Sujet Précédent Sujet Suivant

Infecté par Trojan.virtumonde

Résolu/Fermé
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009 - 5 févr. 2009 à 11:01
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 7 févr. 2009 à 13:28
Bonjour,

D’aprés Spyware Doctor, j’ai été infecté par "Trojan.Virtumonde"

Les icones du bureau et la barre des taches sont devenu instable, dés que j'ouvre le bloc note, antivir detecte un trojan et chaque fois que j'ouvre un dossier il se ferme tout seul au bout de quelques secondes.

J’ai installé une bonne dixaine de logiciel pour m’en débarasser, mais impossible d’en venir à bout.

Voici mon rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:09, on 05/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Logiciels 3D\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Utilitaires\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Drivers\Hercules\WiFi Station\WiFi Station pour Livebox\WifiStationLB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Utilitaires\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3EDCD616-A767-4014-BE52-8EF7FAA491B0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {66542741-9DBD-475C-A81D-1462588F9FF6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C7A2CB0-8BD4-47C6-B933-0BFE72000A81} - (no file)
O2 - BHO: (no name) - {A7E9745B-343C-4136-95A0-B1F56F58020E} - (no file)
O2 - BHO: (no name) - {B4EDBDFE-088B-4688-837D-FF6B73844FFB} - C:\WINDOWS\system32\geBtUkHY.dll (file missing)
O2 - BHO: (no name) - {BC3E65DC-749D-4288-A754-4D814694C907} - C:\WINDOWS\system32\vtUkhiJB.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXToolBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1659004503-838170752-725345543-500\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Administrateur')
O4 - HKUS\S-1-5-21-1659004503-838170752-725345543-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'Administrateur')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\Utilitaires\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\Utilitaires\DAP\dapextie2.htm
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.afreecatv.com/ocx/AfSpeedCheck.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {688C15EE-9C38-471D-9E46-BB842E30246F} (ChatCommControl Control) - http://www.playple.com/liveviewer/cab/NChat7.cab
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://www.playple.com/liveviewer/cab/SLViewer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} (OpenTV Control) - http://afocx.afreeca.com:9091/AFC/OpenTV.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://www.afreecatv.com/not_found.htm
O20 - Winlogon Notify: byXRhecD - byXRhecD.dll (file missing)
O20 - Winlogon Notify: efcBrPhe - C:\WINDOWS\
O20 - Winlogon Notify: rqRlMfca - C:\WINDOWS\SYSTEM32\rqRlMfca.dll
O20 - Winlogon Notify: ssqnOghh - C:\WINDOWS\SYSTEM32\ssqnOghh.dll
O20 - Winlogon Notify: tuvWpMfD - C:\WINDOWS\
O20 - Winlogon Notify: urqRHYQk - urqRHYQk.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Logiciels 3D\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Utilitaires\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\plugins\Brazil\sfmgr1_2_1\sfmgr.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\Shinobi\Bureau\WinAircrack\WinAircrackPack\wzcook.exe (file missing)

24 réponses

  • 1
  • 2
Réponse 1 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 févr. 2009 à 11:03
slt,



scan rapide avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_____________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 11:19
Bonjour,

Merci beaucoup pour ta reponse rapide !

Voici le rapport MalwareByte's Anti-Malware :

Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1127
Windows 5.1.2600 Service Pack 2

05/02/2009 11:13:36
mbam-log-2009-02-05 (11-13-33).txt

Type de recherche: Examen rapide
Eléments examinés: 55420
Temps écoulé: 3 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vtUkhiJB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rqRlMfca.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqnOghh.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc3e65dc-749d-4288-a754-4d814694c907} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bc3e65dc-749d-4288-a754-4d814694c907} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrlmfca (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqnoghh (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vtukhijb -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vtukhijb -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\vtUkhiJB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BJihkUtv.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BJihkUtv.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rqRlMfca.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqNDSIa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcYRHBt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayyAsSL.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqnOghh.dll (Trojan.Vundo) -> No action taken.
0
Réponse 3 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 11:23
Le log.txt de RSIT :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Shinobi at 2009-02-05 11:17:00
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (5%) free of 100 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:13, on 05/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Logiciels 3D\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Utilitaires\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Drivers\Hercules\WiFi Station\WiFi Station pour Livebox\WifiStationLB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Shinobi\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shinobi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3EDCD616-A767-4014-BE52-8EF7FAA491B0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {66542741-9DBD-475C-A81D-1462588F9FF6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C7A2CB0-8BD4-47C6-B933-0BFE72000A81} - (no file)
O2 - BHO: (no name) - {A7E9745B-343C-4136-95A0-B1F56F58020E} - (no file)
O2 - BHO: (no name) - {B4EDBDFE-088B-4688-837D-FF6B73844FFB} - C:\WINDOWS\system32\geBtUkHY.dll (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXToolBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1659004503-838170752-725345543-500\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Administrateur')
O4 - HKUS\S-1-5-21-1659004503-838170752-725345543-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'Administrateur')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\Utilitaires\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\Utilitaires\DAP\dapextie2.htm
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.afreecatv.com/ocx/AfSpeedCheck.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {688C15EE-9C38-471D-9E46-BB842E30246F} (ChatCommControl Control) - http://www.playple.com/liveviewer/cab/NChat7.cab
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://www.playple.com/liveviewer/cab/SLViewer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} (OpenTV Control) - http://afocx.afreeca.com:9091/AFC/OpenTV.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://www.afreecatv.com/not_found.htm
O20 - Winlogon Notify: byXRhecD - byXRhecD.dll (file missing)
O20 - Winlogon Notify: efcBrPhe - C:\WINDOWS\
O20 - Winlogon Notify: tuvWpMfD - C:\WINDOWS\
O20 - Winlogon Notify: urqRHYQk - urqRHYQk.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Logiciels 3D\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Utilitaires\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Utilitaires\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\plugins\Brazil\sfmgr1_2_1\sfmgr.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\Shinobi\Bureau\WinAircrack\WinAircrackPack\wzcook.exe (file missing)
0
Réponse 4 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 11:25
Voici le info.txt de RSIT :

