:\Program Files\WinPopupGuard 2005
FolderDelete C:\Program Files\winspywareprotect
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
FolderDelete C:\Program Files\Archivos comunes\ErrClean
FolderDelete C:\Program Files\Archivos comunes\Error Safe
FolderDelete C:\Program Files\Archivos comunes\erroguard
FolderDelete C:\Program Files\Archivos comunes\errorguard
FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
FolderDelete C:\Program Files\Archivos comunes\WinSoftware
FolderDelete C:\Program Files\Archivos comunes\winspywareprotect
FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Common Files\ErrClean
FolderDelete C:\Program Files\Common Files\erroguard
FolderDelete C:\Program Files\Common Files\errorguard
FolderDelete C:\Program Files\Common Files\ErrorSafe
FolderDelete C:\Program Files\Common Files\SysProtect
FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Common Files\WinFixer 2005
FolderDelete C:\Program Files\Common Files\WinSoftware
FolderDelete C:\Program Files\Common Files\winspywareprotect
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner Free
FolderDelete C:\Program Files\Fichiers communs\ErrClean
FolderDelete C:\Program Files\Fichiers communs\Error Safe
FolderDelete C:\Prog

Réponse 4 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

et ba y en avais des truc je regarde ça et te donne la suite.

El lobo Messages postés 60 Statut Membre

Hope rien de grave..
Thanksss

Réponse 5 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Ensuite fait ceci :

Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

Tutoriaux

El lobo Messages postés 60 Statut Membre

Hi,

Voila, je viens de terminer le scan, ca a pris du temps mais bon j espere que c est OK now.
Merci pour ton aide

Que me conseille tu de faire avec ces infections??

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1725
Windows 5.1.2600 Service Pack 3

04/02/2009 21:37:20
Report 04022009

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 116042
Temps écoulé: 2 hour(s), 9 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hpfsched (Trojan.FakeAlert.H) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\hpfsched.exe (Trojan.FakeAlert.H) -> No action taken.
C:\Documents and Settings\utilisateur\Bureau\GenProc\GenProc\outil\curl.exe (Trojan.Agent) -> No action taken.

Réponse 6 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Maintenant affiher rapport puis supprimer le tout et vider la quarantaine.

Ensuite :

faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

Puis :

Télécharge Superantispyware (SAS) en cliquant sur ce lien :

Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.

Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

El lobo Messages postés 60 Statut Membre

Hi,

Merci pour ta reponse rapide, j attaquerai cela demain.

Bonne soiree a vous

El lobo Messages postés 60 Statut Membre

Hiya,

Voici donc le raport.
Merci de ton aide.Y a t il encore des bebetes??

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 02/05/2009 at 00:25 AM

Application Version : 4.25.1012

Core Rules Database Version : 3743
Trace Rules Database Version: 1711

Scan type : Complete Scan
Total Scan Time : 02:01:07

Memory items scanned : 531
Memory threats detected : 0
Registry items scanned : 5505
Registry threats detected : 20
File items scanned : 59166
File threats detected : 0

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities

Réponse 7 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Regarde bien le tuto SAS c'est très bien expliquer su comment supprimer tout ce qu'il à trouvé ensuite un nouvel hijackthsi. Merci.

El lobo Messages postés 60 Statut Membre

Hi,

Il y avait un trojan Winantispyware/Winantivirus 2006 2007, je l ai mis en quarantaine,

Voici le new rapport Hijackthis, merci pour ton aide...

Logfile of HijackThis v1.99.1
Scan saved at 22:21:11, on 08/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 8 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

ta version d'hijackthis n'est plus bonne télécharge la version 2 Télécharge le fichier d'installation d'HijackThis.

Puis refait un scan. Merci.

El lobo Messages postés 60 Statut Membre

Hi, voila voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:18, on 08/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 9 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Téléchargez SmitfraudFix et enregistrez-le sur le bureau
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.

Regarde bien le tuto qui est avec

/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.

En mode sans echec la suppression des fichiers présents.

process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

El lobo Messages postés 60 Statut Membre

Hi,

Voila voila

SmitFraudFix v2.394

Rapport fait à 22:55:11,98, 08/02/2009
Executé à partir de C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RecordingManager.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.spywareinfo.com
127.0.0.1 spywareinfo.com

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\utilisateur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: PRISM 802.11g Adapter (3886) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.76.224.172
DNS Server Search Order: 82.216.111.122
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.123

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

Réponse 10 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Télécharge HostsXpert sur ton Bureau :
http://www.funkytoad.com/download/HostsXpert.zip

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

Ensuite :

Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

Relance SmitfraudFix Puis choisi l'option 2 suppression.