info.txt logfile of random's system information tool 1.05 2009-02-05 11:12:37

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Utilitaires\Nero\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
517142 - ZBrush (Windows) (Shared Components)-->C:\Program Files\Fichiers communs\element5 Shared\Uninstall\517142 ZBrush Windows\B1FFA000\UninstApplet.exe /uninstall
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
adsl TV-->C:\Program Files\Utilitaires\adslTV\Uninstal.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autodesk 3ds Max 8-->MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC}
Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Autodesk Mudbox 2009-->MsiExec.exe /I{48FA4241-BD99-440B-A3C4-E2D3B88FBF73}
Avira AntiVir Personal – Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BODYPAINT 3D-->MsiExec.exe /I{91851736-7018-417F-B1B2-04C2FF1D5080}
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Camtasia Studio 5-->MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Correctif pour Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Daum ÆÌÇÕ¹À̾î-->"C:\Program Files\DAUM\PotPlayer\uninstall.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DreamScape 2.5c for 3ds Max R9 (32 bit)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F103D27-8E21-436F-A701-F247724B0DF7}\setup.exe"
eMule-->"C:\Program Files\Utilitaires\eMule\Uninstall.exe"
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
FileZilla Client 3.0.4.1-->C:\Program Files\Utilitaires\FileZilla\uninstall.exe
FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
FLAC codecs-->C:\Program Files\illiminable\oggcodecs\uninst.exe
Fraps (remove only)-->"C:\Program Files\Utilitaires\Fraps\uninstall.exe"
Fusion 5.1-->MsiExec.exe /I{C98FCCCA-859E-4865-B54C-187F4AC7CF6F}
GOM Player-->"C:\Program Files\GRETECH\GomPlayer2\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall
HairFX Version 1.60.66-->"C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\unins000.exe"
Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Pro-->"C:\Program Files\Hitman Pro\unins000.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HyperCam 2-->"C:\Program Files\Utilitaires\HyCam2\UnHyCam2.exe"
ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Player Classic fr-->"C:\Program Files\Utilitaires\Media Player Classic\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetXfer 2.30.352-->"C:\Program Files\Utilitaires\Xi\NetXfer\NetXfer\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Photoshop Plug-ins-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\setup.exe" -l0x9
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Opera 9.25-->MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Paint Shop Pro 6.0 Evaluation-->C:\PROGRA~1\LOGICI~2\PAINTS~1\Unwise.exe C:\PROGRA~1\LOGICI~2\PAINTS~1\INSTALL.LOG
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
PPStream-->C:\Program Files\PPStream\unpps.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quickdirt-->C:\PROGRA~1\LOGICI~1\Autodesk\3dsMax8\plugins\DIGIMA~1\QUICKD~1\UNWISE.EXE C:\PROGRA~1\LOGICI~1\Autodesk\3dsMax8\plugins\DIGIMA~1\QUICKD~1\Quickdirt.LOG
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RayFire Tool 1.32-->C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\RayFireUninst.exe
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Silo 2.0.6-->MsiExec.exe /X{8C1AD831-A7F8-4E8C-A2CB-DD3091AF9AB8}
SimPE 0.68 (alpha)-->"C:\Program Files\SimPE\unins000.exe"
SnagIt 8-->MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
StarCraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\StarCraft (2)\Uninstall.exe
Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TrackMania Nations ESWC 1.7.9-->"C:\Program Files\Jeux\TrackMania Nations ESWC\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\UTILIT~1\TVAnts\UNWISE.EXE C:\PROGRA~1\UTILIT~1\TVAnts\INSTALL.LOG
TypingMaster Pro-->"C:\Program Files\TypingMaster\unins000.exe"
Update for Outlook 2007 Junk Email Filter (kb943597)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\Utilitaires\adslTV\VLC\uninstall.exe
VideoReDo/Plus Version 2.5.3.500-->"C:\Program Files\Utilitaires\VideoReDoPlus\unins000.exe"
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
V-Ray for 3dsmax R9 for x86-->"C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\Chaos Group\V-Ray\3dsmax R9 for x86\uninstall\wininstaller.exe"-uninstall="C:\Program Files\Logiciels 3D\Autodesk\3ds Max 9\Chaos Group\V-Ray\3dsmax R9 for x86\uninstall\install.log" -uninstallApp="V-Ray for 3dsmax R9 for x86"
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Winamp-->"C:\Program Files\Utilitaires\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition (outdated)
FW: Sunbelt Personal Firewall

System event log

Computer Name: XPSP2-797F489C4
Event Code: 7036
Message: Le service PD91Engine est entré dans l'état : en cours d'exécution.

Record Number: 43255
Source Name: Service Control Manager
Time Written: 20090129151053.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-797F489C4
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service PD91Engine.

Record Number: 43254
Source Name: Service Control Manager
Time Written: 20090129151053.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: XPSP2-797F489C4
Event Code: 7036
Message: Le service PD91Engine est entré dans l'état : arrêté.

Record Number: 43253
Source Name: Service Control Manager
Time Written: 20090129151013.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-797F489C4
Event Code: 7036
Message: Le service PD91Engine est entré dans l'état : en cours d'exécution.

Record Number: 43252
Source Name: Service Control Manager
Time Written: 20090129145844.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-797F489C4
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service PD91Engine.

Record Number: 43251
Source Name: Service Control Manager
Time Written: 20090129145844.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Application event log

Computer Name: XPSP2-797F489C4
Event Code: 0
Message:
Record Number: 47624
Source Name: Nero BackItUp Scheduler 3
Time Written: 20090122104141.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-797F489C4
Event Code: 3
Message:
Record Number: 47623
Source Name: RaySat_3dsmax9_32 Server
Time Written: 20090122104141.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-797F489C4
Event Code: 3
Message:
Record Number: 47622
Source Name: RaySat_3dsmax8 Server
Time Written: 20090122104141.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-797F489C4
Event Code: 3
Message:
Record Number: 47621
Source Name: RaySat_3dsmax9_32 Server
Time Written: 20090122104141.000000+060
Event Type: Informations
User:

Computer Name: XPSP2-797F489C4
Event Code: 3
Message:
Record Number: 47620
Source Name: RaySat_3dsmax8 Server
Time Written: 20090122104141.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Logiciels 3D\Autodesk\Backburner;C:\Program Files\Fichiers communs\Autodesk Shared;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 févr. 2009 à 12:45
tu as viré tout ce qui a été trouvé par malwarebyte? fais le

______________

vire spyware doctor de ton ordi et garde malwarebyte

______________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: (no name) - {3EDCD616-A767-4014-BE52-8EF7FAA491B0} - (no file)
O2 - BHO: (no name) - {66542741-9DBD-475C-A81D-1462588F9FF6} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9C7A2CB0-8BD4-47C6-B933-0BFE72000A81} - (no file)
O2 - BHO: (no name) - {A7E9745B-343C-4136-95A0-B1F56F58020E} - (no file)
O2 - BHO: (no name) - {B4EDBDFE-088B-4688-837D-FF6B73844FFB} - C:\WINDOWS\system32\geBtUkHY.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.afreecatv.com/ocx/AfSpeedCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

O16 - DPF: {E9E5E440-45DE-4D5B-8F8E-54212D160106} (OpenTV Control) - http://afocx.afreeca.com:9091/AFC/OpenTV.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://www.afreecatv.com/not_found.htm
O20 - Winlogon Notify: byXRhecD - byXRhecD.dll (file missing)
O20 - Winlogon Notify: efcBrPhe - C:\WINDOWS\
O20 - Winlogon Notify: tuvWpMfD - C:\WINDOWS\
O20 - Winlogon Notify: urqRHYQk - urqRHYQk.dll (file missing)

________________________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

_________________________


mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

_________________________

Mettre a jour java:

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.
0
Réponse 6 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 14:28
Oui j'ai supprimé tout ce que malwarebyte a trouvé et j'ai redémarré.

J'ai désinstallé spyware doctor et fait toutes les mises à jour

Voici le rapport Combofix :

ComboFix 09-02-04.04 - Shinobi 2009-02-05 13:08:32.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1590 [GMT 1:00]
Lancé depuis: c:\documents and settings\Shinobi\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\CrucialSoft Ltd
C:\InfoSat.txt
c:\windows\system32\AJlRqBeg.ini
c:\windows\system32\dceKnnnn.ini
c:\windows\system32\dceKnnnn.ini2
c:\windows\system32\geBqrSKE.dll
c:\windows\system32\urqQjjif.dll
c:\windows\system32\YHkUtBeg.ini
c:\windows\system32\YHkUtBeg.ini2

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-05 au 2009-02-05 ))))))))))))))))))))))))))))))))))))
.

2009-02-05 11:13 . 2009-02-05 11:17 11,776 --a----t- c:\windows\system32\TASKMAN_.exe
2009-02-05 11:12 . 2009-02-05 11:33 <REP> d-------- C:\rsit
2009-02-05 10:11 . 2009-02-05 10:11 <REP> d-------- c:\documents and settings\Shinobi\Application Data\Sunbelt
2009-02-05 10:11 . 2009-02-05 10:11 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Sunbelt
2009-02-05 09:00 . 2009-02-05 09:00 <REP> d-------- c:\documents and settings\NetworkService.AUTORITE NT\Application Data\Webroot
2009-02-05 08:34 . 2009-02-05 08:34 <REP> d-------- c:\documents and settings\Shinobi\Application Data\Lavasoft
2009-02-05 08:33 . 2009-02-05 08:33 <REP> d-------- c:\program files\Webroot
2009-02-05 08:33 . 2009-02-05 08:33 <REP> d-------- c:\documents and settings\LocalService.AUTORITE NT\Application Data\Webroot
2009-02-05 08:33 . 2009-02-05 08:33 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-02-05 08:33 . 2007-03-01 19:54 144,960 --a------ c:\windows\system32\drivers\ssidrv.sys
2009-02-05 08:33 . 2007-03-01 19:54 22,080 --a------ c:\windows\system32\drivers\sshrmd.sys
2009-02-05 08:33 . 2007-03-01 19:54 21,056 --a------ c:\windows\system32\drivers\sskbfd.sys
2009-02-05 08:33 . 2007-03-01 19:54 20,544 --a------ c:\windows\system32\drivers\SSFS0509.sys
2009-02-05 08:32 . 2009-02-05 08:32 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-02-05 08:32 . 2009-02-05 09:52 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-05 08:32 . 2009-02-05 08:32 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-05 08:32 . 2009-02-05 08:32 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-05 08:32 . 2009-02-05 08:32 164 --a------ C:\install.dat
2009-02-05 08:25 . 2009-02-05 10:11 <REP> d-------- c:\program files\Hitman Pro
2009-02-05 08:12 . 2009-02-05 08:12 <REP> d-------- c:\program files\Trend Micro
2009-02-05 07:27 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
2009-02-05 07:26 . 2009-02-05 10:11 <REP> d-------- c:\program files\Sunbelt Software
2009-02-05 07:26 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-05 06:48 . 2009-02-05 06:49 4,507 --a------ c:\windows\imsins.BAK
2009-02-05 03:28 . 2009-02-05 07:12 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-05 03:25 . 2009-02-05 07:12 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2009-02-05 03:24 . 2009-02-05 07:13 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-02-05 02:56 . 2009-02-05 02:56 56,320 --a------ c:\windows\system32\tuvUoPgf.dll.vir
2009-02-05 01:39 . 2009-02-05 01:49 <REP> d-------- c:\program files\BHODemon 2
2009-02-05 01:31 . 2009-02-05 01:31 <REP> d-------- C:\VundoFix Backups
2009-02-04 23:31 . 2009-02-05 01:03 153 --a------ c:\windows\wininit.ini
2009-02-04 11:38 . 2009-02-05 08:30 <REP> d-------- c:\program files\Lavasoft
2009-02-04 11:31 . 2009-02-05 08:31 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-04 11:23 . 2006-11-17 09:46 96,256 --a------ c:\windows\system32\CddbLangE.dll
2009-02-04 09:49 . 2009-02-04 09:49 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-02-04 09:33 . 2009-02-04 09:33 <REP> d-------- c:\program files\Avira
2009-02-04 08:19 . 2009-02-04 08:34 <REP> d-------- C:\Combo-Fix
2009-02-04 07:09 . 2009-02-04 07:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 07:09 . 2008-09-08 00:16 38,528 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 07:09 . 2008-09-08 00:16 17,200 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 07:05 . 2009-02-04 07:07 <REP> d-------- c:\program files\Registry Repair
2009-02-04 06:45 . 2009-02-05 11:17 69,120 --a----t- c:\documents and settings\Shinobi\notepad.exe
2009-01-31 20:25 . 2009-01-31 20:25 5,632 --ahs---- c:\windows\Thumbs.db
2009-01-22 13:05 . 2009-01-22 13:05 <REP> d-------- c:\windows\Logs
2009-01-17 05:44 . 2009-01-17 05:44 <REP> d-------- c:\program files\Fichiers communs\SWF Studio
2009-01-15 06:09 . 2009-01-15 06:45 <REP> d-------- c:\program files\ICCup