Et ensuite l'option 5.

El lobo Messages postés 60 Statut Membre

Hi,

Voila le rapport

SmitFraudFix v2.394

Rapport fait à 0:29:23,76, 09/02/2009
Executé à partir de C:\Documents and Settings\utilisateur\Bureau\PC Security\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Description: PRISM 802.11g Adapter (3886) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.76.224.172
DNS Server Search Order: 82.216.111.122
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.123

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

Description: PRISM 802.11g Adapter (3886) - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.76.224.172
DNS Server Search Order: 82.216.111.122
DNS Server Search Order: 82.216.111.121
DNS Server Search Order: 82.216.111.123

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123

Réponse 11 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

et le rapport après suppression mode 2.

El lobo Messages postés 60 Statut Membre

Hi, voila

SmitFraudFix v2.394

Rapport fait à 0:07:58,42, 09/02/2009
Executé à partir de C:\Documents and Settings\utilisateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FA7E1A1-CD36-4B44-AE2A-383C4743B4F2}: DhcpNameServer=212.76.224.172 212.95.66.1 212.95.66.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDF59A0-6EF4-4439-97DE-9F5E1E8C1623}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\..\{44ABB211-9AB0-4A99-872A-B62637F94E16}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 12 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Bonsoir,

Je vais aller me coucher donc je te donne la suite, tu me fait un nouvel hijackthis. Merci.

El lobo Messages postés 60 Statut Membre

Hi,

Bien dormie?

Voila le rapport comme demande, merci pour ton aide et ton suivi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:51, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 13 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )

El lobo Messages postés 60 Statut Membre

Hi ,

Voila le rapport

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile AMD Athlon(tm) 64 Processor 3200+ )
BIOS : BIOS Date: 02/01/05 09:42:07 Ver: 08.00.11
USER : utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:24 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 09/02/2009|16:05 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
"Search Bar"="http://www.bing.com/spresults.aspx"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
"Search Bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\UTILIS~1\Mes documents\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Keygen-CloneDVD.exe
C:\DOCUME~1\UTILIS~1\Mes documents\Ma musique\ABBA\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).wma

1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:06 - Option : [1]

-----------\\ Fin du rapport a 16:06:34,96

Réponse 14 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Ceci à effacer de suite source de virus :

C:\DOCUME~1\UTILIS~1\Mes documents\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Keygen-CloneDVD.exe
C:\DOCUME~1\UTILIS~1\Mes documents\Ma musique\ABBA\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).wma

Ensuite :

Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

El lobo Messages postés 60 Statut Membre

Hi,

Voila les 2 rapports.

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile AMD Athlon(tm) 64 Processor 3200+ )
BIOS : BIOS Date: 02/01/05 09:42:07 Ver: 08.00.11
USER : utilisateur ( Administrator )
BOOT : Fail-safe boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:24 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 09/02/2009|16:26 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
"Search Bar"="http://www.bing.com/spresults.aspx"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"
"Search Bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 09/02/2009|16:06 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 09/02/2009|16:27 - Option : [2]

-----------\\ Fin du rapport a 16:27:47,43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:47, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 15 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Ensuite :

* Téléchargez et enregistrez Navilog1 sur le bureau.
* Sous XP : double-cliquez dessus pour l'installer et le lancer.
* Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
* Quand il sera installé, appuyez sur F pour Français.
* Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
* Tapez 1 pour exécuter une recherche.
* Laissez le programme travailler, il pourrait durer une dizaine de minutes.
* Un rapport va être généré dans le bloc note à la fin de l'analyse
* Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
* Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :

http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

Réponse 16 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

y a rien sur le navilog.

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

El lobo Messages postés 60 Statut Membre

Hi,

Voila voila

------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

Updated by C_XX on 07/02/2009 at 14:30

Start at: 19:42:34 | Lun 09/02/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: UTILISAT-CB53FB | User: utilisateur ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 54

+--------------------| Boonty/Boonty Games Elements Found:

.
.

+--------------------| Eorezo Elements Found:

.

+--------------------| Infected Poker Softwares Elements Found:

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+--------------------| It's TV Elements Found:

.

+--------------------| Sweetim Elements Found:

.

+--------------------| Added Scan:

---- Mozilla FireFox Version 3.0.5 ----

ProfilePath: n50g6e4k.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Crawler Search"
Prefs.js: Browser.Search.SelectedEngine: "Crawler Search"
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://go.microsoft.com/fwlink/?linkid=677

+-[HKEY_USERS\S-1-5-21-1993962763-1326574676-725345543-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://go.microsoft.com/fwlink/?linkid=677

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2854 Bytes] - "C:\Ad-Report-Scan-09.02.2009.log"
-

End at: 19:44:43 | 09/02/2009
.
+--------------------| E.O.F - 62 Lines
.