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 12:03 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-05 09:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-05 06:13 --------- d-----w c:\program files\Utilitaires
2009-02-05 06:13 --------- d-----w c:\program files\DivX
2009-02-04 23:40 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-04 22:31 --------- d-----w c:\program files\Enigma Software Group
2009-02-04 08:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-02-03 10:48 --------- d-----w c:\documents and settings\Shinobi\Application Data\ppStream
2009-02-03 06:19 304,052 ----atw c:\windows\system32\notepad.exe
2009-02-03 05:58 --------- d-----w c:\documents and settings\Shinobi\Application Data\uTorrent
2009-01-23 17:32 --------- d-----w c:\documents and settings\Shinobi\Application Data\FileZilla
2009-01-22 11:53 --------- d-----w c:\program files\Jeux
2009-01-17 02:34 --------- d-----w c:\program files\Autodesk
2009-01-08 19:05 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2009-01-03 16:09 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PPLiveVA
2009-01-03 16:02 --------- d-----w c:\documents and settings\Shinobi\Application Data\PPLiveVA
2009-01-03 15:51 --------- d-----w c:\program files\PPStream
2008-12-22 21:05 --------- d-----w c:\documents and settings\Shinobi\Application Data\vlc
2008-12-20 17:31 --------- d-----w c:\program files\Chaoslauncher
2008-12-14 18:51 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-06 00:36 --------- d-----w c:\program files\Craft Animations
2008-12-05 04:05 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS
2008-12-05 04:03 --------- d-----w c:\documents and settings\Shinobi\Application Data\ProxyCap
2008-11-11 14:28 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2007-12-20 17:45 22,328 ----a-w c:\documents and settings\Shinobi\Application Data\PnkBstrK.sys
2007-12-08 06:50 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-02-14 20:56 359808 667192a11db19f36624119c0dd4de4f2 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-08-06 04:25 360064 01307b76a916a8f6d1f1452744ba7ad6 c:\windows\system32\backup\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 34a663e7f74ae8b2c992c2513343477e c:\windows\system32\drivers\tcpip.sys

2006-03-09 09:25 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-02 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 4865600]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-08-26 677160]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
WiFi Station pour Livebox.lnk - c:\program files\Drivers\Hercules\WiFi Station\WiFi Station pour Livebox\WifiStationLB.exe [2008-10-26 721408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\[u]0/uautocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^WiFi Station pour Livebox.lnk]
backup=c:\windows\pss\WiFi Station pour Livebox.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logiciels 3D\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"=
"c:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"=
"c:\\PROGRA~1\\DAUM\\POTPLA~1\\PotPlayer.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3681:TCP"= 3681:TCP:messenger
"7881:TCP"= 7881:TCP:messenger
"8337:TCP"= 8337:TCP:messenger
"3532:TCP"= 3532:TCP:messenger
"2381:TCP"= 2381:TCP:messenger
"5836:TCP"= 5836:TCP:messenger
"5672:TCP"= 5672:TCP:messenger
"2787:TCP"= 2787:TCP:messenger
"6814:TCP"= 6814:TCP:messenger
"5448:TCP"= 5448:TCP:messenger
"8622:TCP"= 8622:TCP:messenger
"8557:TCP"= 8557:TCP:messenger
"4137:TCP"= 4137:TCP:messenger
"8118:TCP"= 8118:TCP:messenger
"1888:TCP"= 1888:TCP:messenger
"2854:TCP"= 2854:TCP:messenger
"4434:TCP"= 4434:TCP:messenger
"3515:TCP"= 3515:TCP:messenger
"4363:TCP"= 4363:TCP:messenger

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-12-17 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-12-17 52224]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-05 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 PD91Agent;PD91Agent;c:\program files\Utilitaires\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
R2 SBAMSvc;Sunbelt VIPRE Antivirus Service;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-26 869672]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-05 65576]
S2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1;c:\program files\Logiciels 3D\Autodesk\3ds Max 9\plugins\Brazil\sfmgr1_2_1\sfmgr.exe --> c:\program files\Logiciels 3D\Autodesk\3ds Max 9\plugins\Brazil\sfmgr1_2_1\sfmgr.exe [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2004-10-20 21344]
S3 GOBBLER;GOBBLER;\??\c:\windows\system32\drivers\GOBBLER.SYS --> c:\windows\system32\drivers\GOBBLER.SYS [?]
S3 PD91Engine;PD91Engine;c:\program files\Utilitaires\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S3 PD91VMDefrag;PD91VMDefrag;c:\program files\Utilitaires\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2008-02-29 226568]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2007-11-06 87848]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\documents and settings\Shinobi\Bureau\WinAircrack\WinAircrackPack\wzcook.exe" --> c:\documents and settings\Shinobi\Bureau\WinAircrack\WinAircrackPack\wzcook.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bc909aa-ad56-11dc-ba9f-00196639a9f3}]
\Shell\AutoRun\command - G:\SETUP.EXE
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchURL = hxxp://www.google.com/
IE: &Download with &DAP - c:\program files\Utilitaires\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\Utilitaires\DAP\dapextie2.htm
IE: Tout télécharger avec NetXfer - c:\program files\Utilitaires\Xi\NetXfer\NetXfer\NXAddList.html
IE: Télécharger avec NetXfer - c:\program files\Utilitaires\Xi\NetXfer\NetXfer\NXAddLink.html
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\UTILIT~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\UTILIT~1\DAP\dapie.dll
DPF: {688C15EE-9C38-471D-9E46-BB842E30246F} - hxxp://www.playple.com/liveviewer/cab/NChat7.cab
DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} - hxxp://www.playple.com/liveviewer/cab/SLViewer.cab
FF - ProfilePath - c:\documents and settings\Shinobi\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Logiciels 2D\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 13:15:21
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1659004503-838170752-725345543-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,55,84,8a,33,30,28,34,67,55,6d,fc,95,7f,80,da,d4,2f,f7,11,b1,d6,9c,
2f,73,c5,70,20,d9,35,ab,0e,85,bc,50,3b,7b,17,09,24,99,0f,5a,db,d3,f2,3d,8d,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\klogon.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(1260)
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DCPFLICS\DCPFLICS.exe
c:\program files\Logiciels 3D\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\program files\Logiciels 3D\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\Utilitaires\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
.
**************************************************************************
.
Heure de fin: 2009-02-05 13:21:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-05 12:21:33
ComboFix2.txt 2009-02-04 07:34:09

Avant-CF: 5 425 856 512 octets libres
Après-CF: 5,780,627,456 octets libres

278 --- E O F --- 2008-02-05 02:05:00
0
Réponse 7 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 14:29
Voici le rapport de JavaRa :

JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Thu Feb 05 14:31:26 2009

Found and removed: C:\Program Files\Java\jre1.6.0_03
Found and removed: C:\Program Files\Java\jre1.6.0_05
Found and removed: C:\Program Files\Java\jre1.6.0_07
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\Classes\JavaPlugin.160_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\JavaPlugin.160_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05
Found and removed: Software\JavaSoft\Java2D\1.6.0_03
Found and removed: Software\JavaSoft\Java2D\1.6.0_05
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
------------------------------------
Finished reporting.
0
Réponse 8 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 févr. 2009 à 14:53
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
c:\windows\system32\tuvUoPgf.dll.vir
:commands
[purity]
[emptytemp]
[start explorer]


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
Réponse 9 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 15:07
Le rapport MoveIt! :

========== FILES ==========
c:\windows\system32\tuvUoPgf.dll.vir moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Shinobi\LOCALS~1\Temp\etilqs_5RFdmONvnFoR0hMDhIPE scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Shinobi\LOCALS~1\Temp\IMG6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Shinobi\LOCALS~1\Temp\IMG7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_e0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02052009_150614

Files moved on Reboot...
File C:\DOCUME~1\Shinobi\LOCALS~1\Temp\etilqs_5RFdmONvnFoR0hMDhIPE not found!
File C:\DOCUME~1\Shinobi\LOCALS~1\Temp\IMG6.tmp not found!
File C:\DOCUME~1\Shinobi\LOCALS~1\Temp\IMG7.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_e0.dat not found!
C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Shinobi\Local Settings\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\XUL.mfl moved successfully.
0
Réponse 10 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 févr. 2009 à 15:07
Télécharge ToolsCleaner sur ton bureau.
--> https://www.commentcamarche.net/telecharger/ 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
Réponse 11 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 15:09
Le rapport ToolsCleaner :

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\VundoFix.txt: trouvé !
C:\Combofix.txt: trouvé !
C:\rapport_clean.txt: trouvé !
C:\Combofix: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Shinobi\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Shinobi\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Shinobi\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Shinobi\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Shinobi\Bureau\Rsit.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Shinobi\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Shinobi\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\Combofix.txt: supprimé !
C:\rapport_clean.txt: supprimé !
C:\Documents and Settings\Shinobi\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\Shinobi\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Shinobi\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 12 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 févr. 2009 à 15:16
vire tool cleaner et combofix de ton ordi


_____________

installe spywareblaster qui permet d'immuniser ton systeme contre certaines infections vundo et mets le a jour tous les mois
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html

_____________
désactive ta restauration puis redémarre ton ordi puis réactive la pour virer les infections qui seraient dedans
https://www.informatruc.com


_____________

verifie avec antivir si c'est bon, si des infections sont encore trouvées tu colle le rapport

sinon c'est bon pour toi!











pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 13 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
5 févr. 2009 à 16:24
Merci encore pour ton aide !

apparement c'est toujours pas reglé, le scan de Antivir et de Malwarebytes ont détecté des infections.

Le rapport Antivir :

Avira AntiVir Personal
Report file date: jeudi 5 février 2009 15:28

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: XPSP2-797F489C4

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 10:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 09:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 09:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 09:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 20:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 09:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 16:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 16:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 16:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 12:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 16:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 16:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 16:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 16:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 16:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 10:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 18:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 11:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 18:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 09:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 18:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 15:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 5 février 2009 15:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
Scan process 'spywareblaster.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WiFiStationLB.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned
Scan process 'SbPFSvc.exe' - '1' Module(s) have been scanned
Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'PD91Agent.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'raysat_3dsmax9_32server.exe' - '1' Module(s) have been scanned
Scan process 'raysat_3dsmax8server.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'DCPFLICS.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{89E95403-1956-459B-B2E7-AF98301E1B56}\RP14\A0008531.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49bb0379.qua'!
C:\System Volume Information\_restore{89E95403-1956-459B-B2E7-AF98301E1B56}\RP14\A0008532.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49bb037c.qua'!
C:\System Volume Information\_restore{89E95403-1956-459B-B2E7-AF98301E1B56}\RP14\A0008533.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49bb037f.qua'!
C:\System Volume Information\_restore{89E95403-1956-459B-B2E7-AF98301E1B56}\RP23\A0009714.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49bb03a9.qua'!
C:\WINDOWS\system32\iifecYQI.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\tuvWnnNG.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: jeudi 5 février 2009 16:25
Used time: 56:32 min

The scan has been canceled!