Réponse 17 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

! Déconnectes toi et fermes toutes applications en cours !

Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

El lobo Messages postés 60 Statut Membre

------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

Updated by C_XX on 07/02/2009 at 14:30

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 20:10:14 | Lun 09/02/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
Boot mode: MSE
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: UTILISAT-CB53FB | User: utilisateur ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 15

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
.

+--------------------| Eorezo Elements Deleted :

.

+--------------------| Infected Poker Softwares Elements Deleted :

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+--------------------| It's TV Elements Deleted :

.

+--------------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+--------------------| Added Scan :

---- Mozilla FireFox Version 3.0.5 ----

ProfilePath: n50g6e4k.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Crawler Search"
Prefs.js: Browser.Search.SelectedEngine: "Crawler Search"
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-1993962763-1326574676-725345543-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~3206 Bytes] - "C:\Ad-Report-Clean-09.02.2009.log"
[~2989 Bytes] - "C:\Ad-Report-Scan-09.02.2009.log"
-

End at: 20:13:50 | 09/02/2009
.
+--------------------| E.O.F - 73 Lines
.

Réponse 18 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

reposte moi un hijackthis.

El lobo Messages postés 60 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:53, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 19 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

* Télécharger ComboFix (par sUBs) sur le Bureau.
* Double-cliquer combofix.exe.
* Il est vivement recommandé d'installer la Console de récupération !
* Appuyer sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt.
* Refaire un rapport HijackThis, et fixer les lignes correspondantes comme indiqué plus haut.

Le tutoriel officiel

Sous Vista :

* Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
* Aller dans démarrer puis panneau de configuration.
* Double-cliquer sur l'icône Comptes d'utilisateurs.
* Cliquer ensuite sur désactiver et valider.
* Faire un clic-droit sur ComboFix présent sur le Bureau et choisir Exécuter en tant qu'administrateur.
* Double-cliquer sur combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan.
* Le rapport sera crée dans: C:\Combofix.txt
o En cas de difficulté à dépouiller les résultats du rapport seul, il est conseillé de le poster en forum afin qu'une personne avertie vous guide dans l'utilisation et l'analyse des rapports. La "puissance" et la difficulté à analyser les résultats des rapports en font un fix à utiliser avec précaution.

El lobo Messages postés 60 Statut Membre

Hi,

Voila, il y a 2 rapport combo car premiere manip j avais desactive les anti virus et autre mais la connectioni internet, puis j ai refais combo une deuxieme fois.