11417 Scanning directories
415710 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
415704 Files not concerned
2667 Archives were scanned
4 Warnings
4 Notes


_____________________________________


Le rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1127
Windows 5.1.2600 Service Pack 2

05/02/2009 16:04:56
mbam-log-2009-02-05 (16-04-51).txt

Type de recherche: Examen rapide
Eléments examinés: 54689
Temps écoulé: 7 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\tuvWnnNG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iifecYQI.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifecyqi (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo.H) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\iifecYQI.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vtUKcbbc.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vtUmJyaY.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nnnnonNH.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tuvWnnNG.dll (Trojan.Vundo) -> No action taken.
0
Réponse 14 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 févr. 2009 à 16:44
No action taken.

ce qui veux dire que tu n'as pas viré ce qui a été trouvé par malwarebyte!!! refais et vire tout ce qui est trouvé


puis vire ce qui est en quarantaine

puis

vire ce qui est en quarantaine dans antivir

puis

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com


____________________

puis verifie avec malwarebyte et antivir et cela devrait etre bon


rq:
Search for rootkits..............: off dans le rapport d'antivir, il faut donc activer la recherche de rootkit en allant dans le mode expert




a plus
0
Réponse 15 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
6 févr. 2009 à 09:54
Bonjour,

Désolé de ne pas avoir repondu plus tôt

J'ai refait un scan avec Malwarebytes et j'ai supprimé les fichiers en quarantaines, il a bien reussi à le supprimer mais il revient à chaque fois, apparement l'infection repart à chaque fois que j'ouvre un fichier texte avec le bloc-notes, Antivir detecte à chaque fois un Trojan et je passe de 0 fichiers infecté à jusqu'a 19 aprés l'ouverture du bloc-notes

Voici le rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1127
Windows 5.1.2600 Service Pack 2

06/02/2009 09:46:50
mbam-log-2009-02-06 (09-46-50).txt

Type de recherche: Examen rapide
Eléments examinés: 54539
Temps écoulé: 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrjcsqi (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e23136a1-1ac4-4d1b-926f-5d537cfff359} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\rqRJCsQi.dll (Trojan.Vundo) -> Delete on reboot.
0
Réponse 16 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
6 févr. 2009 à 13:08
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 17 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
6 févr. 2009 à 13:29
Le rapport Combofix :


ComboFix 09-02-05.02 - Shinobi 2009-02-06 13:20:41.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1584 [GMT 1:00]
Lancé depuis: c:\documents and settings\Shinobi\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
FW: Sunbelt Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ddcBuuuV.dll
c:\windows\system32\pVwHRqru.ini
c:\windows\system32\pVwHRqru.ini2

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
.

2009-02-06 10:50 . 2009-02-06 10:50 230 --a------ c:\windows\system32\spupdsvc.inf
2009-02-06 10:49 . 2007-09-26 18:32 66,048 --a------ c:\windows\ieResetIcons.exe
2009-02-06 04:23 . 2009-02-06 04:23 754 --a------ c:\windows\wordpad.INI
2009-02-06 04:18 . 2004-08-19 16:10 218,112 --a------ c:\windows\wordpad.exe
2009-02-06 02:42 . 2009-02-06 02:42 <REP> d-------- C:\_OTMoveIt
2009-02-05 15:24 . 2009-02-05 15:25 <REP> d-------- c:\program files\SpywareBlaster
2009-02-05 13:36 . 2009-02-05 13:35 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-05 11:13 . 2009-02-06 09:54 11,776 --a----t- c:\windows\system32\TASKMAN_.exe
2009-02-05 10:11 . 2009-02-05 10:11 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Sunbelt
2009-02-05 08:34 . 2009-02-05 13:39 <REP> d-------- c:\documents and settings\Shinobi\Application Data\Lavasoft
2009-02-05 08:32 . 2009-02-05 08:32 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-02-05 08:32 . 2009-02-05 08:32 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-02-05 08:32 . 2009-02-05 08:32 164 --a------ C:\install.dat
2009-02-05 08:25 . 2009-02-05 13:39 <REP> d-------- c:\program files\Hitman Pro
2009-02-05 08:12 . 2009-02-05 15:12 <REP> d-------- c:\program files\Trend Micro
2009-02-05 07:27 . 2008-06-21 04:54 65,576 --a------ c:\windows\system32\drivers\SbFwIm.sys
2009-02-05 07:26 . 2009-02-05 13:38 <REP> d-------- c:\program files\Sunbelt Software
2009-02-05 07:26 . 2008-10-31 07:09 270,888 -ra------ c:\windows\system32\drivers\SbFw.sys
2009-02-05 06:48 . 2009-02-05 14:26 1,355 --a------ c:\windows\imsins.BAK
2009-02-05 03:28 . 2009-02-05 07:12 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-05 03:25 . 2009-02-05 07:12 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2009-02-05 03:24 . 2009-02-05 07:13 <REP> d-------- c:\program files\Fichiers communs\Softwin
2009-02-05 01:39 . 2009-02-05 01:49 <REP> d-------- c:\program files\BHODemon 2
2009-02-04 23:31 . 2009-02-05 01:03 153 --a------ c:\windows\wininit.ini
2009-02-04 11:38 . 2009-02-05 13:39 <REP> d-------- c:\program files\Lavasoft
2009-02-04 11:23 . 2006-11-17 09:46 96,256 --a------ c:\windows\system32\CddbLangE.dll
2009-02-04 09:49 . 2009-02-04 09:49 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-02-04 09:33 . 2009-02-04 09:33 <REP> d-------- c:\program files\Avira
2009-02-04 08:19 . 2009-02-04 08:34 <REP> d-------- C:\Combo-Fix
2009-02-04 07:09 . 2009-02-04 07:09 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 07:09 . 2008-09-08 00:16 38,528 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 07:09 . 2008-09-08 00:16 17,200 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-04 07:05 . 2009-02-04 07:07 <REP> d-------- c:\program files\Registry Repair
2009-02-04 06:45 . 2009-02-06 09:55 69,120 --a----t- c:\documents and settings\Shinobi\notepad.exe
2009-01-31 20:25 . 2009-01-31 20:25 5,632 --ahs---- c:\windows\Thumbs.db
2009-01-22 13:05 . 2009-01-22 13:05 <REP> d-------- c:\windows\Logs
2009-01-17 05:44 . 2009-01-17 05:44 <REP> d-------- c:\program files\Fichiers communs\SWF Studio
2009-01-15 06:09 . 2009-01-15 06:45 <REP> d-------- c:\program files\ICCup

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 03:37 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-05 13:31 --------- d-----w c:\program files\Java
2009-02-05 13:02 --------- d-----w c:\documents and settings\Shinobi\Application Data\uTorrent
2009-02-05 12:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-02-05 06:13 --------- d-----w c:\program files\Utilitaires
2009-02-05 06:13 --------- d-----w c:\program files\DivX
2009-02-04 23:40 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-04 22:31 --------- d-----w c:\program files\Enigma Software Group
2009-02-04 08:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-02-03 10:48 --------- d-----w c:\documents and settings\Shinobi\Application Data\ppStream
2009-02-03 06:19 304,052 ----atw c:\windows\system32\notepad.exe
2009-01-23 17:32 --------- d-----w c:\documents and settings\Shinobi\Application Data\FileZilla
2009-01-22 11:53 --------- d-----w c:\program files\Jeux
2009-01-17 02:34 --------- d-----w c:\program files\Autodesk
2009-01-08 19:05 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2009-01-03 16:09 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\PPLiveVA
2009-01-03 16:02 --------- d-----w c:\documents and settings\Shinobi\Application Data\PPLiveVA
2009-01-03 15:51 --------- d-----w c:\program files\PPStream
2008-12-22 21:05 --------- d-----w c:\documents and settings\Shinobi\Application Data\vlc
2008-12-20 17:31 --------- d-----w c:\program files\Chaoslauncher
2008-12-14 18:51 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-06 00:36 --------- d-----w c:\program files\Craft Animations
2008-11-11 14:28 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2007-12-20 17:45 22,328 ----a-w c:\documents and settings\Shinobi\Application Data\PnkBstrK.sys
2007-12-08 06:50 22,328 ----a-w c:\documents and settings\Administrateur\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-02-14 20:56 359808 667192a11db19f36624119c0dd4de4f2 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-08-06 04:25 360064 01307b76a916a8f6d1f1452744ba7ad6 c:\windows\system32\backup\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 18:20 360064 34a663e7f74ae8b2c992c2513343477e c:\windows\system32\drivers\tcpip.sys

2006-03-09 09:25 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe

2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\system32\wuauclt.exe
2007-07-30 19:19 68440 84d9a61860272d6177d46c86b8431557 c:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-02 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="c:\windows\system32\run.cmd" [2006-02-14 248]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
WiFi Station pour Livebox.lnk - c:\program files\Drivers\Hercules\WiFi Station\WiFi Station pour Livebox\WifiStationLB.exe [2008-10-26 721408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\[u]0/uautocheck autochk *\[u]0/ulsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^WiFi Station pour Livebox.lnk]
backup=c:\windows\pss\WiFi Station pour Livebox.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logiciels 3D\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DAUM\\PotPlayer\\daumvsvr.exe"=
"c:\\Program Files\\DAUM\\PotPlayer\\PotPlayer.exe"=
"c:\\PROGRA~1\\DAUM\\POTPLA~1\\PotPlayer.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\DAUM\\PotPlayer\\PotPlayerMini.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3681:TCP"= 3681:TCP:messenger
"7881:TCP"= 7881:TCP:messenger
"8337:TCP"= 8337:TCP:messenger
"3532:TCP"= 3532:TCP:messenger
"2381:TCP"= 2381:TCP:messenger
"5836:TCP"= 5836:TCP:messenger
"5672:TCP"= 5672:TCP:messenger
"2787:TCP"= 2787:TCP:messenger
"6814:TCP"= 6814:TCP:messenger
"5448:TCP"= 5448:TCP:messenger
"8622:TCP"= 8622:TCP:messenger
"8557:TCP"= 8557:TCP:messenger
"4137:TCP"= 4137:TCP:messenger
"8118:TCP"= 8118:TCP:messenger
"1888:TCP"= 1888:TCP:messenger
"2854:TCP"= 2854:TCP:messenger
"4434:TCP"= 4434:TCP:messenger
"3515:TCP"= 3515:TCP:messenger
"4363:TCP"= 4363:TCP:messenger

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-12-17 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-12-17 52224]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-05 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 PD91Agent;PD91Agent;c:\program files\Utilitaires\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-05 65576]
S2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1;c:\program files\Logiciels 3D\Autodesk\3ds Max 9\plugins\Brazil\sfmgr1_2_1\sfmgr.exe --> c:\program files\Logiciels 3D\Autodesk\3ds Max 9\plugins\Brazil\sfmgr1_2_1\sfmgr.exe [?]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [2004-10-20 21344]
S3 GOBBLER;GOBBLER;\??\c:\windows\system32\drivers\GOBBLER.SYS --> c:\windows\system32\drivers\GOBBLER.SYS [?]
S3 PD91Engine;PD91Engine;c:\program files\Utilitaires\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S3 PD91VMDefrag;PD91VMDefrag;c:\program files\Utilitaires\Raxco\PerfectDisk2008\PD91VMDefrag.exe [2008-02-29 226568]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2007-11-06 87848]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\documents and settings\Shinobi\Bureau\WinAircrack\WinAircrackPack\wzcook.exe" --> c:\documents and settings\Shinobi\Bureau\WinAircrack\WinAircrackPack\wzcook.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bc909aa-ad56-11dc-ba9f-00196639a9f3}]
\Shell\AutoRun\command - G:\SETUP.EXE
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{5D845D2B-CB03-4DF4-9325-A0AD5990B50F} - c:\windows\system32\urqRHwVp.dll
Notify-hgGxYQgD - hgGxYQgD.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchURL = hxxp://www.google.com/
IE: &Download with &DAP - c:\program files\Utilitaires\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\Utilitaires\DAP\dapextie2.htm
IE: Tout télécharger avec NetXfer - c:\program files\Utilitaires\Xi\NetXfer\NetXfer\NXAddList.html
IE: Télécharger avec NetXfer - c:\program files\Utilitaires\Xi\NetXfer\NetXfer\NXAddLink.html
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\UTILIT~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\UTILIT~1\DAP\dapie.dll
DPF: {688C15EE-9C38-471D-9E46-BB842E30246F} - hxxp://www.playple.com/liveviewer/cab/NChat7.cab
DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} - hxxp://www.playple.com/liveviewer/cab/SLViewer.cab
FF - ProfilePath - c:\documents and settings\Shinobi\Application Data\Mozilla\Firefox\Profiles\3r624dtn.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Logiciels 2D\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 13:25:24
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1659004503-838170752-725345543-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,55,84,8a,33,30,28,34,67,55,6d,fc,95,7f,80,da,d4,2f,f7,11,b1,d6,9c,
2f,73,c5,70,20,d9,35,ab,0e,85,bc,50,3b,7b,17,09,24,99,0f,5a,db,d3,f2,3d,8d,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\klogon.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: 2009-02-06 13:28:23
ComboFix-quarantined-files.txt 2009-02-06 12:28:19