J ai mis apres le rapport hijackthis, merci encore pour toute ton aide

ComboFix 09-02-08.02 - utilisateur 2009-02-09 22:59:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.479.196 [GMT 1:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\QTWMCI32.DLL
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-09 19:41 . 2009-02-09 20:08 <REP> d-------- c:\program files\Ad-remover
2009-02-09 17:12 . 2009-02-09 17:18 <REP> d-------- c:\program files\Navilog1
2009-02-09 16:04 . 2009-02-09 16:27 <REP> d-------- C:\ToolBar SD
2009-02-08 22:38 . 2009-02-08 22:38 <REP> d-------- c:\program files\Trend Micro
2009-02-05 22:53 . 2005-03-15 17:04 161,792 --------- c:\windows\system32\drivers\ov530vid.sys
2009-02-05 22:53 . 2004-08-05 17:34 61,440 --------- c:\windows\ov530dib.dll
2009-02-05 22:53 . 2005-09-30 09:42 40,960 --------- c:\windows\system32\ov530ext.dll
2009-02-05 22:53 . 2004-11-09 00:37 25,177 --------- c:\windows\system32\drivers\ov530cmd.sys
2009-02-05 22:53 . 2005-09-30 09:56 18,972 --------- c:\windows\system32\ov530ext.ax
2009-02-05 22:53 . 2004-07-20 01:50 16,440 --------- c:\windows\system32\ov530usd.dll
2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\utilisateur\Application Data\SUPERAntiSpyware.com
2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-04 19:17 . 2009-02-04 21:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Malwarebytes
2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-04 19:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 19:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 14:29 . 2009-02-04 14:29 <REP> d-------- c:\program files\CCleaner
2009-02-04 12:18 . 2009-02-04 12:18 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-04 11:25 . 2009-02-04 11:51 <REP> d-------- c:\windows\SxsCaPendDel
2009-02-03 20:54 . 2009-02-03 20:54 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 22:16 11,827,232 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-09 22:05 140,552 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-09 21:30 --------- d-----w c:\documents and settings\utilisateur\Application Data\Skype
2009-02-09 18:19 --------- d-----w c:\documents and settings\utilisateur\Application Data\skypePM
2009-02-09 11:56 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-08 21:09 29,116 ----a-w c:\documents and settings\utilisateur\Application Data\wklnhst.dat
2009-02-08 15:01 --------- d-----w c:\documents and settings\utilisateur\Application Data\Spyware Terminator
2009-02-04 21:15 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-04 14:21 --------- d-----w c:\program files\ewido anti-malware
2009-02-04 14:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 13:23 --------- d-----w c:\program files\a-squared Free
2009-02-04 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-02-04 10:24 --------- d-----w c:\program files\Java
2009-02-04 10:20 --------- d-----w c:\program files\eMule
2009-02-03 19:53 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-31 15:41 --------- d-----w c:\program files\DJ Mix Lite
2008-12-16 20:24 --------- d-----w c:\documents and settings\utilisateur\Application Data\VoipRaider
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-06-03 18:15 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-04-27 13:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-10 20:21 0 -c--a-w c:\documents and settings\Invité\Application Data\wklnhst.dat
2006-02-25 14:16 212,843 -c--a-w c:\program files\hijackthis_199.zip
2006-01-03 21:06 57,664 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"VoipRaider"="c:\program files\VoipRaider.com\VoipRaider\VoipRaider.exe" [2008-12-08 9016112]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-09-02 249856]
"FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2005-12-01 360448]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"CMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-05-07 40960]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-20 1817600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"SiSPower"="SiSPower.dll" [2004-09-02 c:\windows\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-05-01 118784]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-11-18 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Browser MOUSE\\mouse32a.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-09 141312]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2005-11-18 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2005-11-18 6100]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-09-25 52800]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2005-05-09 71336]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [2009-02-05 161792]
S3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\drivers\PRISMA00.sys [2005-11-18 393280]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2005-11-24 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2005-11-24 69680]
.
Contenu du dossier 'Tâches planifiées'

2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-02-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-<NO NAME> - (no file)
HKLM-Run-NWEReboot - (no file)

.
------- Examen supplémentaire -------
.
mWindow Title =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Crawler Search
FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60327&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 23:10:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Sitecom\IVT BlueSoleil\BTNtService.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-02-09 23:21:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-09 22:21:37

Avant-CF: 26 632 593 408 octets libres
Après-CF: 26,538,663,936 octets libres

219 --- E O F --- 2009-02-04 09:45:23

2ieme rapport Combo

ComboFix 09-02-08.02 - utilisateur 2009-02-09 23:30:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.479.148 [GMT 1:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-09 19:41 . 2009-02-09 20:08 <REP> d-------- c:\program files\Ad-remover
2009-02-09 17:12 . 2009-02-09 17:18 <REP> d-------- c:\program files\Navilog1
2009-02-09 16:04 . 2009-02-09 16:27 <REP> d-------- C:\ToolBar SD
2009-02-08 22:38 . 2009-02-08 22:38 <REP> d-------- c:\program files\Trend Micro
2009-02-05 22:53 . 2005-03-15 17:04 161,792 --------- c:\windows\system32\drivers\ov530vid.sys
2009-02-05 22:53 . 2004-08-05 17:34 61,440 --------- c:\windows\ov530dib.dll
2009-02-05 22:53 . 2005-09-30 09:42 40,960 --------- c:\windows\system32\ov530ext.dll
2009-02-05 22:53 . 2004-11-09 00:37 25,177 --------- c:\windows\system32\drivers\ov530cmd.sys
2009-02-05 22:53 . 2005-09-30 09:56 18,972 --------- c:\windows\system32\ov530ext.ax
2009-02-05 22:53 . 2004-07-20 01:50 16,440 --------- c:\windows\system32\ov530usd.dll
2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\utilisateur\Application Data\SUPERAntiSpyware.com
2009-02-04 22:16 . 2009-02-04 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-04 19:17 . 2009-02-04 21:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\utilisateur\Application Data\Malwarebytes
2009-02-04 19:17 . 2009-02-04 19:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-04 19:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 19:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 14:29 . 2009-02-04 14:29 <REP> d-------- c:\program files\CCleaner
2009-02-04 12:18 . 2009-02-04 12:18 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-04 11:25 . 2009-02-04 11:51 <REP> d-------- c:\windows\SxsCaPendDel
2009-02-03 20:54 . 2009-02-03 20:54 <REP> d-------- c:\program files\Fichiers communs\xing shared
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-03 19:51 . 2009-02-03 19:51 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 22:34 11,896,864 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-09 22:33 --------- d-----w c:\documents and settings\utilisateur\Application Data\Skype
2009-02-09 22:05 140,552 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-09 18:19 --------- d-----w c:\documents and settings\utilisateur\Application Data\skypePM
2009-02-09 11:56 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-08 21:09 29,116 ----a-w c:\documents and settings\utilisateur\Application Data\wklnhst.dat
2009-02-08 15:01 --------- d-----w c:\documents and settings\utilisateur\Application Data\Spyware Terminator
2009-02-04 21:15 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-04 14:21 --------- d-----w c:\program files\ewido anti-malware
2009-02-04 14:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 14:11 649,216 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-02-04 14:11 2,110,464 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-02-04 13:23 --------- d-----w c:\program files\a-squared Free
2009-02-04 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-02-04 10:24 --------- d-----w c:\program files\Java
2009-02-04 10:20 --------- d-----w c:\program files\eMule
2009-02-03 19:53 --------- d-----w c:\program files\Fichiers communs\Real
2009-01-28 21:22 7,504,697 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-31 15:41 --------- d-----w c:\program files\DJ Mix Lite
2008-12-22 17:44 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-16 20:24 --------- d-----w c:\documents and settings\utilisateur\Application Data\VoipRaider
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-06-03 18:15 20 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-04-27 13:10 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-10 20:21 0 -c--a-w c:\documents and settings\Invité\Application Data\wklnhst.dat
2006-02-25 14:16 212,843 -c--a-w c:\program files\hijackthis_199.zip
2006-01-03 21:06 57,664 -c--a-w c:\documents and settings\utilisateur\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"VoipRaider"="c:\program files\VoipRaider.com\VoipRaider\VoipRaider.exe" [2008-12-08 9016112]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-09-02 249856]
"FLMOFFICE4DMOUSE"="c:\program files\Browser MOUSE\mouse32a.exe" [2005-12-01 360448]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"CMPDPSRV"="c:\windows\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-05-07 40960]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-20 1817600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"SiSPower"="SiSPower.dll" [2004-09-02 c:\windows\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\Sitecom\IVT BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-05-01 118784]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-11-18 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ustera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Browser MOUSE\\mouse32a.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\VoipRaider.com\\VoipRaider\\VoipRaider.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-09 141312]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2005-11-18 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2005-11-18 6100]
R3 PRISM_A00;PRISM 802.11 Driver;c:\windows\system32\drivers\PRISMA00.sys [2005-11-18 393280]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 HPFECP13;HPFECP13;c:\windows\system32\drivers\HPFecp13.sys [1998-09-25 52800]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2005-05-09 71336]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [2009-02-05 161792]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2005-11-24 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2005-11-24 69680]
.
Contenu du dossier 'Tâches planifiées'

2009-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-02-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Crawler Search
FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60327&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 23:33:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2009-02-09 23:37:51
ComboFix-quarantined-files.txt 2009-02-09 22:37:39
ComboFix2.txt 2009-02-09 22:21:47

Avant-CF: 26 525 126 656 octets libres
Après-CF: 26,511,069,184 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=AlwaysOff /fastdetect

190 --- E O F --- 2009-02-04 09:45:23

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:36, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipRaider] "C:\Program Files\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\Sitecom\IVT BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 20 / 23

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,

:Processes
explorer.exe

:Files
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\QTWMCI32.DLL
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).

El lobo Messages postés 60 Statut Membre

Bonjour,

voila le rapport OT move.merci pour ton aide

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\system32\404Fix.exe not found.
File/Folder c:\windows\system32\Agent.OMZ.Fix.exe not found.
File/Folder c:\windows\system32\dumphive.exe not found.
File/Folder c:\windows\system32\IEDFix.C.exe not found.
File/Folder c:\windows\system32\IEDFix.exe not found.
File/Folder c:\windows\system32\o4Patch.exe not found.
File/Folder c:\windows\system32\QTWMCI32.DLL not found.
File/Folder c:\windows\system32\SrchSTS.exe not found.
File/Folder c:\windows\system32\tmp.reg not found.
File/Folder c:\windows\system32\VACFix.exe not found.
File/Folder c:\windows\system32\VCCLSID.exe not found.
File/Folder c:\windows\system32\WS2Fix.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\etilqs_P8guxGvoJdrw8EcT8IpT scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Perflib_Perfdata_10c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Perflib_Perfdata_494.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\~DF328F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\~DFD66C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3b0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04597.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0459b.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\utilisateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\n50g6e4k.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02102009_144921

Analyse d un Hijackthis

23 réponses

Votre réponse

Discussions similaires

Newsletters