Avant-CF: 7 232 708 608 octets libres
Après-CF: 7,224,012,800 octets libres

242 --- E O F --- 2008-02-05 02:05:00
0
Réponse 18 / 24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
6 févr. 2009 à 15:10
analyse sur le site www.virustotal.com ces deux fichiers et colle les rapports. C:\windows\system32\spupdsvc.inf et c:\windows\system32\drivers\gobbler.sys
0
Réponse 19 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
6 févr. 2009 à 16:09
c'est en cours d'analyse, je poste les rapports dés que c'est terminé
0
Réponse 20 / 24
Shori Messages postés 15 Date d'inscription jeudi 5 février 2009 Statut Membre Dernière intervention 7 février 2009
6 févr. 2009 à 16:29
Fichier spupdsvc.inf reçu le 2009.02.06 16:24:54 (CET)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.06 -
AhnLab-V3 5.0.0.2 2009.02.06 -
AntiVir 7.9.0.74 2009.02.06 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1335.0 2009.02.06 -
AVG 8.0.0.229 2009.02.06 -
BitDefender 7.2 2009.02.06 -
CAT-QuickHeal 10.00 2009.02.06 -
ClamAV 0.94.1 2009.02.06 -
Comodo 967 2009.02.06 -
DrWeb 4.44.0.09170 2009.02.06 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6345 2009.02.06 -
F-Prot 4.4.4.56 2009.02.05 -
Fortinet 3.117.0.0 2009.02.06 -
GData 19 2009.02.06 -
Ikarus T3.1.1.45.0 2009.02.06 -
K7AntiVirus 7.10.622 2009.02.06 -
Kaspersky 7.0.0.125 2009.02.06 -
McAfee 5517 2009.02.06 -
McAfee+Artemis 5517 2009.02.06 -
Microsoft 1.4306 2009.02.05 -
NOD32 3833 2009.02.06 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.06 -
Panda 9.5.1.2 2009.02.06 -
PCTools 4.4.2.0 2009.02.06 -
Rising 21.15.40.00 2009.02.06 -
SecureWeb-Gateway 6.7.6 2009.02.06 -
Sophos 4.38.0 2009.02.06 -
Sunbelt 3.2.1847.2 2009.02.06 -
Symantec 10 2009.02.06 -
TheHacker 6.3.1.5.248 2009.02.06 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.06 -
Information additionnelle
File size: 230 bytes
MD5...: efae2c672cb97ba88cd8a8c184a9cae4
SHA1..: 0d2d2b2c605bac7aae7ba9d1c3a7aab1d371f506
SHA256: a95786093f610a9aedba729591be2ba6d4edac83d4fbfff257e7f6a2a651bc76
SHA512: 4d5519c99bc42a2433733d123e7ec038a9feef89ed6283885ef6086aa9a0f5ee<br>b5c1a08a30545ae21bcad4fa77eac01ee10f6fd4cf565c7838821bc2e43ccc97<br>
ssdeep: 6:AEAy1JoHXRIWXhvLWKXO82F8lOuvb1NvXRIWXnvn:L1JoHXRbJfXOel3hNvXRb<br>nv<br>
PEiD..: -
TrID..: File type identification<br>Generic INI configuration (100.0%)
PEInfo: -

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.06 -
AhnLab-V3 5.0.0.2 2009.02.06 -
AntiVir 7.9.0.74 2009.02.06 -
Authentium 5.1.0.4 2009.02.05 -
Avast 4.8.1335.0 2009.02.06 -
AVG 8.0.0.229 2009.02.06 -
BitDefender 7.2 2009.02.06 -
CAT-QuickHeal 10.00 2009.02.06 -
ClamAV 0.94.1 2009.02.06 -
Comodo 967 2009.02.06 -
DrWeb 4.44.0.09170 2009.02.06 -
eSafe 7.0.17.0 2009.02.05 -
eTrust-Vet 31.6.6345 2009.02.06 -
F-Prot 4.4.4.56 2009.02.05 -
Fortinet 3.117.0.0 2009.02.06 -
GData 19 2009.02.06 -
Ikarus T3.1.1.45.0 2009.02.06 -
K7AntiVirus 7.10.622 2009.02.06 -
Kaspersky 7.0.0.125 2009.02.06 -
McAfee 5517 2009.02.06 -
McAfee+Artemis 5517 2009.02.06 -
Microsoft 1.4306 2009.02.05 -
NOD32 3833 2009.02.06 -
Norman 6.00.02 2009.02.06 -
nProtect 2009.1.8.0 2009.02.06 -
Panda 9.5.1.2 2009.02.06 -
PCTools 4.4.2.0 2009.02.06 -
Rising 21.15.40.00 2009.02.06 -
SecureWeb-Gateway 6.7.6 2009.02.06 -
Sophos 4.38.0 2009.02.06 -
Sunbelt 3.2.1847.2 2009.02.06 -
Symantec 10 2009.02.06 -
TheHacker 6.3.1.5.248 2009.02.06 -
TrendMicro 8.700.0.1004 2009.02.06 -
VBA32 3.12.8.12 2009.02.05 -
ViRobot 2009.2.6.1594 2009.02.06 -
VirusBuster 4.5.11.0 2009.02.06 -

Information additionnelle
File size: 230 bytes
MD5...: efae2c672cb97ba88cd8a8c184a9cae4
SHA1..: 0d2d2b2c605bac7aae7ba9d1c3a7aab1d371f506
SHA256: a95786093f610a9aedba729591be2ba6d4edac83d4fbfff257e7f6a2a651bc76
SHA512: 4d5519c99bc42a2433733d123e7ec038a9feef89ed6283885ef6086aa9a0f5ee<br>b5c1a08a30545ae21bcad4fa77eac01ee10f6fd4cf565c7838821bc2e43ccc97<br>
ssdeep: 6:AEAy1JoHXRIWXhvLWKXO82F8lOuvb1NvXRIWXnvn:L1JoHXRbJfXOel3hNvXRb<br>nv<br>
PEiD..: -
TrID..: File type identification<br>Generic INI configuration (100.0%)
PEInfo: -
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
Mon ordinateur a été infecté par un virus ou
henry4002 -
jorginho67 -

6 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses